# RateRight - Candidate Codebase Access Guide

## Where Candidates Can See the Structure & Code

### 1. Primary Documentation Sources

**README.md (Root Level)**
- Main project overview
- Technology stack explanation
- Setup instructions
- Architecture overview

**3.7 Evidence Archive/ (Comprehensive Documentation)**
- `SYSTEM_MAP.md` - Complete system architecture
- `README_Developer_Onboarding.md` - Developer onboarding guide
- `MASTER_INDEX.md` - Complete feature inventory
- `Features/*/CURRENT_STATE.md` - Individual feature documentation

### 2. Code Structure Overview Files

**Key Architecture Files Candidates Should See:**
```
├── app/
│   ├── __init__.py              # Flask app initialization
│   ├── routes.py                # Main routes
│   ├── models/                  # Database models (29 tables)
│   ├── blueprints/              # 6 Flask blueprints
│   │   ├── auth/
│   │   ├── contracts/
│   │   ├── marketplace/
│   │   ├── payments/
│   │   ├── legal/
│   │   └── messages/
│   ├── services/                # Business logic services
│   ├── templates/               # HTML templates
│   └── static/                  # CSS/JS assets
├── migrations/                  # Database migrations
├── requirements.txt             # Python dependencies
├── fly.toml                     # Deployment config
└── run.py                       # Application entry point
```

### 3. For Practical Assessment - Create a Candidate Package

**Option A: GitHub Repository Access**
- Add candidate as temporary collaborator
- Give read-only access for 48-72 hours
- Remove access after assessment

**Option B: Sanitized Codebase Package**
- Create ZIP with core files (minus secrets)
- Include representative samples of broken endpoints
- Provide specific debugging scenario

### 4. Interview Assessment Kit

**Files to Show Candidates:**
1. **app/blueprints/auth/routes.py** - Shows Flask patterns
2. **app/models/user.py** - Database relationship examples
3. **Sample broken endpoint** - For debugging assessment
4. **requirements.txt** - Technology stack verification
5. **3.7 Evidence Archive/SYSTEM_MAP.md** - Overall architecture

### 5. Recommended Candidate Access Process

**Step 1: Initial Review (30 mins)**
- Send SYSTEM_MAP.md and README.md
- Let them review architecture before technical interview

**Step 2: Technical Interview (1 hour)**
- Screen share specific files during interview
- Show actual error logs from broken endpoints
- Walk through Flask blueprint structure

**Step 3: Practical Assessment (2-3 hours)**
- Provide sanitized codebase subset
- Give specific broken endpoint to debug
- Ask for written solution approach

### 6. What Candidates Will See

**Technology Stack Evidence:**
- Flask 2.3.3 in requirements.txt
- SQLAlchemy ORM in app/models/
- Bootstrap 5 in templates
- PostgreSQL in production config
- 29 database tables with relationships

**Architecture Patterns:**
- Blueprint-based organization (6 blueprints)
- Service layer in app/services/
- Template inheritance in app/templates/
- Migration system in migrations/

**Complexity Level:**
- ~87% functional (from forensic analysis)
- 14 broken endpoints (mostly auth/validation)
- Google Calendar integration (partial)
- Stripe payment system (working)
- Australian business compliance features

### 7. Security Considerations

**Never Share:**
- .env files with secrets
- Production database credentials
- API keys or tokens
- User data or real content

**Safe to Share:**
- Code structure and patterns
- Sanitized configuration examples
- Test data and sample endpoints
- Documentation and architecture files

### 8. Candidate Evaluation Questions

After they review the code:

**Architecture Questions:**
- "What Flask patterns do you see being used?"
- "How is the database layer organized?"
- "What would be your debugging approach for the auth issues?"

**Practical Questions:**
- "Which blueprint would you start with for fixing the 14 broken endpoints?"
- "How would you approach testing your fixes?"
- "What concerns do you have about the current structure?"

### 9. Access Timeline

**Before Interview:** README.md + SYSTEM_MAP.md (basic overview)
**During Interview:** Live code review (specific files)
**Practical Assessment:** Sanitized codebase subset (2-3 days access)
**Post-Interview:** Remove all access within 24 hours

### 10. Legal Protection

**Include in Access Agreement:**
- Non-disclosure terms
- No code copying/distribution
- Limited time access only
- Return/delete all materials after assessment

This approach gives candidates meaningful insight into your codebase while protecting your intellectual property and sensitive data.