"Bring Your Own LLM. No servers. No subscriptions. Just your API key and Vaathi as the wrapper."
Live Demo Β· Deploy Your Own Β· Report Bug
Total cost to run Vaathi: $0 forever.
Vaathi is an AI-powered cybersecurity learning platform where students bring their own LLM API key β Groq is completely free β and Vaathi acts as the intelligent wrapper that orchestrates their entire learning journey.
The AI dynamically assesses your skills, generates a personalized roadmap, teaches concepts, creates hands-on micro-tasks, evaluates your answers, and schedules spaced repetition reviews to lock knowledge into long-term memory β all in your preferred Indian language.
| Problem | Solution |
|---|---|
| TryHackMe / HackTheBox costs $14/month | Free β you bring your own Groq/OpenRouter key |
| All content is in English | 6 languages β Tamil, Hindi, Telugu, Malayalam, Kannada, English |
| One-size-fits-all curriculum | AI skill assessment β personalized roadmap based on what you actually know |
| Labs need VMs and setup time | Micro-tasks β code analysis, CTFs, log forensics, decode challenges (no VMs!) |
| Learned today, forgotten next week | SM-2 spaced repetition β scheduled reviews at scientifically optimal intervals |
| No guidance on what to learn next | Guru AI β always available, adapts to your level, teaches in your language |
| Have to start from zero every time | 5 curated preset learning paths β jump straight into structured content |
Guru AI asks technical cybersecurity questions in a conversation β no boring MCQs. You explain concepts in your own words and the AI evaluates your depth across 6 domains, then generates a personalized learning roadmap that starts from your actual knowledge gaps.
Skip the assessment and jump straight into structured content. Choose from 5 expert-curated paths:
| Path | Focus | Level |
|---|---|---|
| π Web Hacker | OWASP Top 10, XSS, SQLi, Bug Bounty | Intermediate |
| π Network Defender | Wireshark, firewalls, IDS/IPS, Blue Team ops | Beginner |
| π¦ Malware Analyst | Static/dynamic analysis, reverse engineering, YARA | Advanced |
| π΅οΈ OSINT Investigator | Google dorking, Shodan, social engineering defence | Beginner |
| βοΈ Cloud Security | AWS/GCP misconfigurations, IAM, CloudTrail forensics | Intermediate |
Every completed topic is scheduled for review using the SuperMemo 2 algorithm. Your quiz score at completion sets the initial interval β perfect score means a longer gap before review. The dashboard always surfaces topics due for review, and the ease factor auto-adjusts so topics you struggle with come back sooner.
6 hands-on task types, each taking 2β5 minutes. AI generates AND evaluates:
- Code Analysis β find the vulnerability in a snippet
- Command Challenge β explain this
nmap/tcpdump/curlcommand - Decode/Encode β Base64, Hex, ROT13, JWT β find the flag
- Scenario Response β you see this security alert, what do you do?
- Log Analysis β find the attack in this server/firewall log
- Concept Explain β teach this topic to a complete beginner
Streaming AI chat that generates labs and CTF challenges on demand. Adapts to your tier, teaches in your language, uses Indian cybersecurity context (CERT-In alerts, UPI fraud patterns, UIDAI privacy).
AI-generated capture-the-flag challenges with difficulty scaled to your tier. Earn XP and badges for every solve.
Track your learning journey visually:
- Activity heatmap β 12-week GitHub-style contribution graph
- Domain radar chart β see your strengths across web, network, crypto, reverse engineering
- SM-2 stats β total reviews, average ease factor, average interval
- Progress rings β roadmap completion at a glance
Daily streak tracking with same-day double-count prevention. Five tiers with XP gates:
π₯ Egg (0) β π£ Hatchling (100) β π» Script Kiddie (500) β π₯οΈ Hacker (2000) β π₯ Burn (5000)
Vaathi works offline and can be installed on your phone or desktop. Add to home screen and get review reminders as push notifications when topics are due.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β VAATHI (Next.js SPA) β
β β
β Student's LLM API key β stored in DB, proxied by every route β
β Never exposed to the browser after onboarding β
ββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββΌβββββββββββββββ
βΌ βΌ βΌ
ββββββββββββ ββββββββββββ ββββββββββββββββ
β Phase 1 β β Phase 2 β β Phase 3 β
βAssessmentβ β Learning β β Practice β
β β β β β β
βAI asks β βExplain + β β CTF Arena β
βquestions β βQuiz + β β Dynamic Labs β
βEvaluates β βMicrotasksβ β XP / Badges β
βRoadmap β β βSM-2 β β β β
ββββββββββββ ββββββββββββ ββββββββββββββββ
β
ββββββΌβββββ
βPhase 4 β
βSpaced β
βRepetitionβ
βSM-2 algoβ
βReviews β
βPush β
βNotifs β
βββββββββββ
Database: Turso (libSQL) in production Β· SQLite locally
LLM: Any OpenAI-compatible provider (student's own key)
| Component | Cost | Provider |
|---|---|---|
| LLM API calls | FREE | Student's own Groq / OpenRouter key |
| App hosting | FREE | Vercel Hobby |
| Database | FREE | Turso Starter (9 GB) |
| Push notifications | FREE | Web Push (VAPID) |
| Total | $0 | β |
| Provider | Free? | Best For | Get Key |
|---|---|---|---|
| Groq | β Free tier | Speed β Llama 3.3 70B in <1s | console.groq.com |
| OpenRouter | β Free models | Variety β Claude, GPT-4o, Gemini | openrouter.ai |
| Together AI | β Trial credits | Open-source models | together.ai |
| OpenAI | β Paid | GPT-4o quality | platform.openai.com |
| Ollama | β Local | Air-gapped / private use | ollama pull llama3 |
| Custom | Varies | Any OpenAI-compatible endpoint | Your own URL |
Recommendation: Start with Groq β instant signup, no credit card, fast inference.
git clone https://github.com/bb1nfosec/vaathi.git
cd vaathi
npm install
bash deploy.shThe script automatically:
- Checks prerequisites (Node.js 18+, npm, git)
- Installs Turso CLI + Vercel CLI if needed
- Signs you into Turso (browser-based β no passwords typed)
- Creates a free Turso database and runs the schema
- Deploys to Vercel with all environment variables set
- Prints your live URL
Requirements: Node.js 18+, npm, git, GitHub account, Turso account (free, created during setup)
# 1. Clone
git clone https://github.com/bb1nfosec/vaathi.git
cd vaathi
# 2. Install
npm install
# 3. Environment
cp .env.example .env
# Edit .env β set DATABASE_URL=file:./db/dev.db (already the default)
# 4. Database
npx prisma db push
# 5. Start
npm run devnpm run dev # Dev server with hot reload
npm run build # Production build
npm run lint # ESLint
npm run db:push # Push schema to DB
npm run db:generate # Regenerate Prisma client after schema changes
npm run db:reset # Wipe all data (destructive)If you prefer step-by-step over deploy.sh:
Step 1 β Create Turso database
npm install -g turso
turso auth login
turso db create vaathi
turso db show vaathi --url # copy this
turso auth api-tokens create vaathi # copy thisStep 2 β Push schema
TURSO_AUTH_TOKEN=your-token DATABASE_URL="libsql://vaathi-your-org.turso.io" npx prisma db pushStep 3 β Deploy to Vercel
- Import your fork at vercel.com/new
- Add these environment variables:
| Variable | Value |
|---|---|
DATABASE_URL |
libsql://vaathi-your-org.turso.io |
TURSO_AUTH_TOKEN |
your Turso token |
NEXTAUTH_SECRET |
openssl rand -base64 32 |
NEXTAUTH_URL |
https://your-app.vercel.app |
GITHUB_CLIENT_ID |
(optional) GitHub OAuth App client ID |
GITHUB_CLIENT_SECRET |
(optional) GitHub OAuth App secret |
VAPID_PUBLIC_KEY |
(optional) npx web-push generate-vapid-keys |
VAPID_PRIVATE_KEY |
(optional) from same command |
VAPID_EMAIL |
(optional) your contact email |
Only
DATABASE_URLandTURSO_AUTH_TOKENare required. Everything else enables optional features.
Step 4 β Deploy and Vaathi is live.
"Start Hacking!" button doesn't respond on Vercel
Visit /api/health on your Vercel URL. It reports which env vars are missing and whether the Turso connection is healthy. The most common cause is an expired Turso auth token β regenerate it at turso.tech and update it in Vercel dashboard β Settings β Environment Variables.
Schema errors on existing Turso databases
Vaathi automatically runs ALTER TABLE ADD COLUMN migrations on every cold start to fill in any columns added after your initial deployment. If you see schema errors, try redeploying to trigger a fresh cold start.
LLM not responding
Check your API key in Profile β LLM Settings. Test the key directly with the provider's playground. Ensure the model name matches exactly what the provider lists.
| Layer | Technology |
|---|---|
| Framework | Next.js 16 (App Router, React 19) |
| Language | TypeScript 5 |
| Styling | Tailwind CSS 4, shadcn/ui, Framer Motion |
| State | Zustand |
| Database | Prisma ORM + SQLite (local) / Turso libSQL (production) |
| Auth | NextAuth v4 (optional β GitHub & Google OAuth) |
| LLM | Any OpenAI-compatible provider via BYOLLM |
| Spaced Repetition | SuperMemo 2 (SM-2) algorithm |
| PWA | Web Push API, Service Worker, Web App Manifest |
| Deployment | Vercel + Turso (both free tier) |
src/
βββ app/
β βββ api/
β β βββ assessment/ # Streaming skill assessment + roadmap generation
β β βββ guru/ # Streaming LLM proxy for chat
β β βββ topic-learn/ # Explain / quiz / microtask / SM-2 complete / review
β β βββ roadmap/ # Load user roadmap with SM-2 fields
β β βββ profile/ # Create / update user (API key never returned in GET)
β β βββ presets/ # Apply a curated learning path
β β βββ analytics/ # Domain stats, activity heatmap, SM-2 metrics
β β βββ ctf/submit/ # Validate flag, award XP / badges
β β βββ labs/complete/ # Record lab completion
β β βββ push/ # VAPID push subscription management
β β βββ cron/reviews/ # Daily reminder cron (Vercel Cron, 9am UTC)
β β βββ auth/ # NextAuth (optional GitHub / Google OAuth)
β β βββ health/ # DB connectivity check for diagnostics
β βββ page.tsx # Single-page app β all views rendered here
βββ components/vaathi/ # Feature views: dashboard, roadmap, topic-learn, β¦
βββ store/vaathi-store.ts # Zustand store β single source of truth
βββ lib/
βββ db.ts # Prisma client + ensureSchema + ALTER TABLE migrations
βββ presets.ts # 5 curated learning path definitions
Pull requests are welcome. Priority areas:
- New micro-task types β more variety in hands-on challenges
- Language improvements β better Tamil/Hindi/Telugu/Malayalam/Kannada prompts
- New preset paths β e.g. Forensics Investigator, Mobile Security
- Curriculum suggestions β better topic ordering and descriptions
- UI/UX polish β animations, mobile responsiveness
# Fork β branch β build β PR
git checkout -b feature/your-feature
# make your changes
git push origin feature/your-feature
# open PR on GitHubMIT β free forever, open always.
Made with π for India's cybersecurity future.
If Vaathi helped you learn something new, leave a β β it helps others find it.