Digital Garden: Knowledge Base
Architecture & Design
| Section | Topics |
|---|---|
| API Architectures | REST, GraphQL, gRPC, WebSocket, cross-cutting concerns, architecture decision factors |
| Client-Server Architecture | Core model, edge layer, traffic/service mesh, connections, scalability, reliability, testing |
| Software Design Patterns | OOP, SOLID, DRY/KISS, clean code, creational/structural/behavioral patterns, architecture, testing |
| Agentic AI Architecture | Agent fundamentals, multi-agent patterns, memory/RAG, vectorless RAG, tool integration, LLM config, security, context engineering |
| AI Skills for Coding Agents | SKILL.md standard, progressive loading, packaging, orchestration, evaluation, MCP, AGENTS.md, playgrounds, project structure |
Security
| Section | Topics |
|---|---|
| Code Security | Secrets leak prevention, dependency hardening, SAST, auth patterns, security headers, CI/CD security, 40-point audit checklist |
| OWASP API Security | API Top 10 (2023), per-risk controls, OAuth2/webhooks/gateway, testing checklist, incident response |
| OWASP LLM Security | LLM Top 10 (2026), prompt injection, output handling, agent/tool security, RAG hardening, testing checklist |
QA & Testing
| Section | Topics |
|---|---|
| QA Methodology | Fundamentals, test design, execution, defects, automation/SDLC, metrics, TDD/BDD, quality gates, shift-left, shift-right, coverage |
| Test Design Techniques | EP, BVA, Decision Table, State Transition, CRUD, Metamorphic, Pairwise, Fuzz testing |
| Test Design Patterns | POM, Screenplay, Data Builder, API test patterns, mocking, execution, reliability, CI/CD |
| Testing Pyramid | Unit / Integration / E2E strategy, common mistakes per level, anti-patterns |
| Test Automation Framework | Architecture, UI/API patterns, test data, parallel execution, flakiness, mocking, CI/CD |
| Robot Framework | Syntax, keywords, API/UI testing, parallel execution, CI/CD, scalability, anti-patterns |
| LLM Evaluation | DeepEval: RAG / quality / agent / chatbot / MCP metrics, conversational RAG, red teaming, benchmarks |
| Performance Testing | Load / stress / spike / soak testing, core metrics, Locust, bottlenecks, monitoring, SLA/SLO |
| Python Guide | Complete Python base for Automation QA: fundamentals, OOP, pytest, API/UI automation, quality, CI/CD, advanced topics, best practices |
| Jenkins Guide | Jenkinsfile syntax, declarative vs scripted, agents, stages, credentials, parallel, shared libraries, templates |
Infrastructure & Tools
| Section | Topics |
|---|---|
| CI/CD Approaches | Pipeline architecture, build/artifacts, testing, deployment, security, release, advanced patterns |
| Databases | Database types and selection guide, PostgreSQL: commands, schema, queries, performance, admin |
| Tools | Docker, Git, Linux Terminal, Kubernetes — commands, best practices, troubleshooting |
| Python Libraries | Requests, HTTPX, Pytest, Playwright, Pydantic, SQLAlchemy, FastAPI, uv, LangChain, Code Quality |
Section Details
API Architectures
| Resource | Topics |
|---|---|
| REST API | HTTP semantics, schema modeling, querying, caching, security, testing |
| GraphQL | Schema design, resolver execution, performance, APQ/safelist rollout |
| gRPC | Protobuf contracts, transport patterns, retries, streaming reliability |
| WebSocket | Protocol communication, state/scaling, reconnect/replay, resilience |
| Cross-Cutting | Security, observability, reliability, SLO and incident playbooks |
| Decision Factors | Comparison matrix and architecture selection guidance |
Client-Server Architecture
| Resource | Topics |
|---|---|
| Core Model | Responsibilities, protocol models, API architecture overview |
| Edge Layer | CDN, load balancing, reverse proxy, API gateway, BFF |
| Traffic & Service Mesh | Routing, rate limiting, canary, service mesh patterns |
| Connections & Backpressure | Connection lifecycle, flow control, backpressure strategies |
| Scalability & Performance | Client state/data architecture, scalability and performance tuning |
| Reliability & Security | Fault tolerance, security controls, telemetry and tracing |
| Testing & Patterns | Testing strategy, anti-patterns, decision factors from production |
Software Design Patterns
| Resource | Topics |
|---|---|
| Design Principles | OOP, SOLID, DRY/KISS/YAGNI, clean code, code quality tools |
| Creational Patterns | Factory, Builder, Prototype, Singleton and trade-offs |
| Structural Patterns | Adapter, Facade, Decorator, Proxy, Composite, Bridge, Flyweight |
| Behavioral Patterns | Strategy, Observer, Command, State, Mediator, Visitor |
| Composition & Architectural | Layered/Clean/Hexagonal, queues vs streams, event-driven |
| View Layer & Cross-Layer | View layer patterns (templates, BFF), shared contracts, cross-layer integration |
| Decisions & Anti-Patterns | Pattern comparison, testing, anti-patterns, production readiness |
Agentic AI Architecture
| Resource | Topics |
|---|---|
| Fundamentals & Components | Agentic AI core, ReAct loop, components, LLM app differences |
| Multi-Agent Patterns | Supervisor, Hybrid, BDI, Neuro-Symbolic, coordination |
| Memory & RAG | STM/LTM, RAG pipeline, vector DB choices, retrieval methods |
| Tool Integration & Prompting | Function calling, tool registry, CoT, ReAct, ToT prompting |
| LLM Config & Security | Model settings, guardrails, prompt injection threats |
| Testing & Observability | Metrics, test layers, observability, failure modes, production checklist |
| Agentic Search & Context Engineering | Context engineering vs prompt engineering, failure modes, compression strategies, GraphRAG, governance |
| Vectorless RAG | Reasoning-based retrieval, hierarchical tree index, PageIndex, hybrid approach |
AI Skills for Coding Agents
| Resource | Topics |
|---|---|
| What Is a Skill | SKILL.md anatomy, frontmatter, instructions, anti-rationalization tables, real examples |
| How Agents Load Skills | Progressive disclosure (3-level loading), discovery directories, intent matching |
| Skill Packaging | Folder layout, deterministic scripts, references on demand, templates, versioning |
| Orchestration & Workflows | Multi-skill chains, context handoff, failure strategy, execution reports |
| Evaluation & Security | Eval harnesses, quality metrics, threat model, governance |
| Cross-Agent Compatibility | Claude Code, Copilot, Cursor, Windsurf, Gemini CLI, Kiro, Codex CLI — setup, runtime differences, portability |
| Claude Code Best Practices | .claude/ folder anatomy, CLAUDE.md, settings.json, commands, rules |
| Claude Code Hooks & Agents | Lifecycle hooks, agent personas, subagents, three-layer config system |
| Claude Code Workflow Patterns | Verify work, explore-plan-code, prompting, session management, failure patterns |
| Claude Code Advanced Config | Sandbox, plugins, MCP servers, non-interactive mode, enterprise settings |
| Model Context Protocol (MCP) | Protocol architecture, primitives, transport, security, popular servers, custom servers |
| AGENTS.md Standard | Universal agent instructions, effective patterns, cross-tool compatibility, monorepo scoping |
| SKILL.md Playground | Hands-on exercises for writing production-quality SKILL.md files |
| AGENTS.md Playground | Hands-on exercises for writing effective AGENTS.md files |
| Claude Code Project Structure | Reference layout, CLAUDE.md scoping, skills/hooks organization |
Code Security
| Resource | Topics |
|---|---|
| Secrets & Leak Prevention | Hardcoded secrets, .env risks, pre-commit scanning, secrets managers, AI agent leaks |
| Dependency Security | SCA tools, vulnerability scanning, SBOM, lock files, license compliance |
| Code Analysis & Secure Review | SAST, code review checklist, injection prevention, input validation, XSS |
| Auth, Config & Headers | Password hashing, JWT, CORS, security headers, rate limiting, error handling |
| CI/CD & Monitoring | Pipeline hardening, container security, DAST, logging, incident response |
| Security Audit Checklist | 40-point checklist, severity scoring, tooling matrix, quick-start guide |
OWASP API Security
| Resource | Topics |
|---|---|
| API Recommendations | Security baseline, per-risk controls (API1-API10), operational hardening, CI/CD gates |
| API Testing Checklist | Prioritized checklist (P0/P1/P2) with how-to-test guidance, tool references |
| API Advanced Controls | OAuth2/OIDC, webhooks, gateway, multi-tenancy, uploads, incident response |
OWASP LLM Security
| Resource | Topics |
|---|---|
| LLM Security Guide | LLM01-LLM10 risk guidance, architecture blueprint, CI/CD gates, compliance |
| LLM Testing Checklist | Prioritized checklist (P0/P1/P2), red teaming, release criteria |
QA Methodology
| Resource | Topics |
|---|---|
| Fundamentals, Levels & Types | QA vs QC, shift-left, ISTQB principles, test levels, types |
| Test Design & Planning | Black/white-box techniques, test case structure, plans |
| Execution, Defects & Envs | Execution process, defect lifecycle, severity vs priority |
| Automation, SDLC & Agile | When to automate, QA in Scrum, risk-based testing |
| Metrics, Docs & Practices | Metrics, traceability, anti-patterns, career levels |
| TDD, BDD & ATDD | Red/Green/Refactor, Gherkin, ATDD, combining approaches |
| Quality Gates & Checklists | Merge/deploy gates, contract testing, flaky tests policy, templates |
| Shift-Right & Observability | Canary, feature flags, synthetic monitoring, chaos, SLO/error budget |
| Exploratory Testing & SBTM | Charters, time-boxed sessions, heuristics, debrief |
| Requirements Quality | Testability checklist, weak wording fixes, Three Amigos |
| Defect Triage & RCA | Triage workflow, Five Whys, root-cause buckets, CAPA |
| Coverage Strategy | Requirement/risk/code/data coverage, code coverage limits |
| Test Estimation | Story/release estimation, risk modifiers, planning buckets |
| Domain-Specific QA | Web, mobile, API, data/ETL, AI/LLM, fintech |
| Shift-Left Testing | Strategy components, quality gates, pipeline architecture, maturity roadmap |
Python Guide
| Resource | Topics |
|---|---|
| Overview | End-to-end Python path for Automation QA: setup, fundamentals, OOP, pytest, API/UI automation, architecture, CI/CD, performance, security, interview readiness |
| Setup & Fundamentals | Environment setup, variables, control flow, data structures, functions and modules |
| OOP & Error Handling | Classes, inheritance, composition, exceptions, logging, files and data formats |
| Testing with pytest | Test fundamentals, pytest basics, fixtures, parametrization, assertions and mocking |
| Automation | API testing, UI automation, and test design patterns |
| Code Quality & CI/CD | Ruff/mypy, dependency management with uv, CI/CD integration |
| Advanced Topics | Decorators, generators, context managers, async, and performance optimization |
| Best Practices | Security, common pitfalls, interview readiness, stack and further learning |
Test Design Techniques
| Resource | Topics |
|---|---|
| Equivalence Partitioning | Split inputs into groups; one test per group |
| Boundary Value Analysis | Test values at and around the edge of each partition |
| Pairwise Testing | Cover every pair of parameter values with minimum test count |
| Decision Table | Map all condition combinations to expected outcomes |
| State Transition | Verify valid/invalid transitions in a state machine |
| CRUD Testing | Verify full data lifecycle: create, read, update, delete |
| Metamorphic Testing | Check relationships between outputs when inputs change |
| Fuzz & Random Testing | Send unexpected/random data to expose crashes and edge cases |
Test Design Patterns
| Resource | Topics |
|---|---|
| Fundamentals | Test types, pyramid, core principles, test architecture |
| Core Patterns | POM, Screenplay, Data Builder, Fixture, Factory |
| Advanced Patterns | Wrapper, Fluent Interface, Assertion helpers, Data-Driven |
| API Test Patterns | REST/GraphQL/gRPC/WebSocket test patterns |
| Data, Mocking & Env | Test data, mocking/stubbing/fakes, environments |
| Execution & Reliability | Parallel, flakiness, performance SLOs, observability |
| Decisions & Production | CI/CD, security testing, anti-patterns, heuristics |
Testing Pyramid
| Resource | Topics |
|---|---|
| Unit Tests | Isolation, fast feedback, pytest marks, coverage |
| Integration Tests | Real HTTP via Playwright APIRequestContext, fixtures, cleanup |
| E2E Tests | Browser automation with Playwright, stable locators, user flows |
| Pyramid Strategy | Ice cream cone, Testing Trophy, microservice contracts, CI timing |
Test Automation Framework
| Resource | Topics |
|---|---|
| Architecture | Goals, principles, layers, directory structure |
| Design Patterns | POM, Screenplay, API/data patterns, fluent interface |
| Test Data | Strategies, isolation, builders, factories, seeding |
| API Testing | REST, GraphQL, gRPC, WebSocket testing |
| UI Testing | Playwright vs Selenium, selectors, waits, retry |
| Execution & Reliability | Parallel execution, flakiness, mocking, isolation |
| Config, CI & Decisions | Config, logging, CI/CD, performance, anti-patterns, risks |
Robot Framework
| Resource | Topics |
|---|---|
| Fundamentals | Core syntax, keywords, variables, libraries |
| Architecture | Layered architecture, keyword design, test data management |
| API Testing | API architecture, request design, validation, practical framework |
| UI Testing | Page objects, locators, wait strategies, practical framework |
| Execution & Reliability | Pabot, error handling, retries, setup/teardown |
| Infrastructure | Config, secrets, logging, CI/CD integration |
| Decisions & Production | Scalability, anti-patterns, maturity model |
LLM Evaluation
| Resource | Topics |
|---|---|
| Introduction | DeepEval overview, LLM-as-Judge, key concepts, setup |
| RAG Metrics | AnswerRelevancy, Faithfulness, ContextualPrecision/Recall/Relevancy |
| LLM Quality Metrics | Hallucination, Toxicity, Bias, Summarization, GEval |
| Agent Metrics | ToolCorrectness, TaskCompletion, GoalAccuracy, PlanQuality |
| Chatbot Metrics | ConversationCompleteness, KnowledgeRetention, RoleAdherence, failure modes |
| MCP Metrics | MCP tool correctness, integration testing, protocol compliance |
| Extra Metrics | ConversationalGEval, TurnParams, custom rubrics, epistemic humility |
| Red Teaming | RedTeamer, vulnerability scanning, attack enhancements |
| Conversational RAG Eval | History management, controlled vs live RAG, failure mode design |
| Practical RAG Testing | LangChain + Ollama + Chroma pipeline, E2E walkthrough |
Performance Testing
| Resource | Topics |
|---|---|
| Fundamentals & Metrics | Goals, test types (load/stress/spike/soak), core metrics |
| Locust | Architecture, load modeling, test design, analysis, advanced usage |
| Bottlenecks & Monitoring | Where systems break and how to observe it |
| Execution & Results | SLA/SLO, execution strategy, interpreting results, pitfalls |
Jenkins Guide
| Resource | Topics |
|---|---|
| Fundamentals | What is a Jenkinsfile, Pipeline as Code, declarative vs scripted |
| Declarative Syntax | Agent, options, stages, steps, post, triggers, tools |
| Advanced Features | Parameters, credentials, when conditions, parallel, shared libraries |
| Patterns & Templates | Security, performance, Python/Docker/monorepo/nightly templates |
CI/CD Approaches
| Resource | Topics |
|---|---|
| Fundamentals | CI/CD/CD definitions, pipeline architecture, triggers |
| Build & Artifacts | Build stage, caching, Docker build, artifact management |
| Testing | Test layers in pipeline, quality gates, coverage |
| Deployment | Rolling, Blue-Green, Canary, Feature Flags, IaC |
| Security & Observability | Secrets, SAST, scanning, pipeline metrics, DORA |
| Release & Production | SemVer, rollback, smoke tests, post-deploy monitoring |
| Patterns & Decisions | GitOps, trunk-based, failure handling, anti-patterns |
Databases
| Resource | Topics |
|---|---|
| PostgreSQL — Commands & psql | psql basics, connection, meta-commands |
| PostgreSQL — Schema & Data Types | Tables, columns, constraints, data types |
| PostgreSQL — Queries & Performance | Joins, indexing, EXPLAIN, optimization |
| PostgreSQL — Admin & Operations | Users, roles, backup, restore |
| PostgreSQL — Basic Query Commands | SELECT, INSERT, UPDATE, DELETE quick reference |
Tools
| Resource | Topics |
|---|---|
| Docker Overview | Architecture, lifecycle, Compose, networking, security, debugging |
| Git Overview | Commands, branching, commits, advanced workflows, hooks, recovery |
| Linux Terminal | Navigation, files, search, text processing, processes, networking |
| Kubernetes (K8s) | kubectl, Pods, Deployments, Services, Ingress, Helm, RBAC, observability |
Python Libraries
| Resource | Topics |
|---|---|
| Code Quality | Ruff, mypy, Pyright, wemake-python-styleguide, pre-commit, coverage |
| FastAPI | Routing, dependencies, middleware, DB, auth, testing, production |
| HTTPX | Fundamentals, async patterns, advanced configuration |
| LangChain | Models, LCEL, RAG, agents, memory, LangGraph, security |
| Playwright | UI testing, API testing, page objects, advanced patterns |
| Pydantic | Models, validators, serialization, advanced patterns |
| Pytest | Fundamentals, advanced patterns, playbooks, config templates |
| Requests | Fundamentals, methods, advanced patterns |
| SQLAlchemy | Engine, models, relationships, sessions, async, Alembic |
| uv | Projects, dependencies, scripts, Python envs, workspaces, Docker |