A career decision and execution system for early-career professionals. PathPilot helps users understand their real strengths, recommends exactly 3 realistic career paths, and provides a concrete 7-day action plan.
This is not a resume builder. It's a tool that reduces career confusion and turns overwhelm into clear, actionable steps.
- Next.js 16 (App Router) + TypeScript
- Tailwind CSS + shadcn/ui
- Supabase — Auth, Postgres, Storage
- OpenAI API (GPT-4o) via Vercel AI SDK
- Zod for validation
- React Hook Form for forms
- pdf-parse for PDF text extraction
- Framer Motion for transitions
- Node.js 18+
- npm
- A Supabase project
- An OpenAI API key
git clone <repo-url>
cd pathpilot
npm installCopy the example env file:
cp .env.local.example .env.localFill in your values:
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
OPENAI_API_KEY=sk-your-openai-key
Run the migration SQL in your Supabase SQL editor:
# The migration file is at:
supabase/migrations/001_initial.sqlThis creates:
profilestable with auto-creation trigger on signupanalysestable for storing career analysesanalysis_feedbacktable for user feedback- Row-Level Security policies on all tables
- Required indexes
Storage setup:
- Go to Supabase Dashboard > Storage
- Create a new bucket called
cv-uploads - Set it to private
- Add a storage policy: authenticated users can upload to and read from the bucket
Auth setup:
- Go to Supabase Dashboard > Authentication > Settings
- Enable Email/Password sign-in
- Set the Site URL to your deployment URL (e.g.,
http://localhost:3000for local dev)
npm run devOpen http://localhost:3000.
- Sign up with email and password
- Upload your CV (PDF) or paste CV text
- Answer 10 guided questions about work style, priorities, and constraints
- Get your analysis — the AI returns:
- A personal summary
- Top 3 strengths with evidence
- 3 realistic career paths with fit scores
- Roles to avoid
- A concrete 7-day action plan
- CV bullet rewrites
- Revisit past analyses from your dashboard
- Push your code to GitHub
- Import the repository in Vercel
- Add the environment variables from
.env.local.example - Deploy
Important: The OpenAI analysis call takes 15-30 seconds. On Vercel Pro, the default function timeout is 60 seconds which is sufficient. On Vercel Hobby (10s timeout), the async pattern handles this gracefully — the API returns immediately and the client polls for results.
src/
app/
(marketing)/page.tsx — Landing page
(auth)/login, signup — Auth pages
(app)/dashboard — Analysis history
(app)/new — CV upload + questionnaire wizard
(app)/analysis/[id] — Results page
api/analyze/ — Analysis API routes
components/
analysis/ — Results section components
forms/ — Form components
layout/ — App header
ui/ — shadcn/ui components
lib/
supabase/ — Supabase client setup
schemas.ts — Zod validation schemas
prompts.ts — AI system prompt + builder
openai.ts — OpenAI client setup
pdf.ts — PDF text extraction
constants.ts — Question definitions
This repo ships with a gitleaks pre-commit hook that blocks any commit containing a JWT, OpenAI key, or other secret. Config lives at .gitleaks.toml; the hook itself is in scripts/hooks/.
After cloning, every contributor must do two things:
1. Install gitleaks
- macOS:
brew install gitleaks - Linux: download the latest binary from https://github.com/gitleaks/gitleaks/releases/latest and place it on
PATH - Windows:
- Download
gitleaks_x.y.z_windows_x64.zipfrom https://github.com/gitleaks/gitleaks/releases/latest - Extract
gitleaks.exetoC:\tools\gitleaks.exe - Add
C:\toolsto your PATH (System Properties → Environment Variables → Path → New) - Open a fresh terminal and run
gitleaks versionto confirm
- Download
2. Point git at the versioned hooks directory
git config core.hooksPath scripts/hooksThat makes scripts/hooks/pre-commit (POSIX, used by Git Bash on Windows) run on every commit. A pre-commit.bat is included as a fallback for setups that invoke hooks through cmd.exe directly.
To bypass the hook in an emergency (not recommended): git commit --no-verify.
- PDF parsing: Uses
pdf-parsev2 for server-side text extraction. Scanned/image PDFs won't extract text — users should paste text instead. - OpenAI model: Defaults to
gpt-4o. SetOPENAI_MODELenv var to use a different model (e.g.,gpt-4o-minifor lower cost). - Rate limiting: Not implemented in MVP. Consider adding for production use.