085
LVL 03 → LVL 04SESSION 085DAY 85

MID DEVELOPER REVIEW

← PREVNEXT →
🎖️ PROMOTION REVIEW
🔴Level Gate | 🔴 Expert | Priority: 🔴 Critical

You've built a full-stack image editor with real-time collaboration, caching, queues, structured logging, and API docs. Time to prove you can think at the system level. Pass all five challenges → promote to Senior-in-Training.
REVIEW.CHALLENGES
🏗️
1. System Design (45 min)
Whiteboard PixelCraft's complete architecture. React frontend, Express API, MongoDB, PostgreSQL, Redis, WebSockets, BullMQ workers, file storage. Draw the diagram. Explain data flow for: image upload, real-time collab, analytics query.
🐛
2. Full-Stack Debugging (60 min)
3 bugs spanning frontend, API, and database. Bug 1: React component re-renders infinitely. Bug 2: API returns 500 on valid requests. Bug 3: Aggregation pipeline returns empty results. Find and fix all three using logs, DevTools, and reasoning.
🔒
3. Security Review
Audit a peer's code for vulnerabilities. Review a pull request. Find: missing input validation, SQL injection risk, exposed secrets, missing rate limiting, insufficient auth checks. Write review comments with fixes.
🎓
4. Teaching
Explain a complex topic to a Phase-1 student. Choose one: WebSockets, database indexing, or caching. Use analogies. Draw diagrams. The best test of understanding is explaining it clearly to a beginner.
⚔️
5. Architecture Defense
"Why MongoDB AND PostgreSQL?" Justify the dual-database approach. When would you use one over the other? What are the tradeoffs? Could you consolidate? Defend your technical decisions.
REVIEW.DETAILS
01
System Design — Architecture Whiteboard

Draw and explain the complete PixelCraft architecture:

┌─────────────────────────────────────┐ │ React Frontend │ │ (Canvas, Filters, Collaboration) │ └──────────┬──────────┬───────────────┘ │ REST │ WebSocket ▼ ▼ ┌─────────────────────────────────────┐ │ Express API Server │ │ (Auth, Routes, Validation, Logging)│ └──┬───────┬───────┬───────┬──────────┘ │ │ │ │ ▼ ▼ ▼ ▼ ┌──────┐┌──────┐┌──────┐┌──────────┐ │Mongo ││Postgr││Redis ││ BullMQ │ │ DB ││ eSQL ││Cache ││ Workers │ │ ││ ││ ││ │ │Users ││Analyt││Sessns││Thumbnails│ │Images││Events││Rate ││Metadata │ │ ││ ││Limit ││Emails │ └──────┘└──────┘└──────┘└──────────┘

Trace the data flow for: (a) image upload, (b) real-time collaboration, (c) analytics dashboard query. Explain why each technology was chosen.

02
Full-Stack Debugging — 3 Bugs
// BUG 1: React — Infinite re-render // The gallery page crashes the tab useEffect(() => { const images = fetchImages(); setImages(images); }); // ← Missing dependency array! // BUG 2: API — 500 on valid request // POST /api/images/upload returns 500 app.post('/api/images/upload', authenticate, async (req, res) => { const image = await Image.create({ owner: req.userId, title: req.body.title, }); res.json(image); // ← No error handling! // If Image.create throws, Express // sends 500 with no useful info }); // BUG 3: Aggregation — empty results // "Popular filters" returns [] db.events.aggregate([ { $match: { eventType: 'filter_apply', createdAt: { $gte: '2024-01-01' // ← String, not Date object! // Should be: new Date('2024-01-01') } }}, { $group: { /* ... */ }} ]);
Real debugging process: read the error, form a hypothesis, verify with logs/DevTools, fix, test. Explain your reasoning as you go — the process matters as much as the fix.
03
Security Review — Code Audit
// Review this pull request. // Find ALL security issues. app.post('/api/auth/login', async (req, res) => { const user = await User.findOne({ email: req.body.email }); if (!user) { return res.status(404).json({ error: 'User not found' // ← Leaks user existence! }); } if (req.body.password === user.password) { // ← Plain text comparison! // ← No bcrypt.compare! const token = jwt.sign( { id: user._id }, 'my-secret-key' // ← Hardcoded secret! ); res.json({ token }); } // ← No rate limiting! // ← No input validation! });

Write review comments for each issue. Provide the corrected code.

04
Teaching — Explain to a Beginner

Choose one topic. Explain it to a Phase-1 student (someone who knows HTML/CSS/JS basics but nothing about backend):

OPTION A: WebSockets "How can two people edit the same image at the same time?" OPTION B: Database Indexing "Why does the gallery load instantly for 10 images but takes 30 seconds for 10,000?" OPTION C: Caching (Redis) "Why does the first page load take 2 seconds but the second load is instant?"

Use analogies. Draw a diagram. The best test of understanding is teaching it to someone who knows nothing about it.

05
Architecture Defense
QUESTIONS YOU MUST ANSWER: Q: "Why MongoDB AND PostgreSQL? Isn't one database enough?" Q: "What would break if you removed Redis from the architecture?" Q: "If PixelCraft grew to 1 million users, what's the first thing that would fail?" Q: "A junior dev says 'just use Firebase for everything.' How do you respond?" Q: "You have to cut one technology from the stack. Which one and why?"
There are no "right" answers — only well-reasoned ones. Defend your choices with tradeoffs, not opinions. "We chose X because Y, with the tradeoff of Z."
CS.DEEP-DIVE

The Mid → Senior transition is about scope.

Mid developers build features. Senior developers design systems, make technical decisions, and enable other developers.

// What changes at the Senior level:

Mid Developer
  "Build this feature"
  Scope: one ticket, one PR
  Skills: write good code

Senior Developer
  "Design this system"
  Scope: architecture, team impact
  Skills: technical decisions,
  mentoring, cross-team thinking

// The senior doesn't just solve
// problems — they prevent them.
//
// They don't just write code —
// they make others more effective.
//
// They don't just pick tools —
// they justify tradeoffs.
🔴 PROMOTION: SENIOR-IN-TRAINING
[✅]You can design and whiteboard a complete full-stack architecture with data flow, technology justification, and tradeoff analysis.
[✅]You can debug across the entire stack — frontend, API, database — using systematic reasoning, logs, and developer tools.
[✅]You can identify security vulnerabilities in code review and provide fixes. You think about security as a default, not an afterthought.
[✅]You can teach complex technical concepts to beginners with clarity, analogies, and patience. Teaching is the highest form of understanding.
[✅]You can defend architectural decisions with reasoned tradeoffs, not just preferences. Welcome to Senior-in-Training. 🔴
REF.MATERIAL
ARTICLE
System Design Primer — GitHub
Donne Martin
The most comprehensive system design resource: scalability, load balancing, caching, databases, message queues. 250K+ stars for a reason.
SYSTEM DESIGNESSENTIAL
VIDEO
How to Become a Senior Developer — Fireship
Fireship
What separates junior, mid, and senior developers. The skills, mindset, and scope changes at each level.
CAREERQUICK
ARTICLE
StaffEng — Stories of Staff-Plus Engineers
Will Larson
What senior and staff engineers actually do: technical strategy, architecture reviews, mentorship, and organizational impact. The career path beyond senior.
CAREERLEADERSHIP
ARTICLE
The Product-Minded Engineer — Gergely Orosz
The Pragmatic Engineer
The mindset that separates good engineers from great ones: understanding WHY you're building, not just HOW. Product thinking meets technical execution.
MINDSETCAREER
VIDEO
Steve Jobs: The Lost Interview
Silicon Valley Historical Association
"The best people are the ones who understand the content." Jobs on craftsmanship, taste, and why understanding fundamentals separates good from great.
MINDSETINSPIRATION
// LEAVE EXCITED BECAUSE
You whiteboarded a complete architecture. You debugged across the full stack. You found security holes. You taught a complex topic clearly. You defended your technical decisions. You're a Senior-in-Training now. 🔴 Level 04 begins.