igmarin/rails-agent-skills
Curated library of AI agent skills for Ruby on Rails development. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and workflow automation.
98
99%
Does it follow best practices?
Impact
98%
1.38xAverage score across 26 eval scenarios
Passed
No known issues
task.mdevals/scenario-16/
Add GraphQL Order Management API
Problem/Feature Description
MarketFlow, a B2B marketplace, is building a GraphQL API to allow partner apps to query orders and place new ones on behalf of buyers. The existing REST API is being progressively replaced, and the GraphQL layer needs to expose two capabilities: fetching a list of orders for the current buyer (with pagination support), and placing a new order via a mutation.
The engineering team has run into production issues before with unintended data exposure on shared types — a support agent accidentally saw internal pricing notes through the buyer-facing API because authorization was only applied at the type level, not the field level. There are also performance concerns because initial prototypes loaded associated records one-by-one in resolvers, causing slowdowns with large buyer accounts.
Your task is to implement the following GraphQL components using the graphql-ruby gem (assume it is installed):
Types::OrderType— exposes:id,status,total_cents,buyer_id, andinternal_notes(a sensitive field only visible to admins)Resolvers::Orders::ListResolver— returns paginated orders for the current buyer, loading thebuyerassociation efficientlyMutations::PlaceOrder— acceptsproduct_idandquantity, delegates to anOrders::PlaceOrderService, and returns a structured response- Schema-level production hardening (introspection and query limits)
Assume AppSchema, Types::BaseObject, Mutations::BaseMutation, and context[:current_user] are already set up. The Orders::PlaceOrderService exists and responds to .call(user:, product_id:, quantity:) returning an object with .success?, .order, and .errors.
Output Specification
Produce the following files:
app/graphql/types/order_type.rbapp/graphql/resolvers/orders/list_resolver.rbapp/graphql/mutations/place_order.rbapp/graphql/app_schema.rb— schema class with production hardening appliedspec/graphql/mutations/place_order_spec.rb— RSpec spec usingAppSchema.executespec/graphql/resolvers/orders/list_resolver_spec.rb— RSpec spec
api-rest-collection
create-prd
ddd-boundaries-review
ddd-rails-modeling
ddd-ubiquitous-language
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
generate-tasks
mcp_server
rails-architecture-review
rails-background-jobs
rails-bug-triage
rails-code-conventions
rails-code-review
rails-engine-compatibility
rails-engine-docs
rails-engine-extraction
rails-engine-installers
rails-engine-release
rails-engine-reviewer
rails-engine-testing
rails-graphql-best-practices
rails-migration-safety
rails-review-response
rails-security-review
rails-skills-orchestrator
rails-stack-conventions
rails-tdd-slices
refactor-safely
rspec-best-practices
rspec-service-testing
ruby-service-objects
strategy-factory-null-calculator
ticket-planning
yard-documentation