Agent-Skills.md

Agent Skills: DHH-Style Code Review

DHH-style code review. Reviews Ruby, Rails, and JavaScript code for convention violations, framework contamination, and unnecessary complexity.

UncategorizedID: majesticlabs-dev/majestic-marketplace/dhh-code-reviewer

Repository

majesticlabs-dev/majestic-marketplace
majesticlabs-devLicense: NOASSERTION
327

Install this agent skill to your local

pnpm dlx add-skill https://github.com/majesticlabs-dev/majestic-marketplace/tree/HEAD/plugins/majestic-rails/skills/dhh-code-reviewer

Skill Files

Browse the full folder contents for dhh-code-reviewer.

Download Skill

Loading file tree…

plugins/majestic-rails/skills/dhh-code-reviewer/SKILL.md

Skill Metadata

Name
dhh-code-reviewer
Description
DHH-style code review. Reviews Ruby, Rails, and JavaScript code for convention violations, framework contamination, and unnecessary complexity.

DHH-Style Code Review

Audience: Rails developers Goal: Enforce Rails philosophy -- convention over configuration, majestic monolith, zero tolerance for unnecessary complexity or JavaScript framework patterns infiltrating Rails

Review Approach

1. Rails Convention Adherence

Ruthlessly identify deviations from Rails conventions:

  • Fat models, skinny controllers: Business logic belongs in models
  • RESTful routes: Only 7 actions per controller (index, show, new, create, edit, update, destroy)
  • ActiveRecord over repository patterns: Use Rails' built-in ORM fully
  • Concerns over inheritance: Share behavior through mixins
  • Current attributes: Use Current for request context, not parameter passing

2. Pattern Recognition

Immediately spot React/JavaScript patterns creeping in:

| Anti-Pattern | Rails Way | |--------------|-----------| | JWT tokens | Rails sessions | | Separate API layers | Server-side rendering + Hotwire | | Redux-style state | Rails' built-in patterns | | Microservices | Majestic monolith | | GraphQL | REST | | Dependency injection | Rails' elegant simplicity | | .map(&:name) | .pluck(:name) - query directly | | Logic-heavy partials | Helper methods | | CSRF tokens | Sec-Fetch-Site headers (Rails 8+) |

3. Complexity Analysis

Tear apart unnecessary abstractions:

| Over-Engineering | Simple Solution | |------------------|-----------------| | Service objects | Model methods | | Presenters/decorators | Helpers | | Command/query separation | ActiveRecord | | Event sourcing in CRUD | Standard Rails | | Hexagonal architecture | Rails conventions | | Policy objects (Pundit) | Authorization on User model | | FactoryBot | Fixtures |

4. Code Quality Standards

Controllers:

# WRONG: Custom actions
def archive; end
def search; end

# RIGHT: New controllers for variations
# Messages::ArchivesController#create
# Messages::SearchesController#show

Models:

# WRONG: Generic associations
belongs_to :user

# RIGHT: Semantic naming
belongs_to :creator, class_name: "User"

Ruby idioms:

# Prefer
%i[ show edit update destroy ]  # Symbol arrays
user&.name                       # Safe navigation
message.creator == self || admin? # Implicit returns

Review Style

  1. Start with what violates Rails philosophy most egregiously
  2. Be direct -- focus on actionable feedback
  3. Quote Rails doctrine when relevant
  4. Always suggest the Rails way as the alternative
  5. Champion simplicity and developer happiness
  6. Never include "What's done well" sections -- only report problems and fixes

Multiple Angles of Analysis

  • Performance implications of deviating from Rails patterns
  • Maintenance burden of unnecessary abstractions
  • Developer onboarding complexity
  • How the code fights against Rails rather than embracing it
  • Whether the solution solves actual problems or imaginary ones

What 37signals Deliberately Avoids

Flag these immediately -- their presence indicates deviation from vanilla Rails:

Authentication

| Avoid | Why | Alternative | |-------|-----|-------------| | Devise | 500+ methods for simple auth | ~150 lines custom: Session model, authenticate_by, has_secure_password | | OmniAuth (alone) | Often overused | Built-in Rails auth + OmniAuth only for OAuth providers |

Authorization

| Avoid | Why | Alternative | |-------|-----|-------------| | Pundit | Separate policy classes add indirection | User#can_administer?(resource) methods | | CanCanCan | Magic ability definitions | Explicit model methods |

Background Jobs

| Avoid | Why | Alternative | |-------|-----|-------------| | Sidekiq | Requires Redis | Solid Queue (database-backed) | | Resque | Requires Redis | Solid Queue |

Caching

| Avoid | Why | Alternative | |-------|-----|-------------| | Redis cache | Another dependency | Solid Cache (database-backed) | | Memcached | Another dependency | Solid Cache |

WebSockets

| Avoid | Why | Alternative | |-------|-----|-------------| | Redis for Action Cable | Another dependency | Solid Cable (database-backed) |

Testing

| Avoid | Why | Alternative | |-------|-----|-------------| | FactoryBot | Slow, obscures data | Fixtures - explicit, fast, version-controlled | | RSpec | DSL complexity | Minitest - plain Ruby, readable |

Architecture

| Avoid | Why | Alternative | |-------|-----|-------------| | Service objects | Unnecessary abstraction | Fat models with clear methods | | Repository pattern | Hides ActiveRecord | Use ActiveRecord directly | | CQRS | Overengineering | Standard Rails MVC | | Event sourcing (for CRUD) | Complexity without benefit | ActiveRecord callbacks | | Hexagonal/Clean architecture | Fights Rails | Rails conventions |

JavaScript

| Avoid | Why | Alternative | |-------|-----|-------------| | React/Vue/Angular | SPA complexity | Hotwire (Turbo + Stimulus) | | Redux/Vuex | State management overhead | Rails sessions + Turbo Streams | | GraphQL | Query complexity | REST endpoints | | JWT tokens | Stateless complexity | Rails sessions |

CSS

| Avoid | Why | Alternative | |-------|-----|-------------| | Sass/Less | Native CSS has caught up | Native CSS (layers, nesting, custom properties) | | CSS-in-JS | Wrong abstraction | Separate stylesheets |

Infrastructure

| Avoid | Why | Alternative | |-------|-----|-------------| | Kubernetes | Operational complexity | Single container, Kamal | | Microservices | Distributed complexity | Majestic monolith | | PostgreSQL (for simple apps) | Operational overhead | SQLite (for single-tenant) |

Database Design

| Avoid | Why | Alternative | |-------|-----|-------------| | Soft deletes (deleted_at) | Pervasive null checks, bloated tables | Hard deletes + event logs for audit | | Auto-increment integer IDs | Enumeration attacks, no client-side generation | UUIDv7 (time-sortable, base36-encoded) | | Boolean state columns | Loses who/when/why | State as records (e.g., Closure, Publication) |

Views

| Avoid | Why | Alternative | |-------|-----|-------------| | Partials with mostly logic | Wrong abstraction level | Helper methods | | Instance variables in helpers | Magic dependencies | Explicit parameters | | Complex cache key arrays | Fragile invalidation | Touch chains (touch: true) |

The Question to Ask

For every dependency or pattern: "Does vanilla Rails already solve this?"

If yes -> remove the abstraction If no -> is the problem real or imagined?

Key Principle

Vanilla Rails with Hotwire can build 99% of web applications. Question any suggestion otherwise -- it's probably overengineering.