implementation safety

Implementation Safety Skill

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "implementation safety" with this command: npx skills add kaakati/rails-enterprise-dev/kaakati-rails-enterprise-dev-implementation-safety

Implementation Safety Skill

Comprehensive safety checklists to prevent common Rails bugs and vulnerabilities during implementation.

Quick Reference

Use these checklists before marking any file complete during Phase 4 (Implementation).

  1. Nil Safety Checklist

Prevent NoMethodError: undefined method for nil errors.

BAD - Crashes if user is nil

user.email.downcase

GOOD - Safe navigation

user&.email&.downcase

BAD - Crashes if find_by returns nil

User.find_by(email: email).name

GOOD - Handle nil explicitly

User.find_by(email: email)&.name || "Unknown"

Checklist:

  • Use safe navigation (&. ) for potentially nil objects

  • Add presence validations for required attributes

  • Handle nil cases explicitly in conditionals

  • Use find_by! or handle find_by returning nil

  • Check for nil before calling methods

  • Filter nil values from collections: hash.compact.each

  1. ActiveRecord Safety Checklist

Prevent N+1 queries, validation failures, and data integrity issues.

BAD - N+1 queries

Post.all.each { |p| puts p.author.name }

GOOD - Eager loading

Post.includes(:author).each { |p| puts p.author.name }

BAD - Silent validation failure

user.save

GOOD - Handle validation explicitly

if user.save redirect_to user else render :edit, status: :unprocessable_entity end

Checklist:

  • Use includes /joins to prevent N+1 queries

  • Add validations for all user inputs

  • Handle validation failures explicitly

  • Add indexes on foreign keys

  • Use scopes instead of class methods for queries

  • Add counter caches for frequently accessed counts

  1. Security Checklist

Prevent SQL injection, XSS, mass assignment, and other vulnerabilities.

BAD - SQL injection

User.where("email = '#{params[:email]}'")

GOOD - Parameterized query

User.where(email: params[:email]) User.where("email = ?", params[:email])

BAD - Mass assignment vulnerability

User.create(params[:user])

GOOD - Strong parameters

User.create(user_params)

private def user_params params.require(:user).permit(:name, :email) end

Checklist:

  • Strong parameters for all user inputs

  • No string interpolation in SQL queries

  • Sanitize HTML output (sanitize or strip_tags )

  • No mass assignment without whitelisting

  • Use has_secure_password for authentication

  • No sensitive data in logs or error messages

  1. Error Handling Checklist

Prevent crashes, ensure proper logging, and return meaningful errors.

BAD - Catches everything, hides bugs

rescue => e render json: { error: e.message }

GOOD - Specific exception handling

rescue ActiveRecord::RecordNotFound => e render json: { error: "Resource not found" }, status: :not_found rescue ActiveRecord::RecordInvalid => e render json: { errors: e.record.errors.full_messages }, status: :unprocessable_entity

Checklist:

  • Rescue specific exceptions, not StandardError

  • Log errors with context: Rails.logger.error("Context: #{e.message}")

  • Return meaningful error messages (not raw exceptions)

  • Handle edge cases (empty arrays, nil values, zero amounts)

  • Use Result pattern for service objects

  1. Performance Checklist

Prevent slow queries, memory bloat, and inefficient operations.

BAD - Loads all records into memory

User.all.map(&:email)

GOOD - Only fetches emails

User.pluck(:email)

BAD - Counts by loading records

User.all.any?

GOOD - Uses SQL EXISTS

User.exists?

BAD - Loads all records at once

User.all.each { |u| process(u) }

GOOD - Batches of 1000

User.find_each { |u| process(u) }

Checklist:

  • Use pluck /select for specific columns

  • Use exists? instead of any? or count > 0

  • Use find_each for large collections

  • Add database indexes for frequently queried columns

  • Use counter caches instead of repeated count queries

  1. Migration Safety Checklist

Prevent data loss and ensure reversible migrations.

GOOD - Complete migration with all safety measures

class CreateOrders < ActiveRecord::Migration[7.1] def change create_table :orders do |t| t.references :user, null: false, foreign_key: true, index: true t.string :status, null: false, default: 'pending' t.decimal :total, precision: 10, scale: 2, null: false

  t.timestamps
end

add_index :orders, :status
add_index :orders, [:user_id, :status]

end end

Checklist:

  • Add indexes on all foreign keys

  • Include null: false for required columns

  • Add unique indexes for uniqueness constraints

  • Make migrations reversible (provide down method if needed)

  • Add default values where appropriate

  • Use precision/scale for decimal columns

  1. Specific Error Prevention

NoMethodError Prevention

Pattern: Safe navigation chain

result = object&.method1&.method2&.method3

Pattern: Filter nil from collections

hash.compact.each do |key, value|

key and value are guaranteed non-nil

end

Pattern: Explicit nil checks

if value.nil? handle_missing_value else process(value) end

N+1 Query Prevention

Pattern: Preload in controller

def index @posts = Post.includes(:author, :comments, :tags) end

Pattern: Counter cache in model

class Post < ApplicationRecord belongs_to :author, counter_cache: true end

Pattern: Test with Bullet gem

config/environments/development.rb

Bullet.enable = true Bullet.rails_logger = true

Security Vulnerability Prevention

Pattern: Define strong parameters for every action

class PostsController < ApplicationController private

def post_params params.require(:post).permit(:title, :body, :published_at) end

def filter_params params.permit(:status, :author_id, :created_after) end end

Pattern: Parameterized queries only

User.where("email LIKE ?", "%#{sanitized_input}%") User.where(status: params[:status])

  1. Integration with Rails Error Prevention Skill

This skill provides quick checklists. For detailed patterns, examples, and edge cases, reference the rails-error-prevention skill:

Discover full error prevention patterns

cat .claude/skills/rails-error-prevention/SKILL.md

Cross-reference:

  • Nil Safety → rails-error-prevention Section 2

  • ActiveRecord Safety → rails-error-prevention Section 3

  • Security → rails-error-prevention Section 4

  • Error Handling → rails-error-prevention Section 5

Usage in Implementation Phase

During Phase 4 (Implementation), before marking each file complete:

  • Read this skill for quick checklist reference

  • Review the file against each applicable checklist

  • Fix any violations before proceeding

  • Mark file complete only after all checks pass

Implementation workflow

1. Generate code for file

2. Run implementation-safety checklist

3. Fix any issues found

4. Run tests

5. Mark file complete

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

flutter conventions & best practices

No summary provided by upstream source.

Repository SourceNeeds Review
44-kaakati
Coding

getx state management patterns

No summary provided by upstream source.

Repository SourceNeeds Review
28-kaakati
Coding

ruby oop patterns

No summary provided by upstream source.

Repository SourceNeeds Review
27-kaakati
Coding

rails localization (i18n) - english & arabic

No summary provided by upstream source.

Repository SourceNeeds Review
26-kaakati