Why we rehearse deploys before teaching auth magic

We keep the first sprint boring on purpose. Learners wire health checks, note where logs land, and practice reading a failed deploy without guessing. That groundwork pays off when authentication and policies arrive, because people already know how to trace a request.

The second block explains how we mirror production constraints in the classroom. We cap background workers, inject slow queries on purpose, and rehearse turning a feature flag off. None of that is glamorous copy for a landing page, but it is what working teams expect when a new engineer opens a pull request.

By the third week, authentication becomes a story about risk: which sessions invalidate when passwords rotate, how remember-me cookies differ from API tokens, and why rate limits belong next to login routes. Learners keep a short decision journal so they can explain trade-offs aloud—something interview loops increasingly ask for.

We end with a retrospective that is intentionally blunt. Participants list what they would delete from the template repo and what they would keep for their next job. Instructors respond with annotated diffs rather than speeches, because that is closer to how feedback arrives in operational teams.