@vibe-interviewing/scenarios 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -0
- package/index.d.ts +2 -0
- package/index.js +7 -0
- package/package.json +21 -0
- package/rate-limiter-boundary/scenario.yaml +71 -0
- package/registry.yaml +7 -0
package/README.md
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# @vibe-interviewing/scenarios
|
|
2
|
+
|
|
3
|
+
Built-in interview scenarios for [vibe-interviewing](https://github.com/cpaczek/vibe-interviewing).
|
|
4
|
+
|
|
5
|
+
## Available Scenarios
|
|
6
|
+
|
|
7
|
+
| Scenario | Difficulty | Time | Description |
|
|
8
|
+
| ----------------------- | ---------- | ------- | -------------------------------------------------------------------------------- |
|
|
9
|
+
| `rate-limiter-boundary` | Medium | ~30-45m | Off-by-one in express-rate-limit's sliding window lets one extra request through |
|
|
10
|
+
|
|
11
|
+
## Creating Custom Scenarios
|
|
12
|
+
|
|
13
|
+
Use the `/create-scenario` skill in Claude Code, or see the [main README](../../README.md#creating-custom-scenarios) for manual setup instructions.
|
package/index.d.ts
ADDED
package/index.js
ADDED
package/package.json
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@vibe-interviewing/scenarios",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "Built-in interview scenarios for vibe-interviewing",
|
|
5
|
+
"type": "module",
|
|
6
|
+
"main": "./index.js",
|
|
7
|
+
"types": "./index.d.ts",
|
|
8
|
+
"files": [
|
|
9
|
+
"index.js",
|
|
10
|
+
"index.d.ts",
|
|
11
|
+
"registry.yaml",
|
|
12
|
+
"rate-limiter-boundary/"
|
|
13
|
+
],
|
|
14
|
+
"scripts": {},
|
|
15
|
+
"license": "MIT",
|
|
16
|
+
"repository": {
|
|
17
|
+
"type": "git",
|
|
18
|
+
"url": "https://github.com/cpaczek/vibe-interviewing.git",
|
|
19
|
+
"directory": "packages/scenarios"
|
|
20
|
+
}
|
|
21
|
+
}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
name: rate-limiter-boundary
|
|
2
|
+
description: "Off-by-one in express-rate-limit's sliding window lets one extra request through"
|
|
3
|
+
difficulty: medium
|
|
4
|
+
estimated_time: '30-45m'
|
|
5
|
+
tags:
|
|
6
|
+
- node
|
|
7
|
+
- express
|
|
8
|
+
- middleware
|
|
9
|
+
- rate-limiting
|
|
10
|
+
- off-by-one
|
|
11
|
+
|
|
12
|
+
repo: 'https://github.com/express-rate-limit/express-rate-limit'
|
|
13
|
+
commit: '4e8b18bf972eff2890ed67bd11d8a08a2c6502d5'
|
|
14
|
+
|
|
15
|
+
setup:
|
|
16
|
+
- 'npm install --ignore-scripts'
|
|
17
|
+
|
|
18
|
+
patch:
|
|
19
|
+
- file: 'source/rate-limit.ts'
|
|
20
|
+
find: 'if (totalHits > limit) {'
|
|
21
|
+
replace: 'if (totalHits > limit + 1) {'
|
|
22
|
+
|
|
23
|
+
briefing: |
|
|
24
|
+
Hey — we're getting reports from a few customers that our rate limiting isn't working correctly. They're saying they can make one more request than the configured limit before getting a 429.
|
|
25
|
+
|
|
26
|
+
For example, if the limit is set to 5, clients can make 6 successful requests before being blocked. It's not a huge deal but it's inconsistent and a couple of enterprise customers have flagged it in their security audits.
|
|
27
|
+
|
|
28
|
+
We're using express-rate-limit. I've already cloned the repo and set it up locally — can you dig into the source and figure out what's going on?
|
|
29
|
+
|
|
30
|
+
To run the tests: `npx jest --no-coverage`
|
|
31
|
+
|
|
32
|
+
The main source is in `source/` and tests are in `test/library/`. Good luck!
|
|
33
|
+
|
|
34
|
+
ai_rules:
|
|
35
|
+
role: |
|
|
36
|
+
You are a senior engineer helping a candidate debug an off-by-one error
|
|
37
|
+
in the express-rate-limit middleware. Act as a patient but not overly
|
|
38
|
+
helpful colleague — you're available for questions but you don't
|
|
39
|
+
volunteer the answer.
|
|
40
|
+
rules:
|
|
41
|
+
- 'Never reveal the exact location or nature of the bug directly'
|
|
42
|
+
- 'If asked, confirm whether the candidate is looking in the right area'
|
|
43
|
+
- 'Encourage the candidate to write or run tests to reproduce the issue'
|
|
44
|
+
- 'If the candidate is stuck for more than 10 minutes, suggest looking at where totalHits is compared to the limit'
|
|
45
|
+
- 'Praise good debugging methodology (reading tests, adding logging, bisecting)'
|
|
46
|
+
knowledge: |
|
|
47
|
+
The bug is on line 507 of source/rate-limit.ts. The comparison
|
|
48
|
+
`if (totalHits > limit)` was changed to `if (totalHits > limit + 1)`.
|
|
49
|
+
This means the rate limiter allows limit+1 requests instead of limit
|
|
50
|
+
requests before returning 429. The fix is to change it back to
|
|
51
|
+
`if (totalHits > limit)`.
|
|
52
|
+
|
|
53
|
+
solution: |
|
|
54
|
+
In source/rate-limit.ts line 507, change:
|
|
55
|
+
`if (totalHits > limit + 1) {`
|
|
56
|
+
back to:
|
|
57
|
+
`if (totalHits > limit) {`
|
|
58
|
+
|
|
59
|
+
The off-by-one was introduced by adding `+ 1` to the limit comparison,
|
|
60
|
+
allowing one extra request through before rate limiting kicks in.
|
|
61
|
+
|
|
62
|
+
evaluation:
|
|
63
|
+
criteria:
|
|
64
|
+
- 'Identified the bug location in source/rate-limit.ts'
|
|
65
|
+
- 'Understood the off-by-one nature of the bug'
|
|
66
|
+
- 'Used tests or manual testing to reproduce the issue'
|
|
67
|
+
- 'Applied the correct fix'
|
|
68
|
+
- 'Used AI effectively as a debugging partner'
|
|
69
|
+
expected_fix: 'Change `totalHits > limit + 1` back to `totalHits > limit`'
|
|
70
|
+
|
|
71
|
+
license: MIT
|
package/registry.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
scenarios:
|
|
2
|
+
- name: rate-limiter-boundary
|
|
3
|
+
description: "Off-by-one in express-rate-limit's sliding window lets one extra request through"
|
|
4
|
+
difficulty: medium
|
|
5
|
+
estimated_time: '30-45m'
|
|
6
|
+
repo: 'https://github.com/express-rate-limit/express-rate-limit'
|
|
7
|
+
commit: '4e8b18bf972eff2890ed67bd11d8a08a2c6502d5'
|