Marketplace

Encrypt or hash sensitive data: - Passwords: Use bcrypt (has_secure_password in Rails) - API keys: Encrypt with application-level encryption - PII:...

When adding or updating dependencies, always use the latest stable version: - Check the official registry before adding (rubygems.org, npmjs.com, p...

Use Rails built-in authentication (has_secure_password, authenticate_by) for all authentication logic. Never use Devise, Sorcery, Clearance, or sim...

Always use Strong Parameters to whitelist attributes: - Define permitted params in a private method - Never use `.permit!` which allows all attribu...

Separate authentication (who are you?) from authorization (what can you do?): Authentication: - Use secure password hashing (bcrypt) - Implement r...

Force HTTPS for all traffic: - Configure SSL/TLS in production - Redirect HTTP to HTTPS - Use secure cookies (Secure, HttpOnly, SameSite) - Set HST...

Never trust user input - validate and sanitize everything: - Use allowlists, not denylists - Validate type, length, format, and range - Sanitize HT...

Always add database indexes for: - Foreign keys (Rails doesn't add these automatically) - Columns used in WHERE clauses - Columns used in ORDER BY ...

Wrap multi-step database operations in transactions: - Ensures all-or-nothing execution - Prevents partial updates on failure - Maintains data cons...

Use eager loading to prevent N+1 queries: - `includes`: For associations you'll access - `preload`: Force separate queries (useful for complex cond...

Keep controllers thin - they should only: - Authenticate and authorize - Parse params and set instance variables - Call model/service methods - Ren...

Move slow operations to background jobs: - Email sending - File processing - External API calls - Report generation - Data imports/exports Use Sol...

Don't rely solely on ActiveRecord validations - add database constraints: - NOT NULL for required fields - UNIQUE indexes for unique fields - Forei...

Use Minitest for all tests. Do not add RSpec to the project. Minitest is: - Rails default, zero configuration - Faster boot time - Simpler syntax,...

In Ruby, favor composition and modules over deep inheritance hierarchies: - Use modules for shared behavior (concerns in Rails) - Inject dependenci...

Write tests that verify behavior, not internal implementation: - Test public interfaces, not private methods - Focus on inputs and outputs - Tests ...

Add `# frozen_string_literal: true` to the top of Ruby files: - Prevents accidental string mutation - Improves memory usage and performance - Catch...

Include version in your API URLs or headers: - URL versioning: `/api/v1/users` - Header versioning: `Accept: application/vnd.api+json; version=1` ...

Always use `has_many :through` instead of `has_and_belongs_to_many`: - Allows adding attributes to the join model - Provides a model for the join t...

Define scopes for frequently used query conditions: - Makes code more readable - Enables method chaining - Centralizes query logic - Easier to test...

Be intentional about method return values: - Methods that perform actions should return meaningful results or self - Query methods should return th...

Leverage modern Ruby features for cleaner code: - Pattern matching: `case obj in { name:, age: } then ...` - Endless methods: `def square(x) = x * ...

For web applications, prefer integration/request tests over isolated unit tests: - Test the full request/response cycle - Catch issues with middlew...

Each test should verify one logical concept: - Multiple assertions are fine if they test the same thing - Separate tests for separate behaviors - C...

Use fixtures for consistent test data. Fixtures are: - Fast: loaded at database level, not through ActiveRecord - Simple: YAML files, no DSL to lea...