CtrlK
BlogDocsLog inGet started
Tessl Logo

igmarin/rails-agent-skills

Curated library of 39 AI agent skills for Ruby on Rails development. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, orchestration, and workflows. Includes 5 callable workflow skills (rails-tdd-loop, rails-review-flow, rails-setup-flow, rails-quality-flow, rails-engines-flow) for complete development cycles. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation.

95

1.20x
Quality

98%

Does it follow best practices?

Impact

95%

1.20x

Average score across 35 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-35/

{
  "context": "Tests whether the agent uses Pundit policy objects (not inline controller logic) for authorization, scopes index queries, calls authorize in each action, and writes specs that cover all roles including admin, owner, other user, and guest.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Policy class defined",
      "description": "A DocumentPolicy class exists in app/policies/document_policy.rb and inherits from ApplicationPolicy",
      "max_score": 8
    },
    {
      "name": "No inline controller auth",
      "description": "The controller does NOT contain inline permission logic (e.g., no `if current_user.admin?` or `if @document.user_id == current_user.id` checks directly in action methods — authorization delegated entirely to the policy)",
      "max_score": 10
    },
    {
      "name": "authorize called in controller",
      "description": "Each mutating controller action (update, destroy, create) calls `authorize @document` or `authorize Document` rather than performing presence-only checks",
      "max_score": 10
    },
    {
      "name": "Index uses policy_scope",
      "description": "The index action uses `policy_scope(Document)` rather than `Document.all` or a manually filtered query",
      "max_score": 10
    },
    {
      "name": "Scope method in policy",
      "description": "DocumentPolicy includes a Scope class or scope method that restricts which documents each role can list",
      "max_score": 8
    },
    {
      "name": "Admin role tested",
      "description": "The policy spec includes a context for an admin user and asserts at least one permitted action",
      "max_score": 8
    },
    {
      "name": "Owner role tested",
      "description": "The policy spec includes a context for the document owner and asserts permitted actions",
      "max_score": 8
    },
    {
      "name": "Other-user role tested",
      "description": "The policy spec includes a context for an authenticated user who does NOT own the document and asserts denied actions",
      "max_score": 8
    },
    {
      "name": "Guest role tested",
      "description": "The policy spec includes a context where user is nil (guest/unauthenticated) and asserts denied actions",
      "max_score": 8
    },
    {
      "name": "permit_action matchers used",
      "description": "Policy specs use `permit_action` / `not_to permit_action` matchers rather than calling policy methods directly",
      "max_score": 8
    },
    {
      "name": "Request spec role matrix",
      "description": "The request spec covers at least two different roles (e.g., owner and unauthorized user) for a mutating action",
      "max_score": 8
    },
    {
      "name": "Gemfile mentions pundit",
      "description": "implementation_notes.md or any output file references adding the `pundit` gem to the Gemfile as a setup requirement",
      "max_score": 6
    }
  ]
}

evals

scenario-35

criteria.json

task.md

README.md

tile.json