igmarin/rails-agent-skills
Curated library of 41 public AI agent skills for Ruby on Rails development. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, and orchestration. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation. Repository workflows remain documented in GitHub but are intentionally excluded from the Tessl tile.
95
93%
Does it follow best practices?
Impact
96%
1.77xAverage score across 41 eval scenarios
Passed
No known issues
review.mddocs/workflows/
Workflow: Review & Validation (50)
When to use: Review your own or others' code, respond to feedback, or audit security/architecture.
Main Flow: Code Review
graph TB
subgraph Review [👁️ Phase 1: Review]
direction TB
A[PR ready] --> B[code-review]
B --> C{Security concerns?}
C -- Yes --> D[security-check]
end
subgraph DeepDive [🔍 Phase 2: Deep Dive - Optional]
direction TB
C -- No --> E{Architecture issues?}
E -- Yes --> F[review-architecture]
D --> F
end
subgraph Respond [📝 Phase 3: Respond]
direction TB
E -- No --> G{Findings?}
F --> G
G -- Critical --> H[respond-to-review]
H --> I[Implement fixes]
I --> J{Critical fixed?}
J -- No --> K[Re-review]
J -- Yes --> L((Merge))
end
G -- None/minor --> L
K --> B
%% Styling
style Review fill:#f5f5f5,stroke:#333,stroke-dasharray: 5 5
style DeepDive fill:#f3e5f5,stroke:#4a148c
style Respond fill:#e1f5fe,stroke:#01579b
style C fill:#ffd54f
style E fill:#ffd54f
style G fill:#ffd54f
style J fill:#ffd54f
style L fill:#e8f5e9,stroke:#1b5e20,stroke-width:3pxcode-review
Goal: Systematic Rails PR review.
Checklist by Area
| Area | What to review |
|---|---|
| Routing | RESTful routes, shallow nesting, route helpers |
| Controllers | Thin, 1-line actions, strong params, callbacks audit |
| Models | Validations, scopes, callbacks, N+1 queries |
| Queries | Eager loading, pluck vs map, exists? vs present? |
| Migrations | Reversible, index names, null constraints |
| Security | Strong params, auth checks, output encoding |
| Testing | Correct spec type, minimal factories, no internal mocks |
| Jobs | Idempotency, retry config, log context |
Severity Levels
| Level | Action |
|---|---|
| Critical | Blocks merge — fix before merging |
| Suggestion | Fix in this PR or separate ticket |
| Nice to have | Optional, does not block |
security-check
Goal: Deep security dive.
Audit Checklist
- Auth — Session management, token handling
- Authorization — IDOR, role checks, policy coverage
- Input validation — Strong params, SQL injection
- Output encoding — XSS prevention
- Redirects — Open redirect vulnerabilities
- Secrets — Never in code, logs, or VCS
- GraphQL — Introspection off in prod, depth limits
review-architecture
Goal: Structural review of boundaries and abstractions.
Review Signals
- Feature crosses multiple models without clarity
- Service creates/modifies unrelated models
- Complex callbacks calling other models
- Logic duplicated between controllers
Output
- Boundary recommendations
- Extraction suggestions
- Coupling assessment
respond-to-review
Goal: Respond to received feedback.
Process
- Evaluate each suggestion — is it correct?
- Push back if wrong — explain why
- Implement accepted items — one at a time
- Re-review mandatory if Critical findings
Anti-pattern: "LGTM! Will address in follow-up" — no performative agreement
Skills in this Workflow
| Skill | Description | Trigger words |
|---|---|---|
| code-review | Systematic PR review | "review PR", "code review", "check this code" |
| security-check | Security audit | "security", "audit", "vulnerability", "XSS", "SQL injection" |
| review-architecture | Structural review | "architecture", "structure", "boundaries", "extract" |
| respond-to-review | Respond to feedback | "feedback", "review comments", "address feedback" |
| generate-api-collection | API testing docs | "Postman", "API collection", "REST endpoints" |
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31
scenario-32
scenario-33
scenario-34
scenario-35
scenario-36
scenario-37
scenario-38
scenario-39
scenario-40
scenario-41
mcp_server
skills
api
generate-api-collection
implement-graphql
code-quality
apply-code-conventions
apply-stack-conventions
assets
snippets
code-review
refactor-code
respond-to-review
review-architecture
security-check
context
load-context
setup-environment
ddd
define-domain-language
model-domain
review-domain-boundaries
engines
create-engine
create-engine-installer
document-engine
extract-engine
release-engine
review-engine
test-engine
upgrade-engine
infrastructure
implement-background-job
implement-hotwire
optimize-performance
review-migration
seed-database
version-api
orchestration
skill-router
patterns
create-service-object
implement-calculator-pattern
write-yard-docs
planning
create-prd
generate-tasks
plan-tickets
testing
plan-tests
test-service
triage-bug
write-tests
workflows