From rails-agent-skills
Reviews Rails app architecture: identifies fat models/controllers, audits callbacks/concerns, recommends service extractions, domain boundaries, and severity-classified fixes.
npx claudepluginhub igmarin/rails-agent-skills --plugin rails-agent-skillsThis skill uses the workspace's default tool permissions.
Use this skill when the task is to review or improve the structure of a Rails application or library.
Analyzes Rails codebases for layered architecture violations, reviews PRs, plans features and gradual adoption, implements patterns like authorization, view components, and AI integration.
Reviews and refactors Rails apps to Vanilla Rails style: thin controllers, rich domain models, no unnecessary service layers. For PR reviews, codebase analysis, simplification.
Reviews Rails pull requests for controller/model conventions, migration safety, query performance, and Rails Way compliance. Covers routing, ActiveRecord, security, caching, and background jobs.
Share bugs, ideas, or general feedback.
Use this skill when the task is to review or improve the structure of a Rails application or library.
Core principle: Prioritize boundary problems over style. Prefer simple objects and explicit flow over hidden behavior.
| Area | What to check |
|---|---|
| Controllers | Coordinate only — no domain logic |
| Models | Own persistence + cohesive domain rules, not orchestration |
| Services | Create real boundaries, not just moved code |
| Callbacks | Small and unsurprising — no hidden business logic |
| Concerns | One coherent capability per concern |
| External integrations | Behind dedicated collaborators |
Begin with entry points. Open the review by identifying the application's entry points (controllers, jobs, public API surface) before listing findings. Then write findings ordered by review area — boundary problems first, then model/callback issues, then concerns/helpers.
Every finding uses this four-field structure:
**Severity:** High
**Affected file:** app/controllers/orders_controller.rb — OrdersController#create
**Risk:** Controller runs a 5-step domain workflow. Partial state on failure; untestable without HTTP.
**Improvement:** Extract to Orders::CreateOrder.call(params). Controller handles response/redirect only.
For each finding include: severity, affected files or area, why the structure is risky, and the smallest credible improvement. Then list open assumptions and recommended next refactor steps.
High-severity callback example:
# Bad — hidden side effects on every save
module Auditable
included do
after_create :log_creation
end
def log_creation
AuditLog.create!(...)
Slack.notify(...) # external API in callback
UserMailer.admin_alert(...).deliver_later # mailer in callback
end
end
Fix: keep only AuditLog.create! in the callback; move Slack/mailer to an explicit service call at the call site.
| Pitfall | What to do |
|---|---|
| Flagging large files as High severity without reading them | Check whether size reflects legitimate domain complexity before assigning severity; downgrade or remove if no structural problem exists |
| Recommending a service object for every action | Only extract when it creates a real boundary — wrapping a single ActiveRecord call in a service adds indirection without benefit |
| Treating all callbacks as problematic | Callbacks are fine for persistence-scoped side effects (e.g., setting a default value); flag only those with external calls, cross-model orchestration, or hidden branching logic |
| Conflating "concern used in one place" with "concern is bad" | The issue is single-use concerns that add indirection — the fix is inlining, not rewriting |
| Proposing rewrites instead of smallest credible improvements | Each finding should recommend the minimal change that resolves the structural risk, not a full refactor |
| Missing cross-layer constant reach | Check for models referencing controller constants or jobs referencing view helpers — these are High-severity coupling issues that are easy to overlook |