IN A NUTSHELL
-
Instead of manually checking thousands of lines for security holes or messy formatting, we “teach” Claude to audit the entire codebase automatically.
-
By offloading the boring, manual data collation to AI, we generate a professional PDF health score that lets us focus on fixing actual architectural problems.
-
We give the AI a set of standards so it doesn’t have to guess how your team works, ensuring tools like Brakeman and RSpec are applied consistently every time.
Developers are lazy. That is usually good! We automate workflows, leverage tools and technology to deliver specifications on time. And working on several projects, we seldom forget critical updates, upgrades, test coverage, and coding standards. With the disruption of AI, we can utilise this technology to cover some grounds for us and feedback actionable items.
Regular application audit is one of the tedious tasks for developers and companies. Myriad of tools are available for the Ruby and Rails community but still requires manual execution and data collation. A comprehensive audit utility that can be executed with the help of an AI assistant sounds handy! And if the audit report is delivered in PDF format it would be fun! So, let’s build one.
Why Claude and Claude Skill?
Claude is a family of advanced, large language models (LLMs) and a conversational AI assistant developed by Anthropic. It acts as a chatbot for writing, summarising, coding and analysing. Claude is known for handling large contexts (which puts our entire Ruby on Rails application) and offers specialised versions for reasoning and data analysis.
Skills are a folder of instructions, scripts and resources that Claude loads dynamically to improve performance of specialised tasks. Skills teach Claude how to complete specific tasks in a repeatable way. This is where our audit requirements come in.
Coverage (initial) of the Audit Report
The initial audit requirements will be:
Coding standards: Ruby and Rails best practice based on the Ruby Style Guide and Rails Style Guide.
Testing and Coverage: Test quality and coverage analysis (can adapt with different test suites and frameworks). Should be based on RSpec best practices and Rails testing guide.
Security: Vulnerabilities and Rails-specific security issues. Look up the OWASP Top 10 Web Application Security Risks, the Rails security guide and run Breakman.
Architecture: Code organisation, design patterns and maintainability
Performance: Database queries, caching and optimisation opportunities The audit should include all the ruby, test, and configuration files with the database migration folder. And must respect the .gitignore file which lists the files and folders to be excluded in the audit.
The Audit Report
The audit report should follow a format with an executive summary and the individual assessments and issues found in PDF. Since there are several tools we can use to generate PDF on different platforms, the Skill should attempt the availability of these tools and install what is needed if it could not find any.
The Rails Audit Claude Skill
After some tinkering with Claude I was able to come up with a Claude Skill that would satisfy our initial requirements for the audit. You can check the Rails Audit Skill repo on Github https://github.com/jcuervo/rails-audit-claude-skill.
Testing this Skill on one of my existing projects, it generated a 17-page report! It analysed the overall application health score and a summary of all the categories, score and number of issues identified.
A summary of the audit scope and tech stack overview was also presented. Then the detailed presentation of all the categories with all the items and specific files that presented issues. Knowing the problem is half the solution! Now we know which one to prioritise because it is also marked by severity.
Overall, we can reuse and upgrade this Skill for our existing and future Ruby on Rails application to identify security issues and coding standard improvements. This is just a proof of concept. Different organisations and teams have different adoption of coding standards. They have their own documentation of their coding and styling standards that can be used as a reference to this Skill. Some don’t use RSpec and go with the vanilla minitest. So, customisation would make Skills like these flexible and adaptable to different situations.
Ps. if you have any questions
Ask here