igmarin/hanakai-yaku
Curated library of atomic AI agent skills for Hanami, dry-rb, and ROM Ruby development. Covers actions, slices, repositories, relations, changesets, providers, DI, operations, TDD, CLI, views, routing, and validation. Shared Ruby process skills have moved to ruby-core-skills. Uses Markdown + Front-matter architecture.
92
94%
Does it follow best practices?
Impact
92%
1.33xAverage score across 35 eval scenarios
Passed
No known issues
criteria.jsonevals/scenario-11/
{
"context": "Checks whether the final artifact follows the review-security instructions from the published hanakai-yaku tile.",
"type": "weighted_checklist",
"checklist": [
{
"name": "instruction-1",
"description": "The submitted artifact follows this skill instruction: Use this skill when reviewing Hanami 2.x code for security concerns.",
"max_score": 10
},
{
"name": "instruction-2",
"description": "The submitted artifact follows this skill instruction: **Validate params** — Check every Action for a `params` block. Grep: `grep -rn 'request.params' app/actions/ | grep -v 'params do'`",
"max_score": 10
},
{
"name": "instruction-3",
"description": "The submitted artifact follows this skill instruction: **Verify CSRF config** — Confirm `config.actions.csrf_protection = true` in `config/app.rb` for HTML apps.",
"max_score": 10
},
{
"name": "instruction-4",
"description": "The submitted artifact follows this skill instruction: **Check authorization** — Confirm role/permission checks exist in Actions or service objects beyond mere authentication.",
"max_score": 10
},
{
"name": "instruction-5",
"description": "The submitted artifact follows this skill instruction: **Check logging** — Grep: `grep -rn 'logger' app/ | grep 'password\\|token\\|secret'`",
"max_score": 10
},
{
"name": "instruction-6",
"description": "The submitted artifact follows this skill instruction: **Check SQL safety** — Grep: `grep -rn 'where(\"' app/` to find potential string interpolation in queries.",
"max_score": 10
},
{
"name": "instruction-7",
"description": "The submitted artifact follows this skill instruction: **Check template output** — Grep: `grep -rn 'raw ' app/` to find unescaped output.",
"max_score": 10
},
{
"name": "instruction-8",
"description": "The submitted artifact follows this skill instruction: **Review session config** — Confirm `config.sessions` has a secret from settings, not hardcoded.",
"max_score": 10
},
{
"name": "instruction-9",
"description": "The submitted artifact follows this skill instruction: **Review error messages** — Confirm auth failures return generic messages (no user enumeration).",
"max_score": 10
},
{
"name": "instruction-10",
"description": "The submitted artifact follows this skill instruction: **Never log sensitive data**:",
"max_score": 10
}
]
}docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31
scenario-32
scenario-33
scenario-34
scenario-35
skills
actions
build-json-api
create-action
handle-errors
validate-params
context
load-context
db
create-changeset
create-repository
define-relation
write-migration
dry-monads
handle-result-pattern
dry-rb
create-operation
create-validation-contract
providers
configure-providers
implement-di
review-security
routing
define-routes
slices
configure-slice
create-slice
extract-slice
review-slice-boundaries
test-slice