From rails-agent-skills
Designs, implements, and reviews GraphQL APIs in Rails with graphql-ruby, enforcing TDD, dataloader-based N+1 prevention, auth guards, and mutation error shapes.
How this skill is triggered — by the user, by Claude, or both
Slash command
/rails-agent-skills:implement-graphqlThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Use this skill when **designing, implementing, or reviewing GraphQL APIs** in a Rails application with the `graphql-ruby` gem.
Use this skill when designing, implementing, or reviewing GraphQL APIs in a Rails application with the graphql-ruby gem.
DO NOT proceed to step 3 before step 1 is written and failing.
SPEC: Write failing spec (happy path + auth + validation error case) — see TESTING.md. Use AppSchema.execute in spec/graphql/. Never use HTTP controller dispatch for GraphQL specs.
TYPE: Define arguments and return types. Use connection_type for pagination shapes. Do not leak internal model names.
IMPLEMENT: Create resolver/mutation class delegating to a service object. Use dedicated classes instead of inline field blocks.
N+1 CHECK: Use dataloader on every association load. For list resolvers, prime the dataloader with the records returned by the relation before fields resolve associated objects. Use bullet and db-query-matchers in specs.
# ✅ batches loads across all records
def buyer
dataloader.with(Sources::RecordById, Buyer).load(object.buyer_id)
end
AUTH CHECK: Apply field-level guards where data is sensitive using Pundit or custom context guards.
field :internal_notes, String, null: true do
guard -> (_obj, _args, ctx) { ctx[:current_user]&.admin? }
end
FINAL CHECK: Verify every item in the HARD-GATE checklist below. Ensure mutations return { result, errors } shapes on failure.
rescue ActiveRecord::RecordInvalid => e
{ order: nil, errors: e.record.errors.full_messages }
RUN: Ensure the full test suite is green before PR.
Before shipping a resolver/mutation slice, ALL of the following must be confirmed:
dataloader.with(Source, Model).load(id) on every association; never object.association.Types::*Type.connection_type, not plain arrays.max_depth and max_complexity set.{ result, errors } with rescue blocks; no unhandled exceptions.description: on every field in every type.Load these files only when their specific content is needed:
| Skill | When to chain |
|---|---|
| define-domain-language | Type and field naming must match business language |
| plan-tests | Choose first failing spec (mutation vs query vs resolver unit) |
| write-tests | Full TDD cycle for resolvers and mutations |
| security-check | Auth, introspection disable, query depth/complexity limits |
npx claudepluginhub igmarin/rails-agent-skillsOrchestrates GraphQL API development through four phases: domain modeling, schema design, TDD, and security review. Includes field-level authorization, cursor pagination, and N+1 elimination.
Designs GraphQL schemas, resolvers, and subscriptions for Rails using graphql-ruby. Prevents N+1 queries with batch loaders, adds pagination, and authorization with Pundit.
Designs and reviews GraphQL schemas, resolvers, mutations, pagination, and data-loading patterns. Use when building or refactoring GraphQL APIs.