igmarin/rails-agent-skills
Curated library of 39 AI agent skills for Ruby on Rails development. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, orchestration, and workflows. Includes 5 callable workflow skills (rails-tdd-loop, rails-review-flow, rails-setup-flow, rails-quality-flow, rails-engines-flow) for complete development cycles. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation.
95
98%
Does it follow best practices?
Impact
95%
1.20xAverage score across 35 eval scenarios
Passed
No known issues
task.mdevals/scenario-35/
Secure Document Management Authorization
Problem/Feature Description
A growing legal-tech startup has a Rails application for managing client documents. They recently discovered that their Documents feature has no meaningful access controls: any logged-in user can view, edit, or delete documents belonging to other users. The engineering lead needs proper authorization implemented before their upcoming SOC 2 audit.
The application already has a User model with an admin boolean attribute, and a Document model with a user_id foreign key. The business rules are: document owners may read, update, and destroy their own documents; admins may perform any action on any document; authenticated non-owners may only read documents; unauthenticated visitors may not access documents at all.
Output Specification
Produce the following files implementing authorization for the Documents resource using Pundit:
app/policies/document_policy.rb— the Pundit policy classapp/controllers/documents_controller.rb— the controller with authorization wired up, including the index actionspec/policies/document_policy_spec.rb— RSpec policy spec covering all rolesspec/requests/documents_spec.rb— request spec covering the most critical access scenarios
Additionally, produce implementation_notes.md summarizing the approach taken and any setup steps required.
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31
scenario-32
scenario-33
scenario-34
scenario-35
mcp_server
skills
api
api-rest-collection
rails-graphql-best-practices
code-quality
rails-architecture-review
rails-code-conventions
rails-code-review
rails-review-response
rails-security-review
rails-stack-conventions
assets
snippets
refactor-safely
context
rails-context-engineering
rails-project-onboarding
ddd
ddd-boundaries-review
ddd-rails-modeling
ddd-ubiquitous-language
engines
rails-engine-compatibility
rails-engine-docs
rails-engine-extraction
rails-engine-installers
rails-engine-release
rails-engine-reviewer
rails-engine-testing
infrastructure
rails-api-versioning
rails-background-jobs
rails-database-seeding
rails-frontend-hotwire
rails-migration-safety
rails-performance-optimization
orchestration
rails-skills-orchestrator
patterns
ruby-service-objects
strategy-factory-null-calculator
yard-documentation
planning
create-prd
generate-tasks
ticket-planning
testing
rails-bug-triage
rails-tdd-slices
rspec-best-practices
rspec-service-testing