_private/qwestly-private-docs/HR/Personnel/dominick.md

Table of Contents

Dominick Pham (last updated 2026-05-29)

Co-founder & CTO at Qwestly. dominick@qwestly.com

Scope: Professional impact, technical contributions, and career trajectory. Personal details omitted โ€” this is the work record.

Company Role

  • Co-founded Qwestly with Adam Boender in early 2025
  • CTO โ€” all technical architecture, engineering, and infrastructure from day one
  • Company raised $855K total; monthly burn ~$40.7K (Feb 2026)

Technical Architecture & Systems Built

Core Platform (Built Solo)

  • Candidate app โ€” full onboarding, profile publishing, Qwestly card generation, networking, admin panel
  • Hire app โ€” company management, job posting, matching, company selection UX
  • Python API โ€” FastAPI backend: prompt invocation, LinkedIn parsing, file upload/download, vector storage, SendGrid integration, MongoDB connections
  • Public site โ€” Next.js landing page, signup flow, analytics (PostHog), cookie handling
  • Qwestly agent โ€” AI agent chat system with tool calling, user memories (vectorized, semantic search), document generation, session management
  • Qwestly internal โ€” dark-mode admin app for user management, change logs, database operations; gated to @qwestly.com

AI & Agent Systems

  • LangGraph multi-agent pipeline โ€” job description analysis, intent identification, document processing
  • Document generation system โ€” LinkedIn profile suggestions, Qwestly cards, profile summaries
  • User memory system โ€” built end-to-end (API + UI + browser-tested) in a single Engineering Excellence demo for $0.06 using DeepSeek Flash
  • Bite-size interview โ€” 5 sub-agents for different value propositions
  • Centralized prompt execution API โ€” api.qwestly.com/api/prompts/invoke for invoking any LangSmith prompt without custom endpoints
  • LinkedIn profile parsing โ€” RapidAPI integration (99% uptime) + LLM-based backup system (GPT-4o-mini, 15-18s, <$0.01/request, 100% success when logged into LinkedIn)
  • Voice interview system โ€” VAPI integration with smart turn detection; currently transitioning to chat-based interface

Performance & Cost Savings

  • Agent pipeline cost reduction: $0.03 โ†’ <$0.001 per module completion call (30x reduction)
  • Agent pipeline speed: 30+ seconds โ†’ <5 seconds per call (6x faster)
  • Skip deploy feature: saves ~1.5 min per unnecessary build across all projects; prevents builds for planning docs and markdown changes
  • Self-testing system: AI agent opens browser, logs in, tests features, verifies MongoDB state โ€” fully automated

Infrastructure & DevOps

  • Qwestly workspace harness โ€” single repo containing all projects; init.sh auto-clones all repos, configures git excludes, sets up development environment; qwestly-app.sh manages all apps as background processes with consolidated logging
  • Proxy/remote dev system โ€” enables development from iPad/tablet via SSH
  • Vercel deployment โ€” configured CI/CD across all projects; preview environments, skip-deploy logic
  • MongoDB Atlas โ€” vector search, BM25 algorithm for title matching, schema migrations
  • Monitoring โ€” PostHog analytics, event tracking, attribution debugging, ad blocker workarounds, latency tracking

Workflow & Productivity Innovation

  • Oh My Pi coding agent โ€” MCP connections to Qwestly docs, Granola, Asana, GitHub CLI; syntax-tree-aware file editing; multi-provider support
  • Automated PR review system โ€” AI reviews PRs across repos, creates inline GitHub comments, generates overall assessments; frees Dom from mechanical review work
  • Autonomous bug-scanning agent (May 2026) โ€” created Qwestly (bot) GitHub App for LLM agents to manage PRs under a bot identity; built reusable skill that autonomously analyzes entire codebases, finds bugs/security issues/improvements, stops at the first real finding, implements the fix, runs code review, updates tests + docs, verifies builds, and creates a properly formatted PR
    • First-day results (May 28โ€“29): 23 PRs across 5 repos
    • 12 bug-scan findings: 2 IDORs, systemic pick() falsy-value bug, async promise cache poison pill, 3 type/schema mismatches, 2 crash/error handling fixes, data integrity issues
    • 6 Dependabot CVE patches (postcss, uuid โ€” required manual overrides for transitive deps)
    • 3 secret exposure fixes โ€” API keys in console.log, Vercel bypass secret in admin response, partial OpenAI/LangSmith keys in debug endpoint; implemented safeMaskKey() (first 4 + last 4 chars)
    • 4 cascading fixes from systemic issues
    • Team members added as PR reviewers; workflow is approve & merge or check out and edit
  • Claude/agent.md โ€” machine-readable architecture docs with auth systems, folder structure, debugging guidelines
  • Custom aliases & tooling โ€” qw for workspace management, ds for DeepSeek, fzf fuzzy finder, zed editor + terminal integration
  • Engineering Excellence sessions โ€” weekly team learning on token optimization, agent workflows, model selection, productivity patterns
  • Planning workflow โ€” PRD โ†’ technical design doc (architectural review) โ†’ implementation doc โ†’ AI implementation; standard templates with API URLs, configurations, payloads
  • YOLO mode โ€” trusted AI implementations with auto-accept on all tool calls; enables autonomous multi-agent parallel development
  • Parallel agent vision โ€” clone repos for concurrent development; standardize post-implementation checks (tests, builds, docs); automate entire buildโ†’testโ†’commitโ†’push cycle

Key Features Delivered

Candidate Networking (Sprint, Aprโ€“May 2026)

  • Full matching pipeline: seeker search โ†’ automated match (3 scenarios: hiring influence, peer, role insider) โ†’ email โ†’ confirmation โ†’ intro
  • MongoDB Atlas BM25 search for title similarity scoring
  • Configurable filters: company, experience range, role type, profile status
  • 3-email sequence with encoded action links (no login required)
  • Admin matching interface with manual override capabilities

Provision Accounts / Recruiting Pilot (Aprโ€“May 2026)

  • Admin pre-provisions candidate accounts with LinkedIn fetch, background notes, interview transcripts
  • All data vectorized for semantic search; used for profile parsing and Qwestly card generation
  • Preferences split: candidate-editable (onboarding) vs recruiter-only (hidden)
  • Claim link system with 7-day expiration; claim flow bypasses normal onboarding
  • 95% feature complete; remaining: email template integration

Onboarding & Data Capture

  • 90-second fast onboarding โ†’ progressive data capture post-signup
  • AI interview system with tailored questions per candidate
  • Multimodal input: LinkedIn, resume upload, text, voice, interview transcripts
  • Gamified task-completion onboarding redesign (technical design contributed; Adam + Mikelle driving product direction)

Public Site Technical Infrastructure

  • PostHog analytics with attribution tracking, conversion funnels, latency monitoring
  • Waitlist โ†’ direct signup flow; email campaigns via SendGrid
  • Cookie handling, signup tracking, bot detection

SOC2 & Compliance

  • Built SOC2 compliance infrastructure and technical controls
  • Access control systems: API key management, SSO/MFA evidence collection
  • Change management logging system (public + SOC2 change logs)
  • Incident response: documented and resolved OpenAI key compromise incident (May 2026)
  • Log management retention policies and audit quick reference
  • Network segregation and architecture documentation
  • Security issue tracking and vulnerability scan remediation

Team Leadership & Mentorship

Technical Onboarding & Development

  • Technical onboarding for Vela (Mar 2025), David (intern Jul 2025 โ†’ FT Jan 2026), Cohen (intern Jul 2025โ€“May 2026)
  • Engineering Excellence program โ€” weekly technical growth curriculum
  • Structured mentorship on TypeScript typing, git workflow, PR structure, planning-first development
  • On-call rotation model planned (May 2026)
  • Contributed to performance review framework design (collaborative with Adam)

Team Members' Growth Under Dom's Leadership

  • Vela: 2000-line projects โ†’ production-grade PRs; now review owner for her APIs; recognized for code quality and development speed improvements
  • David: Task-receiving โ†’ full project ownership; built custom Cursor commands adopted team-wide; now owns bite-size interview UX
  • Cohen: High school intern โ†’ owned Dependabot across 5 repos; built onboarding test plan; planning-first workflow; Dom's mentorship: "You're gonna do big things"

Management Style

  • Leads by example: pushes code, reviews PRs, builds infrastructure alongside team
  • Encourages architectural thinking over implementation details
  • Values proactive communication and planning-first approach
  • Delegates ownership: each engineer owns their APIs, domains, and PR reviews
  • Direct, constructive feedback; uses structured planning docs to align before implementation

Product Strategy Contributions

  • Unified platform approach โ€” proposed merging two-sided marketplace into single professional destination where everyone signs up as candidate; hiring manager status is a role, not a separate app (Apr 2026 leadership meeting)
  • Multimodal data capture as core differentiator โ€” championed that every product feature must maximize candidate data collection; competitors can't get this without 30-45 minute interviews
  • Vitamin + painkiller framing โ€” passive job search is a vitamin; coupled with immediate-value features (profile enhancement, networking) creates sustained engagement
  • Headless product vision โ€” candidates could engage via email, API, MCP in other tools; platform is a data repository, not just a destination
  • Technical prioritization: advocated for sections 1-3 (profile, networking, basic matching) from 12-agent model; deferred deals and counseling to later phases
  • Bite-size interview UX โ€” proposed task-completion model over linear interview; individual question threads with progress tracking; seamless voice/text mode switching; chatbot format
  • Email DNS fix โ€” diagnosed Google's early-2026 authentication changes as root cause of spam issues; recommended DKIM/DMARC configuration path (Adam implemented on Squarespace DNS)

Cost & Security Impact

Item Before After Savings
Module completion (per call) $0.03 <$0.001 30x
Module completion (latency) 30+ sec <5 sec 6x
Skip deploy (per avoided build) 1.5 min waste 0 100%
Feature build (user memories) โ€” $0.06 total โ€”
PR review automation hours/week minutes ~90%
LinkedIn parsing (backup) failing requests 100% success โ€”
Security Finding Method Impact
2 IDORs (upload access, sub-resource ownership) Bug scan Any auth'd user could read/edit any profile's data
3 live secret exposures Bug scan API keys in console.log and admin API responses
Systemic pick() falsy-value bug Bug scan false, 0, null, "" silently dropped from profiles
Async promise cache poison pill Bug scan Agent path permanently broken until page reload
6 Dependabot CVEs Automated patch Transitive postcss + uuid across 4 repos

Board Meeting Participation (Mar 2026)

  • Reviewed technical roadmap and confirmed architecture supports fundraising timeline
  • Pressed for concrete candidate-volume definition rather than "we'll know it when we see it"
  • Proposed attribution tracking for Mikel's performance goals: tie candidate volume to traceable links rather than broad platform numbers
  • Flagged health concerns (high blood pressure, pre-diabetic indicators); founders agreed to plan regular breaks