igmarin/rails-agent-skills
Curated library of 41 public AI agent skills for Ruby on Rails development. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, and orchestration. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation. Repository workflows remain documented in GitHub but are intentionally excluded from the Tessl tile.
95
93%
Does it follow best practices?
Impact
96%
1.77xAverage score across 41 eval scenarios
Passed
No known issues
workflow.mdskills/code-quality/implement-authorization/references/
Authorization Implementation Workflow
Step-by-step guide for implementing authorization in Rails applications.
Step 1: Add Gem
Add to Gemfile:
# For Pundit
gem 'pundit'
# For CanCanCan
gem 'cancancan'Run:
bundle installStep 2: Generate Policy/Ability
Pundit:
rails g pundit:install
rails g pundit:policy PostCanCanCan:
rails g cancan:abilityStep 3: Define Permissions
Define authorization logic in the generated file. See EXAMPLES.md for complete code samples.
Step 4: Authorize in Controller
Add authorization calls to controller actions:
def update
@post = Post.find(params[:id])
authorize @post # Pundit
# or
authorize! :update, @post # CanCanCan
# ...
endStep 5: Write Tests
Create policy specs and request specs covering all roles. See EXAMPLES.md for testing patterns.
Step 6: Validate Coverage
Run all policy specs before deploying:
bundle exec rspec spec/policiesEnsure every role and edge case is explicitly covered.
Step 7: Manual Denied-Action Verification
After automated policy and request specs pass, attempt one denied action manually and record the result.
For Pundit, call Pundit.authorize so the denied exception is explicit:
Pundit.authorize(unauthorized_user, protected_record, :update?)
# raises Pundit::NotAuthorizedErrorFor CanCanCan, call authorize!:
Ability.new(unauthorized_user).authorize! :update, protected_record
# raises CanCan::AccessDeniedIf verifying through HTTP instead, record the request and the expected 403 Forbidden or app-specific denied-access response.
docs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31
scenario-32
scenario-33
scenario-34
scenario-35
scenario-36
scenario-37
scenario-38
scenario-39
scenario-40
scenario-41
mcp_server
skills
api
generate-api-collection
implement-graphql
code-quality
apply-code-conventions
apply-stack-conventions
assets
snippets
code-review
refactor-code
respond-to-review
review-architecture
security-check
context
load-context
setup-environment
ddd
define-domain-language
model-domain
review-domain-boundaries
engines
create-engine
create-engine-installer
document-engine
extract-engine
release-engine
review-engine
test-engine
upgrade-engine
infrastructure
implement-background-job
implement-hotwire
optimize-performance
review-migration
seed-database
version-api
orchestration
skill-router
patterns
create-service-object
implement-calculator-pattern
write-yard-docs
planning
create-prd
generate-tasks
plan-tickets
testing
plan-tests
test-service
triage-bug
write-tests
workflows