igmarin/rails-agent-skills
Curated library of AI agent skills for Ruby on Rails development. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and workflow automation.
98
99%
Does it follow best practices?
Impact
98%
1.38xAverage score across 26 eval scenarios
Passed
No known issues
EXAMPLES.mdrails-architecture-review/
Rails Architecture Review — Examples
High-Severity: Controller Doing Too Much
# Bad: multi-step domain workflow in controller
class OrdersController < ApplicationController
def create
order = Order.new(order_params)
Inventory.check!(order.line_items)
Pricing.apply_promotions!(order)
order.save!
NotifyWarehouseJob.perform_later(order.id)
redirect_to order
end
endFinding:
- Severity: High
- Affected file:
app/controllers/orders_controller.rb—#create - Risk: Controller runs a multi-step domain workflow. Any step failure leaves partial state; logic is untestable without HTTP. Adding a new caller (background job, API) requires duplicating the workflow.
- Improvement: Extract to
Orders::CreateOrder.call(params). Controller calls it and handles response/redirect only.
High-Severity: Business Logic in Callbacks
# Bad: concern mixing audit, notifications, and external API in callbacks
module Auditable
extend ActiveSupport::Concern
included do
after_create :log_creation
end
def log_creation
AuditLog.create!(...)
Slack.notify("#audit", ...)
UserMailer.admin_alert(...).deliver_later
end
endFinding:
- Severity: High
- Affected file:
app/models/concerns/auditable.rb - Risk:
after_createtriggers Slack and email — invisible side effects on every save. Any model that includesAuditableinherits this blast. Tests require stubbing external services just to save a record. - Improvement: Remove from callback. Call
AuditService.record(record)explicitly in the service layer. KeepAuditLog.create!only in the concern if needed; move Slack/mailer to the caller.
Medium-Severity: Concern Mixing Unrelated Responsibilities
A concern that handles auditing AND sends Slack messages AND sends emails is three concerns, not one. Each responsibility should be extractable independently.
Finding:
- Severity: Medium
- Affected file:
app/models/concerns/auditable.rb - Risk: Can't add auditing without also pulling in Slack/email. Reuse is blocked.
- Improvement: Split into
Auditable(database log only) and move notifications to an explicitAuditNotifierservice called from the service layer.
Output Format Reference
Every finding must include all four fields:
**Severity:** High | Medium
**Affected file:** app/path/to/file.rb — ClassName#method
**Risk:** what goes wrong if left unaddressed
**Improvement:** the smallest credible refactorapi-rest-collection
create-prd
ddd-boundaries-review
ddd-rails-modeling
ddd-ubiquitous-language
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
generate-tasks
mcp_server
rails-architecture-review
rails-background-jobs
rails-bug-triage
rails-code-conventions
rails-code-review
rails-engine-compatibility
rails-engine-docs
rails-engine-extraction
rails-engine-installers
rails-engine-release
rails-engine-reviewer
rails-engine-testing
rails-graphql-best-practices
rails-migration-safety
rails-review-response
rails-security-review
rails-skills-orchestrator
rails-stack-conventions
rails-tdd-slices
refactor-safely
rspec-best-practices
rspec-service-testing
ruby-service-objects
strategy-factory-null-calculator
ticket-planning
yard-documentation