Marketplace
Browse and adopt engineering standards, rules, and configurations. Fork to customize for your organization.
Never store sensitive data in plain text
database
Encrypt or hash sensitive data: - Passwords: Use bcrypt (has_secure_password in Rails) - API keys: Encrypt with application-level encryption - PII:...
Use Rails built-in authentication, never Devise
rails
Use Rails built-in authentication (has_secure_password, authenticate_by) for all authentication logic. Never use Devise, Sorcery, Clearance, or sim...
Use Strong Parameters correctly
rails
Always use Strong Parameters to whitelist attributes: - Define permitted params in a private method - Never use `.permit!` which allows all attribu...
Use HTTPS everywhere
security
Force HTTPS for all traffic: - Configure SSL/TLS in production - Redirect HTTP to HTTPS - Use secure cookies (Secure, HttpOnly, SameSite) - Set HST...
Validate and sanitize all user input
security
Never trust user input - validate and sanitize everything: - Use allowlists, not denylists - Validate type, length, format, and range - Sanitize HT...
Add indexes for foreign keys and frequently queried columns
database
Always add database indexes for: - Foreign keys (Rails doesn't add these automatically) - Columns used in WHERE clauses - Columns used in ORDER BY ...
Avoid N+1 queries
rails
Use eager loading to prevent N+1 queries: - `includes`: For associations you'll access - `preload`: Force separate queries (useful for complex cond...
Fat models, skinny controllers
rails
Keep controllers thin - they should only: - Authenticate and authorize - Parse params and set instance variables - Call model/service methods - Ren...
Use background jobs for slow operations
rails
Move slow operations to background jobs: - Email sending - File processing - External API calls - Report generation - Data imports/exports Use Sol...
Use database constraints
rails
Don't rely solely on ActiveRecord validations - add database constraints: - NOT NULL for required fields - UNIQUE indexes for unique fields - Forei...
Use Hotwire for interactivity
rails
For Rails 7+ applications, prefer Hotwire (Turbo + Stimulus) over React/Vue: - Turbo Drive: Automatic AJAX page transitions - Turbo Frames: Partial...
Use Minitest for Rails testing
rails
Use Minitest for all tests. Do not add RSpec to the project. Minitest is: - Rails default, zero configuration - Faster boot time - Simpler syntax,...
Prefer composition over inheritance
ruby
In Ruby, favor composition and modules over deep inheritance hierarchies: - Use modules for shared behavior (concerns in Rails) - Inject dependenci...
Version your APIs
api
Include version in your API URLs or headers: - URL versioning: `/api/v1/users` - Header versioning: `Accept: application/vnd.api+json; version=1` ...
Use has_many :through over HABTM
rails
Always use `has_many :through` instead of `has_and_belongs_to_many`: - Allows adding attributes to the join model - Provides a model for the join t...
Use scopes for common queries
rails
Define scopes for frequently used query conditions: - Makes code more readable - Enables method chaining - Centralizes query logic - Easier to test...