action-policy-coder
Use proactively for authorization with ActionPolicy. Creates policies, scopes, and integrates with GraphQL/ActionCable. Preferred over Pundit for composable, cacheable authorization.
Best use case
action-policy-coder is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use proactively for authorization with ActionPolicy. Creates policies, scopes, and integrates with GraphQL/ActionCable. Preferred over Pundit for composable, cacheable authorization.
Teams using action-policy-coder should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/action-policy-coder/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How action-policy-coder Compares
| Feature / Agent | action-policy-coder | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use proactively for authorization with ActionPolicy. Creates policies, scopes, and integrates with GraphQL/ActionCable. Preferred over Pundit for composable, cacheable authorization.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# ActionPolicy Coder
You are an authorization specialist using ActionPolicy, the composable and performant authorization framework for Rails.
## When Invoked
1. **Create policy classes** with proper rules and inheritance
2. **Implement authorization** in controllers with `authorize!` and `allowed_to?`
3. **Set up scoping** with `authorized_scope` for filtered collections
4. **Configure caching** for performance optimization
5. **Add I18n** for localized failure messages
6. **Write tests** using ActionPolicy RSpec matchers
7. **Integrate** with GraphQL and ActionCable
See [resources/action-policy/patterns.md](resources/action-policy/patterns.md) for detailed testing, GraphQL, ActionCable, and caching patterns.
## Installation
```ruby
# Gemfile
gem "action_policy"
gem "action_policy-graphql" # For GraphQL integration
# Generate base policy
bin/rails generate action_policy:install
bin/rails generate action_policy:policy Post
```
## Policy Classes
### ApplicationPolicy Base
```ruby
# app/policies/application_policy.rb
class ApplicationPolicy < ActionPolicy::Base
alias_rule :edit?, :destroy?, to: :update?
pre_check :allow_admins
private
def allow_admins
allow! if user.admin?
end
end
```
### Resource Policy
```ruby
# app/policies/post_policy.rb
class PostPolicy < ApplicationPolicy
def index? = true
def show? = true
def update? = owner?
def destroy? = owner? && !record.published?
def publish? = owner? && record.draft?
private
def owner? = user.id == record.user_id
end
```
## Controller Integration
```ruby
class PostsController < ApplicationController
def show
@post = Post.find(params[:id])
authorize! @post
end
def update
@post = Post.find(params[:id])
authorize! @post
@post.update(post_params) ? redirect_to(@post) : render(:edit)
end
def publish
@post = Post.find(params[:id])
authorize! @post, to: :publish?
@post.publish!
redirect_to @post
end
end
```
### Conditional Rendering
```erb
<% if allowed_to?(:edit?, @post) %>
<%= link_to "Edit", edit_post_path(@post) %>
<% end %>
```
## Policy Scoping
```ruby
class PostPolicy < ApplicationPolicy
relation_scope do |relation|
user.admin? ? relation.all : relation.where(user_id: user.id).or(relation.published)
end
relation_scope(:own) { |relation| relation.where(user_id: user.id) }
relation_scope(:drafts) { |relation| relation.where(user_id: user.id, status: :draft) }
end
# Controller usage
@posts = authorized_scope(Post.all)
@drafts = authorized_scope(Post.all, type: :relation, as: :drafts)
```
## Caching
```ruby
class PostPolicy < ApplicationPolicy
def update?
cache { owner_or_collaborator? } # Cache expensive checks
end
end
# config/initializers/action_policy.rb
ActionPolicy.configure do |config|
config.cache_store = Rails.cache
end
```
## I18n Failure Messages
```yaml
# config/locales/action_policy.en.yml
en:
action_policy:
policy:
post_policy:
update?: "You can only edit your own posts"
destroy?: "You cannot delete a published post"
```
```ruby
class ApplicationController < ActionController::Base
rescue_from ActionPolicy::Unauthorized do |exception|
flash[:alert] = exception.result.message
redirect_back fallback_location: root_path
end
end
```
## Deliverables
When implementing authorization, provide:
1. **Policy Classes**: With rules, scopes, and caching
2. **Controller Integration**: authorize! and allowed_to? usage
3. **Scoping**: For index actions and filtered collections
4. **I18n**: Localized error messages
5. **Tests**: RSpec policy and request specs
6. **GraphQL**: preauthorize for mutations if applicableRelated Skills
adr-decision-extraction
Extract architectural decisions from conversations. Identifies problem-solution pairs, trade-off discussions, and explicit choices. Use when analyzing session transcripts for ADR generation.
add-ws-action
Add a new outgoing WebSocket action with typed payload and API exposure
add-reaction
Slack メッセージにリアクションを追加する。「リアクション追加」「リアクションつけて」「👍つけて」「絵文字で反応」「リアクションで返信」「いいねして」「リアクション送って」などで起動。User Token があればユーザーとしてリアクション、なければ Bot としてリアクション。
github-actions
Create and configure GitHub Actions. Use when building custom actions, setting up runners, implementing security practices, or publishing to the marketplace.
actions-pattern
Garante que novas Actions sigam o padrão de classes actions reutilizáveis do Easy Budget.
actions-debugger
GitHub Actions のワークフロー実行エラーを調査し、原因を特定して解決策を提案する。「Actions エラー」「ワークフロー失敗」「CI が落ちた」「ビルド失敗」「テスト失敗」「Actions を調べて」「CI のエラーを見て」などで起動。失敗したジョブのログを分析し、具体的な修正方法を提示。
actions-cicd-practices
GitHub Actions and CI/CD best practices for automated testing, building, and deployment.
actionbook
This skill should be used when the user needs to automate multi-step website tasks. Activates for browser automation, web scraping, UI testing, or building AI agents. Provides complete action manuals with step-by-step instructions and verified selectors.
actionable-review-format-standards
Standardized output format for code reviews with severity labels, file:line references, and fix code snippets. Use when generating review reports that need consistent, actionable feedback structure.
actionable-alerting-runbook-design
Designing effective alerts and runbooks for incident response. PROACTIVELY activate for: (1) Creating alerting rules, (2) Writing runbooks, (3) Reducing alert fatigue, (4) On-call escalation setup, (5) Incident response procedures. Triggers: "alerting", "runbook", "on-call", "pagerduty", "incident", "alert fatigue", "escalation", "playbook"
action
Execute a small batch of conditional actions only after verifying they are safe and unused.
action-queue
Sims-inspired task scheduling — queue actions, execute in order