CtrlK
BlogDocsLog inGet started
Tessl Logo

igmarin/rails-agent-skills

Curated library of 41 public AI agent skills for Ruby on Rails development. Organized by category: planning, testing, code-quality, ddd, engines, infrastructure, api, patterns, context, and orchestration. Covers code review, architecture, security, testing (RSpec), engines, service objects, DDD patterns, and TDD automation. Repository workflows remain documented in GitHub but are intentionally excluded from the Tessl tile.

95

1.77x
Quality

93%

Does it follow best practices?

Impact

96%

1.77x

Average score across 41 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

SKILL.mdskills/code-quality/review-architecture/

name:
review-architecture
license:
MIT
description:
Use when reviewing Rails application structure, identifying fat models or controllers, auditing callbacks, concerns, service extraction, domain boundaries, or general Rails architecture decisions. Recommends service object extractions, simplifies callback chains, identifies abstraction quality issues, and produces severity-classified findings with the smallest credible improvement for each.
metadata:
{"version":"1.0.0","user-invocable":"true"}

Review Architecture

Quick Reference

AreaWhat to check
ControllersCoordinate only — no domain logic
ModelsOwn persistence + cohesive domain rules, not orchestration
ServicesCreate real boundaries, not just moved code
CallbacksSmall and unsurprising — no hidden business logic
ConcernsOne coherent capability per concern
External integrationsBehind dedicated collaborators

HARD-GATE

DO NOT list findings that do not survive code-level confirmation.
Verify each High-severity finding by reading the actual code to confirm it is a real structural problem.
If verification reveals it is not genuine, downgrade it or remove it entirely.
If no source files were provided or read, do not invent High findings. Return an
architecture review checklist or assumptions block instead, and say code-level
confirmation is required before reporting findings.
SECRET SAFETY: code-level evidence must never reproduce secrets, tokens, API
keys, passwords, private keys, session cookies, or credential values. If a file
contains a hard-coded secret, report only the file/path, symbol name, credential
type, and a redacted fingerprint such as `[REDACTED_API_KEY]`; do not quote the
literal value.

Core Process

Use this skill when the task is to review or improve the structure of a Rails application or library.

Core principle: Prioritize boundary problems over style. Prefer simple objects and explicit flow over hidden behavior.

Review Order

  1. Identify the main entry points: controllers, jobs, models, services.
  2. Check where domain logic lives.
  3. Inspect model responsibilities, callbacks, and associations.
  4. Inspect controller size and orchestration.
  5. Read every concern, helper, and presenter: does it do one coherent thing, or does it mix auditing + notifications + emails + external API calls? Mixed concerns are High or Medium severity depending on blast radius. Treat any concern used by only one class as a candidate for deletion — inline it instead.
  6. Check whether abstractions clarify the design or only move code around.
  7. Verify each High-severity finding by reading the actual code — confirm it is a real structural problem, not just a pattern match on file size or line count. Redact any credential-like values found during verification.

Severity Levels

High-Severity Findings

  • Business logic hidden in callbacks or broad concerns
  • Controllers orchestrating multi-step domain workflows inline
  • Models coupled directly to HTTP, jobs, mailers, or external APIs
  • Abstractions that add indirection without a clear responsibility
  • Cross-layer constant reach that makes code hard to change

Medium-Severity Findings

  • Duplicated workflow logic across controllers or jobs
  • Scopes or class methods carrying too much query or policy logic
  • Helpers or presenters leaking domain behavior
  • Service objects wrapping trivial one-liners
  • Concerns combining unrelated responsibilities — check EVERY concern in the app

High-severity callback example:

# Bad — hidden side effects on every save
module Auditable
  included do
    after_create :log_creation
  end
  def log_creation
    AuditLog.create!(...)
    Slack.notify(...)                          # external API in callback
    UserMailer.admin_alert(...).deliver_later  # mailer in callback
  end
end

Fix: keep only AuditLog.create! in the callback; move Slack/mailer to an explicit service call at the call site.

Pitfalls

PitfallWhat to do
Flagging large files as High severity without reading themCheck whether size reflects legitimate domain complexity before assigning severity; downgrade or remove if no structural problem exists
Recommending a service object for every actionOnly extract when it creates a real boundary — wrapping a single ActiveRecord call in a service adds indirection without benefit
Treating all callbacks as problematicCallbacks are fine for persistence-scoped side effects (e.g., setting a default value); flag only those with external calls, cross-model orchestration, or hidden branching logic
Conflating "concern used in one place" with "concern is bad"The issue is single-use concerns that add indirection — the fix is inlining, not rewriting
Proposing rewrites instead of smallest credible improvementsEach finding should recommend the minimal change that resolves the structural risk, not a full refactor
Missing cross-layer constant reachCheck for models referencing controller constants or jobs referencing view helpers — these are High-severity coupling issues that are easy to overlook

Extended Resources

  • EXAMPLES.md

Output Style

  1. Scope: State that the task is an architecture/structure review, not style review, and identify the Rails entry points inspected.
  2. Order: Begin with entry points. Then write findings ordered by review area.
  3. Boundary-first lens: Prioritize where domain logic lives, whether flow is explicit, and whether abstractions clarify the design or only move code around.
  4. Finding Structure: Every finding uses a four-field structure: 
    **Severity:** High
**Affected file:** app/controllers/orders_controller.rb — OrdersController#create
**Risk:** Controller runs a 5-step domain workflow. Partial state on failure; untestable without HTTP.
**Improvement:** Extract to Orders::CreateOrder.call(params). Controller handles response/redirect only.
  5. High-severity verification: For every High finding, state the concrete code-level evidence read, but redact any secret-like literal before writing the finding. Use evidence like app/services/payments/client.rb references ENV["PAYMENT_API_KEY"] inside a model callback; never quote the actual key, token, password, cookie, private key, or credential value. If code-level confirmation is missing, downgrade or remove the finding. Never use representative file paths or fabricated line numbers as evidence.
  6. Completeness: For each finding include severity, affected files or area, why the structure is risky, and the smallest credible improvement. Then list open assumptions and recommended next refactor steps.
  7. Language: Must be in English unless explicitly requested otherwise.

Integration

SkillWhen to chain
code-reviewFor smaller scopes and PR reviews

skills

code-quality

review-architecture

EXAMPLES.md

SKILL.md

README.md

server.json

tile.json