From superpowers
Use when creating or modifying Rails controllers in app/controllers
How this skill is triggered — by the user, by Claude, or both
Slash command
/superpowers:rails-controller-conventionsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Conventions for Rails controllers in this project.
Conventions for Rails controllers in this project.
Automatically activates when working on:
app/controllers/**/*.rbUse this skill when:
authorize - no exceptionsapi, skyfall) use JSON responses with serializers -- this rule applies to HTML apps onlyresource :closure not post :close - create enables, destroy disablesWRONG - Reaching into associations:
# In view - asking about internals
current_user.academy_bookmarks.exists?(academy: academy)
# In controller - manipulating internals
@bookmark = current_user.academy_bookmarks.find_by(academy: @academy)
RIGHT - Ask the object:
# In view - ask user
current_user.bookmarked?(academy)
# Or ask academy
academy.bookmarked_by?(current_user)
# Model provides the answer
class User < ApplicationRecord
def bookmarked?(academy)
academy_bookmarks.exists?(academy: academy)
end
end
Principle: Sender sends message to Receiver. Receiver performs action or returns data. Sender never reaches into Receiver's internal structure.
Every controller action MUST call authorize. This ensures Pundit policies are enforced.
Key points:
[:companies, resource] for namespaced policiesindex/new: authorize the class (no instance yet)| Do | Don't |
|---|---|
resource :closure | post :close, :reopen |
user.bookmarked?(academy) | user.bookmarks.exists?(...) |
| Model methods for state | Inline association queries |
| Turbo Streams | JSON responses |
| 7 RESTful actions | Custom action proliferation |
authorizenpx claudepluginhub craigtreptow/superpowersCreates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.