zhongwei/gh-timurkhakhalev-cc-plugins-steerings-generator-cc-skill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 09:02:04 +08:00
commit a91a875f01
7 changed files with 2211 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
skills/steerings-generator/interview-packs.md Normal file
View File

@@ -0,0 +1,126 @@
# 🧠 Interview Questions Pack
> Purpose: structured interviews to elicit tacit development rules that later become `steerings/` documents.
> Audience: senior engineers, leads, or architects who already maintain part of the repo and its delivery flow.
---
## 1. Codebase Topology & Ownership
**Goal:** clarify how the repo is organized, what "ownership" means, and when to reuse vs. create new code.
- Where do shared types, schemas, and business logic live?
- What files or directories are considered "do-not-touch" zones?
- When is it acceptable to add a new module vs. reuse an existing one?
- How do you decide ownership of a package or folder?
- What are the boundaries for editing shared libraries or common utilities?
- How do versioning and `workspace:*` dependencies affect this structure?
---
## 2. Architecture & Design Invariants
**Goal:** surface the invisible structure that keeps the system stable.
- What architectural layering patterns are enforced (controller/service/repo, hexagonal, CQRS, etc.)?
- Which dependency directions are allowed or forbidden?
- What naming or import alias rules exist (`@core/*`, `@features/*`, etc.)?
- What design patterns are mandatory or discouraged (events vs. sync calls, DTOs, decorators)?
- What are your caching, concurrency, or idempotency expectations?
- How do you define acceptable performance budgets (latency, memory, N+1 queries)?
- What are the conventions for APIs (REST, GraphQL, gRPC) and versioning/compatibility?
---
## 3. Business Domain Contracts
**Goal:** capture business logic invariants that constrain code behavior.
- What are the key domain entities and their invariants?
- How are permissions, roles, and entitlements enforced?
- Are there licensing tiers or feature flags that affect code paths?
- What money-handling or compliance rules shape the design (audit logs, consent, retention)?
- Are there region-specific or client-specific quirks?
- What are the naming or event rules for domain models?
---
## 4. Quality & Style Assurance
**Goal:** uncover what "high-quality" and "mergeable" mean in this context.
- What naming, formatting, and readability standards are non-negotiable?
- What must be true before merging a PR ("Definition of Done")?
- How do you enforce dependency discipline (adding/removing libs)?
- What are the rules for logging, error handling, and observability?
- What steps are included in a quality check (`pnpm qc`, lint, type-check, tests)?
- What are examples of commits or PRs that would be rejected outright?
---
## 5. Testing & Verification Strategy
**Goal:** understand how the team proves code correctness and stability.
- What test types are required for each layer (unit, integration, e2e, contract)?
- How are test folders and fixtures structured?
- What is your coverage target or philosophy (e.g. 70% meaningful coverage vs. 100%)?
- How do you treat flaky or brittle tests?
- What are "known fragile" modules or flows that require extra attention?
- How are test data and mocks handled (real DB, Docker, fake API, etc.)?
---
## 6. Risk & Historical Landmines
**Goal:** map the organization's collective memory of past failures.
- What modules or flows are risky or easy to break?
- What parts of the system "look wrong but are intentional"?
- Are there legacy shims, vendor workarounds, or design debts everyone should know?
- Which incidents led to new "never again" rules?
- What kind of changes are considered dangerous or need special review?
---
## 7. Security, Data & Compliance
**Goal:** surface hidden security expectations that engineers internalize but rarely document.
- What are the authentication/authorization boundaries?
- How should secrets and tokens be stored and accessed?
- What patterns are unsafe (direct DB access, unvalidated inputs, inline secrets)?
- How is PII or PHI classified and protected?
- What redaction or anonymization rules apply to logs and metrics?
- What are allowed inbound/outbound service communications?
- How are incidents, breaches, or audit events handled?
---
## 8. Delivery Lifecycle & Change Flow
**Goal:** make implicit shipping rules explicit.
- What is the preferred branching model and commit message format?
- How should PR templates and changelogs be filled out?
- What artifacts are required for a feature (migration plan, rollout doc, flag plan)?
- What is the usual rollout → canary → rollback flow?
- How is configuration managed (`.env` → validated config → injected)?
- What approvals or sign-offs are required before deploy?
---
## 📘 Outcome Mapping
Each interview section contributes to a steering document:
| Interview Section | Derived Steering |
|--------------------|------------------|
| Codebase Topology & Ownership | `steerings/code-ownership.md` |
| Architecture & Design Invariants | `steerings/architecture-invariants.md` |
| Business Domain Contracts | `steerings/domain-invariants.md` |
| Quality & Style Assurance | `steerings/quality-and-style.md` |
| Testing & Verification Strategy | `steerings/testing-strategy.md` |
| Risk & Historical Landmines | `steerings/risk-registry.md` |
| Security, Data & Compliance | `steerings/security-and-compliance.md` |
| Delivery Lifecycle & Change Flow | `steerings/delivery-lifecycle.md` |