Automates code audits for Ruby on Rails applications using thoughtbot's best practices. Benefits developers and operations teams by identifying code quality issues and ensuring adherence to standards. Integrates with Claude Code for automated analysis and reporting.
git clone https://github.com/thoughtbot/rails-audit-thoughtbot.gitThe Rails Audit Skill analyzes Ruby on Rails applications and generates detailed reports covering testing practices, code quality, security vulnerabilities, design patterns, Rails conventions, database optimization, and performance antipatterns. It integrates with Claude Code to provide automated analysis based on thoughtbot's Ruby Science and Testing Rails guides. The skill supports full application audits or targeted reviews of specific directories, and optionally integrates with SimpleCov for test coverage metrics and RubyCritic for code complexity analysis. Each optional data-collection step is opt-in and non-invasive, temporarily adding tools only if needed. This skill benefits developers and operations teams seeking to align their Rails codebases with industry best practices and identify refactoring opportunities.
Copy the skill directory to your Claude Code skills folder or clone from GitHub into ~/.claude/skills/. In a Claude session, reference the skill with /rails-audit-thoughtbot to run a full application audit, or use /rails-audit-thoughtbot audit [target] for targeted analysis of specific files or directories. The skill will optionally prompt you to collect SimpleCov coverage and RubyCritic metrics during the audit.
Evaluate test coverage and testing practices across an entire Rails application
Identify code smells, security vulnerabilities, and performance antipatterns in specific Rails modules
Audit database migrations and query optimization opportunities
Review controller design, domain models, and PORO usage patterns
No install command available. Check the GitHub repository for manual installation instructions.
git clone https://github.com/thoughtbot/rails-audit-thoughtbotCopy the install command above and run it in your terminal.
Launch Claude Code, Cursor, or your preferred AI coding agent.
Use the prompt template or examples below to test the skill.
Adapt the skill to your specific use case and workflow.
Audit the following Ruby on Rails application codebase for adherence to thoughtbot's best practices. Focus on [SPECIFIC_AREA] (e.g., testing, security, performance). Provide a detailed report with findings and recommendations. Codebase: [CODEBASE_URL] or [PASTE_CODE].
# Rails Audit Report: thoughtbot Best Practices ## Overview Audit performed on [COMPANY]'s Rails application. Focus area: Testing and Security. ## Findings ### Testing - **Insufficient Test Coverage**: Only 65% of models and controllers have test coverage. - *Recommendation*: Implement factory patterns and increase test coverage to 90%. - **Missing Integration Tests**: Critical user flows lack integration tests. - *Recommendation*: Add Capybara tests for key user journeys. ### Security - **Mass Assignment Vulnerability**: Some models permit mass assignment without proper protection. - *Recommendation*: Use `attr_accessible` or `strong_parameters` to restrict mass assignment. - **SQL Injection Risks**: Raw SQL queries found in [FILE_PATH]. - *Recommendation*: Use ActiveRecord query methods or parameterized queries. ## Recommendations 1. Implement factory patterns for consistent test data. 2. Add integration tests for critical user flows. 3. Restrict mass assignment in all models. 4. Replace raw SQL queries with ActiveRecord methods. 5. Schedule regular audits to maintain code quality.
AI assistant built for thoughtful, nuanced conversation
Get more done every day with Microsoft Teams – powered by AI
Automate security compliance and monitor real-time security posture seamlessly.
Automate your spreadsheet tasks with AI power
Agentic AI Workflow platform
Connected workspace for docs, wikis, and projects
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan