Ruby on Rails
BackendCommonly used with
Skills using Ruby on Rails (59)
new-rails-project
Create a new Rails project
skill-rails-upgrade
Analyze Rails apps and provide upgrade assessments
ruby-pro
Write idiomatic Ruby code with metaprogramming, Rails patterns, and performance optimization. Specializes in Ruby on Rails, gem development, and testing frameworks.
collecting-open-source-intelligence
Collects and synthesizes open-source intelligence (OSINT) about threat actors, malicious infrastructure, and attack campaigns using publicly available data sources, passive reconnaissance tools, and dark web monitoring. Use when investigating external threat actor infrastructure, performing pre-engagement reconnaissance for authorized red team assessments, or enriching CTI reports with publicly available adversary context. Activates for requests involving Maltego, Shodan, OSINT framework, SpiderFoot, or infrastructure reconnaissance.
hunting-for-dns-based-persistence
Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse, and unauthorized zone modifications using passive DNS databases, SecurityTrails API, and DNS audit log analysis.
ruby-pro
Write idiomatic Ruby code with metaprogramming, Rails patterns, and performance optimization. Specializes in Ruby on Rails, gem development, and testing frameworks.
qa-handoff
Generate a hands-on QA testing guide as a self-contained HTML page — for Rails apps or static (Hugo) sites. --publish uploads the HTML to the project's configured QA host.
hunt-deserialization
Hunt Insecure Deserialization — Java gadget chains (ysoserial), PHP object injection (phpggc), Python pickle RCE, .NET BinaryFormatter, Ruby Marshal.load, JNDI/Log4Shell. RCE via deserialization is almost always Critical. Use when target runs Java, PHP serialization, Python pickle, .NET, or Ruby on Rails.
rails-upgrade
Analyzes Rails applications and generates comprehensive upgrade reports with breaking changes, deprecations, and step-by-step migration guides for Rails 2.3 through 8.1. Use when upgrading Rails applications, planning multi-hop upgrades, or querying version-specific changes. Based on FastRuby.io methodology and "The Complete Guide to Upgrade Rails" ebook.
mir-backend-ruby-rails
Make It Right (Rails module). Ruby on Rails 7+ specific reliability augmentation. Use alongside mir-backend and mir-backend-ruby when the target stack is Rails — carries the mechanical footguns the framework-agnostic skills deliberately omit: ActiveRecord N+1 and eager-loading strategies, strong parameters and mass-assignment safety, callback side-effect timing (after_commit vs after_save), transaction semantics and nested transactions, migration safety on populated tables (the #1 Rails production incident class), and connection pool sizing tied to Puma threads. TRIGGER only when the Ruby backend is Rails — building, reviewing, or debugging a Rails controller, model, concern, migration, or background job that uses ActiveRecord. Always loads TOGETHER WITH mir-backend (the gates) and mir-backend-ruby (YARV runtime: GVL, Puma fork-safety, CoW memory, job hygiene); this module only adds Rails/ActiveRecord library mechanics. SKIP for Sinatra, Hanami, pure Rack apps, or non-Ruby runtimes.
skill-rails-upgrade
Analyze Rails apps and provide upgrade assessments
ruby-pro
Write idiomatic Ruby code with metaprogramming, Rails patterns, and performance optimization. Specializes in Ruby on Rails, gem development, and testing frameworks. Use PROACTIVELY for Ruby refactoring, optimization, or complex Ruby features.
plan-hiking-tour
Planen a hiking tour with trail selection by difficulty (SAC/UIAA), time estimation using Munter's formula, elevation analysis, and safety assessment. Umfasst multi-day hut-to-hut tours, day hikes, and alpine routes with terrain classification and group fitness considerations. Verwenden wenn planning a day hike or multi-day trekking tour, selecting trails appropriate for a group's fitness and experience, estimating realistic hiking times, or planning hut-to-hut tours with overnight logistics.
rails-expert
Use when building Rails 7+ web applications with Hotwire, real-time features, or background job processing. Invoke for Active Record optimization, Turbo Frames/Streams, Action Cable, Sidekiq.
dare-layered-design
Enforce arquitetura estrita de 4 camadas (Handlers, Services, Repositories, Models) em todos os projetos DARE, independente de linguagem ou framework. Inspirado em "Layered Design for Ruby on Rails Applications" de Vladimir Dementyev (Evil Martians).
skill-rails-api
Padrões DARE para APIs em Ruby on Rails 8 — API mode, ActiveRecord, Solid Queue, Solid Cable, Action Cable, strong parameters, services (interactors), serializers (Blueprinter/Alba), Devise/JWT, rack-attack, rswag/grape-swagger.
rails-skills
Ruby on Rails framework patterns, best practices, and implementation guides
chameleon-auto-idiom
Use when the user explicitly invokes /chameleon-auto-idiom to auto-derive high-quality team idioms from repo evidence, or accepts the offer after /chameleon-init or /chameleon-refresh when idioms.md has no active idioms
chameleon-disable
Use when the user explicitly invokes /chameleon-disable to suppress chameleon's advisory injections for the rest of the current session
chameleon-explain
Use when the user explicitly invokes /chameleon-explain to drill down on one enforcement rule (its calibration, would-block frequency, inline-override rate) OR to replay what chameleon knew and did the last time a file was edited (post-incident gap analysis)
chameleon-init
Use when the user explicitly invokes /chameleon-init to bootstrap a chameleon profile for the current repository (TypeScript or Ruby on Rails)
chameleon-pause-15m
Use when the user explicitly invokes /chameleon-pause-15m to temporarily suppress chameleon's advisory injections for 15 minutes
chameleon-pr-review
Use when the user explicitly invokes /chameleon-pr-review to review a PR or branch diff against the repo's chameleon conventions, principles, and task requirements. Reports convention violations + logic gaps.
chameleon-refresh
Use when the user explicitly invokes /chameleon-refresh to re-analyze the current repo and update the chameleon profile after drift
chameleon-status
Use when the user explicitly invokes /chameleon-status to view profile state, drift indicators, and trust state for the current repo
chameleon-teach
Use when the user explicitly invokes /chameleon-teach to capture a team idiom, banned import, mandatory wrapper, or pattern that AST analysis cannot infer
chameleon-trust
Use when the user explicitly invokes /chameleon-trust to approve a committed chameleon profile for use in their current Claude Code session
using-chameleon
Active when .chameleon/ profile directory exists. Explains hook-injected pattern context and violation feedback for TypeScript and Ruby on Rails.
rails
For Agent: backend-developer
tdd-agent
Fully autonomous TDD with strict guardrails. Use when you want the AI to drive the entire RED-GREEN-REFACTOR cycle independently while maintaining TDD discipline.
chameleon-doctor
Use when the user explicitly invokes /chameleon-doctor to get a triage report on their chameleon installation health
chameleon-journey
Use when the user explicitly invokes /chameleon-journey to run the comprehensive real-world journey harness against the chameleon plugin
applying-azure-cost-guardrails
Applies Azure cost guardrails to a deployment — verifies consumption-priced SKUs, scale-to-zero on Container Apps, SQL Serverless auto-pause, Log Analytics dailyQuotaGb cap, Storage lifecycle rules, and the free tiers (SWA Free, ACS 100 emails/day, App Insights 5GB/mo). Audits an existing project's Bicep for accidentally provisioned fixed-cost resources and recommends fixes. Use when designing infrastructure to stay near zero cost when idle, auditing a deployment whose bill has grown, or onboarding to azure-cost analysis via Microsoft's azure-skills.
dhh-rails-style
This skill should be used when writing Ruby and Rails code in DHH's distinctive 37signals style. It applies when writing Ruby code, Rails applications, creating models, controllers, or any Ruby file. Triggers on Ruby/Rails code generation, refactoring requests, code review, or when the user mentions DHH, 37signals, Basecamp, HEY, or Campfire style. Embodies REST purity, fat models, thin controllers, Current attributes, Hotwire patterns, and the "clarity over cleverness" philosophy.
rails-activestorage
Use when handling file uploads, variants, direct uploads, and rich text attachments
rails-audit
Use when auditing, reviewing, or doing a health-check of an existing/inherited Rails app — onboarding to a legacy codebase, assessing technical debt, or a pre-engagement code review. Orchestrates the deep-dive rails-* skills and produces a severity-ranked report. Triggers on: code audit, app review, legacy/inherited Rails app, technical debt assessment, 'review my Rails app'.
rails-controllers
Use when writing thin controllers with concerns, resource-oriented design, and REST patterns
rails-core
Use FIRST on any Ruby on Rails work — the project owner's hard-won Rails gotchas and non-negotiable rules (fixtures, migrations, Stimulus LSP, validation, gems, test suite). Read before writing or changing Rails code.
rails-database-performance
Use when reviewing or auditing a Rails app's database schema for missing indexes, slow query patterns, or database performance issues. Triggers on: schema review, slow queries, EXPLAIN ANALYZE output, missing index warnings, or any request to audit db/schema.rb.
rails-jobs
Use when writing background jobs with Solid Queue, including recurring jobs and context serialization
rails-models
Use when writing ActiveRecord models with concerns, validations, callbacks, scopes, and associations
rails-multi-tenancy
Use when implementing URL-based multi-tenancy, CurrentAttributes, or account context patterns
rails-performance
Use when optimizing performance with caching, ETags, batching, and N+1 prevention
rails-philosophy
Core philosophies, design choices, and tacit knowledge underpinning 37signals-style Rails development
rails-project-setup
Use when setting up a new Rails 8 project with modern stack (Solid Queue, Solid Cache, Solid Cable, Kamal deployment)
rails-security
Use when implementing authentication, authorization, or security features in Rails
rails-stimulus
Use when writing Stimulus controllers with modern JavaScript patterns (ES2022 private fields, values, targets)
rails-style
Use when following Rails code style conventions for method ordering, conditionals, REST routing, and naming
rails-testing
Use when writing tests with fixtures, system tests, VCR cassettes, and parallel execution
rails-turbo
Use when implementing Turbo Frames, Streams, broadcasting, and view transitions in Rails
rails-viewcomponents
Use when creating, extracting, or refactoring ViewComponents in a Rails app — including slot design, component API, testing, and when to extract vs keep as partials
build
Implement code incrementally with quality gates. Use when the user says 'build', 'implement', or when starting the implementation phase of an approved plan.
fix-issue
Investigate and fix a GitHub issue. Use when given an issue number or URL, or when the user says 'fix issue'.
ruby-on-rails
Comprehensive Ruby on Rails 8.1 best-practices skill covering MVC, Active Record, routing, views, background jobs, storage, security, testing, and performance. Use when the user mentions Rails, Ruby on Rails, ActiveRecord, ActiveJob, ActionMailer, ActionCable, Active Storage, rails generate, rails routes, Hotwire, Turbo, Stimulus, or asks to build, review, debug, or migrate a Rails application or API.
rails-security
Security audit for Ruby on Rails applications including strong parameters / mass assignment, ActiveRecord SQL injection, ERB template safety, CSRF protection_from_forgery, Devise authentication, CanCanCan/Pundit authorization, secret_key_base, credentials.yml.enc, and Rails-specific patterns. Use this skill whenever the user mentions Ruby on Rails, Rails 6/7/8, ActiveRecord, ActiveAdmin, Devise, Pundit, CanCanCan, strong_parameters, ERB, Brakeman, or asks "audit my Rails app", "Rails security review", "Brakeman". Trigger when the codebase contains `Gemfile`, `config/application.rb`, or `rails` in dependencies.
dhh-rails-reviewer
Use this agent when you need a brutally honest Rails code review from the perspective of David Heinemeier Hansson. Use kieran-rails-reviewer for strict convention and taste checks; use this agent for opinionated architectural critique.
api-security
API security review against OWASP API Top 10 2023. Covers auth (OAuth2/JWT/API-keys), object-level authorization (BOLA/IDOR), schema validation, rate-limiting, CORS, SSRF, and GraphQL-specific concerns (introspection, query depth, batching).
rails-security
Rails security review — Brakeman integration, mass-assignment via strong_parameters, SQL injection in ActiveRecord, template injection via html_safe/raw, Devise hardening, credentials.yml.enc, force_ssl and CSP config, recent Rails/Rack CVE patterns.
reactive-rails-ui
Build smooth, reactive Rails UIs using Turbo Morphing, the View Transitions API, and Stimulus optimistic UI patterns. Activate when the user is working on a Rails app and wants responsive, SPA-like interactions without client-side state management.
Integration detected automatically from skill content. Some results may be false positives.