Ways of Working

v5.0 -- March 2026

Standards, processes, and methodologies that govern how the F7 platform transformation is executed. Every team follows these guidelines to ensure consistency, quality, and alignment across all domains. This page is the engineering source of truth -- if it is not documented here, it is not policy.

16 Core Principles

Non-negotiable engineering principles that apply to every team, every sprint, and every deliverable.

P1AI-First

Every engineering workflow starts with AI tooling. Claude CLI, MCP stack, and multi-agent workflows are the default, not optional.

P2Spec-First + EARS

No implementation without an approved, locked spec. All functional requirements written in EARS syntax.

P3Data First

Data Models -> Event Schemas -> API Contracts -> DB Schema. Each step approved before next.

P4Shadow Before Cut

Every migration deploys the Shadow Data Consumer pattern. Parity validated at 99.9%+ for 2 consecutive weeks before cutover.

P5Domain Ownership

Each domain owns its data, APIs, and events. No shared databases. No cross-service DB access.

P6Event-Driven by Default

Cross-domain state changes flow through Kafka events. Synchronous HTTP only within a bounded context.

P7Single Source of Truth

One service owns each entity. Other services consume via ECST projections, never direct DB queries.

P8Auth at the Gateway

Gateway-level JWT validation only. Internal services trust downstream headers injected by Kong. No peer-to-peer auth.

P9Infrastructure as Code

All gateway config, routing rules, and platform infra managed via IaC. No manual changes.

P10Design for Failure

Circuit breakers, retries with exponential backoff, graceful degradation, and DLQ handling are mandatory.

P11Backward Compatibility

New fields optional. Breaking changes require new API version, 2-week deprecation minimum, and Architecture Committee approval.

P12Observability First

Two-stack observability: DataDog for API/APM/SLOs, Prometheus/Grafana for Kafka lag and ECST projections.

P13Security by Default

Secrets in AWS Secrets Manager. No hardcoded credentials. Security scanning in CI pipeline.

P14Dependency-Ordered Delivery

Services built in dependency level order (L0 -> L1 -> L2 -> L3). No jumping ahead.

P15DORA-Aligned Engineering

Target: multiple deploys/week, <1 week lead time, <1 hour MTTR, <5% change failure rate.

P16Thick Event Payload (ECST)

Events carry full entity state. Consumers build local projections. No callback queries to source service.

5 Engineering Phases (Gated)

Every domain progresses through five sequential phases. Each phase has a gate -- you cannot enter the next phase until the current phase's Definition of Done is met.

P0Prerequisites (P0 Gate)

P1Data First

P2Shadow Data Consumer

P3Implement Features

P4Strangler Fig

P0 Gate Deliverables

Six mandatory artifacts per domain. All must be approved before any engineering work begins. The P0 Gate deadline is April 16, 2026.

AServices Specification

Per domain: service name, purpose, entities owned vs consumed, SLO targets

BCore Domain Boundaries

Bounded context map, entity ownership matrix, ubiquitous language glossary, ACL boundary definitions

CFeature Dependencies

Dependency levels 0-3, event dependency matrix, API dependency matrix

DServices Priority

P1/P2/P3 tiers, target sprint assignment, dependency-ordered implementation sequence

EAPIs Catalog

OpenAPI YAML for all endpoints, DTOs, rate limits, SLO definitions

FEvents Catalog

AsyncAPI YAML for all event types, thick payload schemas, subscriber list, throughput estimates

Data-First Pipeline

Phase 1 follows a strict sequential pipeline. Each step requires approval before the next can begin. This ensures contracts are defined before implementation.

Three Required Inputs for Every Spec

PRD

Business requirements, user stories, acceptance criteria from Product team.

Highest-Scoring Legacy Codebase

Product Feature Scoring Matrix: each feature scored RMS vs Online. Higher score = reference codebase. Within 2 points = ADR + Architecture Committee approval required.

Architecture Standards

F7 architectural standards, patterns, and conventions as defined by the Architecture Committee.

Data Models

Entities, relationships, ownership

Event Schemas

Thick payload, AsyncAPI

API Contracts

DTOs, OpenAPI

DB Schema

ECST + outbox tables

Each step requires approval before proceeding. Specs must be approved and locked before implementation begins.

EARS Requirement Patterns

All F7 functional requirements are written using the Easy Approach to Requirements Syntax (EARS). Six patterns eliminate ambiguity and ensure testability.

Ubiquitous

The <system> shall <action>.

The Order Service shall assign a unique identifier to every new order.

Event-Driven

When <trigger>, the <system> shall <response>.

When a payment is confirmed, the Order Service shall transition the order status to "paid" and publish an OrderPaid event.

Unwanted Behaviour

If <condition>, the <system> shall <response>.

If a payment gateway timeout occurs, the Order Service shall retry the payment request up to 3 times with exponential backoff.

State-Driven

While <state>, the <system> shall <action>.

While the inventory count is below the reorder threshold, the Inventory Service shall display a low-stock alert on the dashboard.

Optional Feature

Where <feature included>, the <system> shall <action>.

Where loyalty points are enabled for the business, the Guest Experience Service shall calculate and award points for each completed order.

Complex

While <state>, when <trigger>, if <condition>, the <system> shall <action>.

While the kitchen is in rush-hour mode, when a new order is received, if the estimated prep time exceeds 20 minutes, the Order Service shall notify the guest of the delay.

AI-First Engineering

AI tooling is the default for every engineering workflow. The required MCP stack, multi-agent workflow, and confirmation protocol are mandatory.

Required MCP Stack

Context7Sequential ThinkingMemoryEARS Patternsdraw.ioScored CodebasePRDEvent Schema RegistryDB SchemaIaC

Multi-Agent Workflow

Spec Agent

Generates EARS requirements from PRD + legacy analysis

Architecture Agent

Produces draw.io diagrams, validates domain boundaries

Data Agent

Defines data models, event schemas, API contracts, DB schemas

Code Agent

Implements services after confirmation protocol is satisfied

Test Agent

Generates unit, integration, contract, and load tests

Review Agent

Performs code review against architecture standards

Docs Agent

Generates and maintains API documentation and runbooks

Confirmation-Before-Code Protocol

No Code Agent proceeds without explicit engineer approval. The sequence is mandatory:

Architecture Agent generates draw.io diagram

AI declares understanding

AI lists assumptions

AI requests confirmation

Engineer approves

Code Agent proceeds

Parallel Execution Plan

Teams execute in dependency order. Phase 1 (Data First) runs in parallel across all levels. Phase 3 (Implement) follows dependency ordering. 2-week sprint cadence.

Level	Domains	Phase 1	Phase 2	Phase 3	Note
L0	Menu, Inventory	S1-S4	S5-S6	S7-S10	Start Phase 1 immediately after P0
L1	Order	S1-S4	S5-S6	S11-S14	Phase 1 parallel, Phase 3 after L0 done
L2	CRM, BizOps	S1-S4	S5-S6	S15-S18	Phase 1 parallel, Phase 3 after L1 done
L3	Channels (POS, Table, Integrations)	S1-S4	S5-S6	S19-S22	Phase 1 parallel, Phase 3 last
Platform	Platform Engineering	Always	Always	Always	Enabling track, always parallel

Sprint Cadence (2-week sprints)

S1 -- S4

All families Phase 1 in parallel

S5 -- S6

L0 enters Phase 2

S7 -- S10

L0 enters Phase 3

S11 -- S22

L1, L2, L3 enter Phase 3 sequentially

Testing Strategy

Test scope expands with dependency level. Higher levels test against all lower levels to validate end-to-end integration.

Own service only

Unit >= 80%, 100% for financial/critical/ECST

ECST handler unit tests, projection integration tests, staleness tests, schema evolution tests

Own + L0 services

Unit >= 80%, contract tests (Pact) mandatory

Integration tests with L0 dependencies validated

Own + L1 + L0 services

Unit >= 80%, cross-domain integration suite

End-to-end flows across 3 dependency layers

Full platform E2E

Load testing at 2x peak mandatory

Complete channel integration, offline/degraded mode validation

Mandatory Testing Requirements

Unit test coverage >= 80% (100% for financial, critical, and ECST paths)
Contract testing (Pact) mandatory for all cross-service APIs
Load testing at 2x peak mandatory before first production release
ECST-specific: handler unit tests, projection integration tests, staleness tests, schema evolution tests

DORA Metrics & SLOs

Engineering performance targets aligned with DORA research. Service-level objectives vary by restaurant segment.

Deployment Frequency

Multiple / week / family

Lead Time for Changes

< 1 week

Mean Time to Recovery

< 1 hour

Change Failure Rate

< 5%

Service Level Objectives by Segment

Segment	Availability	Latency	Error Rate
QSR (Quick Service)	99.95%	< 200ms p95	< 0.1%
Casual / Fine Dining	99.9%	< 500ms p95	< 0.5%

Definition of Ready

Nothing enters a sprint, service build, or feature release without meeting these readiness criteria. DoR ensures every work item has the specs, approvals, and dependencies resolved before engineering begins.

Definition of Done

Comprehensive DoD criteria exist for every phase and every level of deliverable. Expand each section to see the checklist.

Golden Release Rule

A feature spanning multiple domains releases ONLY when ALL participating domains have completed development, testing, and deployment. No partial cross-domain releases.

Ceremonies

Ceremony	Cadence	Purpose
Sprint Planning	Every 2 weeks	Plan sprint backlog, assign stories, confirm capacity allocation (BAU max 40%, F7 min 60%)
Daily Standup	Daily	Progress, blockers, and dependency callouts within the team
Spec + EARS Review	As needed	Review and approve EARS specifications before implementation begins
Shadow Parity Review	Weekly (Phase 2)	Review data reconciliation results, investigate discrepancies, confirm parity progress
Dependency Review Gate	As needed	Validate cross-domain dependencies are resolved before Phase 3 entry
Sprint Demo	Every 2 weeks	Demonstrate completed work to stakeholders and product owners
Retrospective	Every 2 weeks	Reflect on sprint, identify improvements, adjust processes
Architecture Committee	Bi-weekly	Review LLD submissions, approve designs, resolve architectural decisions. Members: Abdullah, Baraa, Sakr
Monthly Architecture Review	Monthly	Strategic architecture review, cross-domain alignment, standards evolution
Weekly Cross-Family Sync	Weekly	Cross-family synchronization, dependency tracking, blocker escalation

Forbidden Patterns -- Zero Tolerance

Any of the following patterns will block a PR. No exceptions. These are enforced in code review and automated checks.

Shared databases between services

Cross-service direct DB access

Querying source service for business logic (use ECST projections)

Synchronous HTTP for cross-domain state changes

Service-to-service JWT authentication (auth at gateway only)

Hardcoded secrets (use AWS Secrets Manager)

Domain objects exposed as API responses (use DTOs)

Business rules in controllers or data layer

Code before draw.io diagram is approved

Deploy without IaC routing configuration

Implement before P0 deliverables are complete

Breaking changes without Architecture Committee approval

Backward Compatibility Rules

Critical for the Strangler Fig migration -- legacy and F7 must coexist. These rules apply to all API and event schema changes.

New API fields

Optional (additive, non-breaking). No changes to existing consumers.

New required fields

Requires a new API version (/v2/). Cannot be added to existing version.

Removing or renaming fields

Breaking change. Never on existing version. 2-week deprecation minimum.

Kafka event schemas

Same rules as API. New fields optional with defaults. No removals.

URL versioning

Explicit path versioning: /v1/, /v2/. No query-param or header versioning.

Old version maintenance

Maintained for 6+ months minimum after new version ships.

Strangler Fig coexistence

Critical: legacy and F7 must coexist. Both versions must handle traffic simultaneously during migration.

Observability (Two-Stack)

All services must instrument both observability stacks from day one.

DataDog

API and service metrics
APM distributed traces
SLO dashboards
Alerting and on-call routing

Prometheus / Grafana

Kafka consumer lag
Event throughput metrics
DLQ depth monitoring
ECST projection lag