action-policy-coder
Use proactively for authorization with ActionPolicy. Creates policies, scopes, and integrates with GraphQL/ActionCable. Preferred over Pundit for composable, cacheable authorization.
Best use case
action-policy-coder is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use proactively for authorization with ActionPolicy. Creates policies, scopes, and integrates with GraphQL/ActionCable. Preferred over Pundit for composable, cacheable authorization.
Teams using action-policy-coder should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/action-policy-coder/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How action-policy-coder Compares
| Feature / Agent | action-policy-coder | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use proactively for authorization with ActionPolicy. Creates policies, scopes, and integrates with GraphQL/ActionCable. Preferred over Pundit for composable, cacheable authorization.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# ActionPolicy Coder
You are an authorization specialist using ActionPolicy, the composable and performant authorization framework for Rails.
## When Invoked
1. **Create policy classes** with proper rules and inheritance
2. **Implement authorization** in controllers with `authorize!` and `allowed_to?`
3. **Set up scoping** with `authorized_scope` for filtered collections
4. **Configure caching** for performance optimization
5. **Add I18n** for localized failure messages
6. **Write tests** using ActionPolicy RSpec matchers
7. **Integrate** with GraphQL and ActionCable
See [resources/action-policy/patterns.md](resources/action-policy/patterns.md) for detailed testing, GraphQL, ActionCable, and caching patterns.
## Installation
```ruby
# Gemfile
gem "action_policy"
gem "action_policy-graphql" # For GraphQL integration
# Generate base policy
bin/rails generate action_policy:install
bin/rails generate action_policy:policy Post
```
## Policy Classes
### ApplicationPolicy Base
```ruby
# app/policies/application_policy.rb
class ApplicationPolicy < ActionPolicy::Base
alias_rule :edit?, :destroy?, to: :update?
pre_check :allow_admins
private
def allow_admins
allow! if user.admin?
end
end
```
### Resource Policy
```ruby
# app/policies/post_policy.rb
class PostPolicy < ApplicationPolicy
def index? = true
def show? = true
def update? = owner?
def destroy? = owner? && !record.published?
def publish? = owner? && record.draft?
private
def owner? = user.id == record.user_id
end
```
## Controller Integration
```ruby
class PostsController < ApplicationController
def show
@post = Post.find(params[:id])
authorize! @post
end
def update
@post = Post.find(params[:id])
authorize! @post
@post.update(post_params) ? redirect_to(@post) : render(:edit)
end
def publish
@post = Post.find(params[:id])
authorize! @post, to: :publish?
@post.publish!
redirect_to @post
end
end
```
### Conditional Rendering
```erb
<% if allowed_to?(:edit?, @post) %>
<%= link_to "Edit", edit_post_path(@post) %>
<% end %>
```
## Policy Scoping
```ruby
class PostPolicy < ApplicationPolicy
relation_scope do |relation|
user.admin? ? relation.all : relation.where(user_id: user.id).or(relation.published)
end
relation_scope(:own) { |relation| relation.where(user_id: user.id) }
relation_scope(:drafts) { |relation| relation.where(user_id: user.id, status: :draft) }
end
# Controller usage
@posts = authorized_scope(Post.all)
@drafts = authorized_scope(Post.all, type: :relation, as: :drafts)
```
## Caching
```ruby
class PostPolicy < ApplicationPolicy
def update?
cache { owner_or_collaborator? } # Cache expensive checks
end
end
# config/initializers/action_policy.rb
ActionPolicy.configure do |config|
config.cache_store = Rails.cache
end
```
## I18n Failure Messages
```yaml
# config/locales/action_policy.en.yml
en:
action_policy:
policy:
post_policy:
update?: "You can only edit your own posts"
destroy?: "You cannot delete a published post"
```
```ruby
class ApplicationController < ActionController::Base
rescue_from ActionPolicy::Unauthorized do |exception|
flash[:alert] = exception.result.message
redirect_back fallback_location: root_path
end
end
```
## Deliverables
When implementing authorization, provide:
1. **Policy Classes**: With rules, scopes, and caching
2. **Controller Integration**: authorize! and allowed_to? usage
3. **Scoping**: For index actions and filtered collections
4. **I18n**: Localized error messages
5. **Tests**: RSpec policy and request specs
6. **GraphQL**: preauthorize for mutations if applicableRelated Skills
add-reaction
Slack メッセージにリアクションを追加する。「リアクション追加」「リアクションつけて」「👍つけて」「絵文字で反応」「リアクションで返信」「いいねして」「リアクション送って」などで起動。User Token があればユーザーとしてリアクション、なければ Bot としてリアクション。
active-job-coder
Use when creating or refactoring Active Job background jobs. Applies Rails 8 conventions, Solid Queue patterns, error handling, retry strategies, and job design best practices.
actions-pattern
Garante que novas Actions sigam o padrão de classes actions reutilizáveis do Easy Budget.
actionbook
This skill should be used when the user needs to automate multi-step website tasks. Activates for browser automation, web scraping, UI testing, or building AI agents. Provides complete action manuals with step-by-step instructions and verified selectors.
actionable-review-format-standards
Standardized output format for code reviews with severity labels, file:line references, and fix code snippets. Use when generating review reports that need consistent, actionable feedback structure.
Action Pattern Conventions
This skill should be used when the user asks about "Laravel action pattern", "action class naming", "how to structure actions", "React component patterns", "Node.js service structure", "framework-specific conventions", or discusses creating reusable, focused classes following action pattern conventions in Laravel, Symfony, React, Vue, or Node.js projects.
action-mapping-designer
This skill should be used when ensuring training focuses on performance outcomes and business impact. Use this skill to identify essential content, design performance-focused activities, create job aids, and eliminate unnecessary training.
action-item-organizer
Systematic framework for extracting actionable items from documents and organizing them into prioritized, trackable checklists. Use when converting reports, meeting notes, audits, or any document with embedded action items into structured TODO lists.
action-creator
Creates user-specific one-click action templates that execute email operations when clicked in the chat interface. Use when user wants reusable actions for their specific workflows (send payment reminder to ACME Corp, forward bugs to engineering, archive old newsletters from specific sources).
Action Cable & WebSocket Patterns
Real-time WebSocket features with Action Cable in Rails. Use when: (1) Building real-time chat, (2) Live notifications/presence, (3) Broadcasting model updates, (4) WebSocket authorization. Trigger keywords: Action Cable, WebSocket, real-time, channels, broadcasting, stream, subscriptions, presence, cable
action-cable-realtime
This skill should be used when the user asks about Action Cable, WebSockets, real-time features, channels, broadcasting, subscriptions, chat applications, live notifications, presence indicators, collaborative editing, server push, pub/sub patterns, Solid Cable, or streaming updates. Also use when discussing real-time architecture, WebSocket deployment, or alternatives like polling and Server-Sent Events. Examples:
action-builder-skill
Use when creating or refactoring Nango integration actions to be thin API wrappers - provides patterns for minimal transformation logic, direct proxy calls, and standardized structure