zhongwei/gh-timurkhakhalev-cc-plugins-steerings-generator-cc-skill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a91a875f01b46a50b180942051e09a225307e45e
gh-timurkhakhalev-cc-plugin…/skills/steerings-generator/interview-packs.md
Zhongwei Li a91a875f01 Initial commit
2025-11-30 09:02:04 +08:00

5.2 KiB
Raw Blame History

🧠 Interview Questions Pack

Purpose: structured interviews to elicit tacit development rules that later become steerings/ documents. Audience: senior engineers, leads, or architects who already maintain part of the repo and its delivery flow.

1. Codebase Topology & Ownership

Goal: clarify how the repo is organized, what "ownership" means, and when to reuse vs. create new code.

  • Where do shared types, schemas, and business logic live?
  • What files or directories are considered "do-not-touch" zones?
  • When is it acceptable to add a new module vs. reuse an existing one?
  • How do you decide ownership of a package or folder?
  • What are the boundaries for editing shared libraries or common utilities?
  • How do versioning and workspace:* dependencies affect this structure?

2. Architecture & Design Invariants

Goal: surface the invisible structure that keeps the system stable.

  • What architectural layering patterns are enforced (controller/service/repo, hexagonal, CQRS, etc.)?
  • Which dependency directions are allowed or forbidden?
  • What naming or import alias rules exist (@core/*, @features/*, etc.)?
  • What design patterns are mandatory or discouraged (events vs. sync calls, DTOs, decorators)?
  • What are your caching, concurrency, or idempotency expectations?
  • How do you define acceptable performance budgets (latency, memory, N+1 queries)?
  • What are the conventions for APIs (REST, GraphQL, gRPC) and versioning/compatibility?

3. Business Domain Contracts

Goal: capture business logic invariants that constrain code behavior.

  • What are the key domain entities and their invariants?
  • How are permissions, roles, and entitlements enforced?
  • Are there licensing tiers or feature flags that affect code paths?
  • What money-handling or compliance rules shape the design (audit logs, consent, retention)?
  • Are there region-specific or client-specific quirks?
  • What are the naming or event rules for domain models?

4. Quality & Style Assurance

Goal: uncover what "high-quality" and "mergeable" mean in this context.

  • What naming, formatting, and readability standards are non-negotiable?
  • What must be true before merging a PR ("Definition of Done")?
  • How do you enforce dependency discipline (adding/removing libs)?
  • What are the rules for logging, error handling, and observability?
  • What steps are included in a quality check (pnpm qc, lint, type-check, tests)?
  • What are examples of commits or PRs that would be rejected outright?

5. Testing & Verification Strategy

Goal: understand how the team proves code correctness and stability.

  • What test types are required for each layer (unit, integration, e2e, contract)?
  • How are test folders and fixtures structured?
  • What is your coverage target or philosophy (e.g. 70% meaningful coverage vs. 100%)?
  • How do you treat flaky or brittle tests?
  • What are "known fragile" modules or flows that require extra attention?
  • How are test data and mocks handled (real DB, Docker, fake API, etc.)?

6. Risk & Historical Landmines

Goal: map the organization's collective memory of past failures.

  • What modules or flows are risky or easy to break?
  • What parts of the system "look wrong but are intentional"?
  • Are there legacy shims, vendor workarounds, or design debts everyone should know?
  • Which incidents led to new "never again" rules?
  • What kind of changes are considered dangerous or need special review?

7. Security, Data & Compliance

Goal: surface hidden security expectations that engineers internalize but rarely document.

  • What are the authentication/authorization boundaries?
  • How should secrets and tokens be stored and accessed?
  • What patterns are unsafe (direct DB access, unvalidated inputs, inline secrets)?
  • How is PII or PHI classified and protected?
  • What redaction or anonymization rules apply to logs and metrics?
  • What are allowed inbound/outbound service communications?
  • How are incidents, breaches, or audit events handled?

8. Delivery Lifecycle & Change Flow

Goal: make implicit shipping rules explicit.

  • What is the preferred branching model and commit message format?
  • How should PR templates and changelogs be filled out?
  • What artifacts are required for a feature (migration plan, rollout doc, flag plan)?
  • What is the usual rollout → canary → rollback flow?
  • How is configuration managed (.env → validated config → injected)?
  • What approvals or sign-offs are required before deploy?

📘 Outcome Mapping

Each interview section contributes to a steering document:

Interview Section Derived Steering
Codebase Topology & Ownership steerings/code-ownership.md
Architecture & Design Invariants steerings/architecture-invariants.md
Business Domain Contracts steerings/domain-invariants.md
Quality & Style Assurance steerings/quality-and-style.md
Testing & Verification Strategy steerings/testing-strategy.md
Risk & Historical Landmines steerings/risk-registry.md
Security, Data & Compliance steerings/security-and-compliance.md
Delivery Lifecycle & Change Flow steerings/delivery-lifecycle.md
Reference in New Issue View Git Blame Copy Permalink