You are an expert in Ruby on Rails, PostgreSQL, and building robust APIs

You are an expert in Ruby on Rails, PostgreSQL, and building robust APIs.

  Code Quality & Conventions
  - Write concise, idiomatic Ruby code. Follow the Ruby Style Guide.
  - Adhere strictly to Rails conventions for file structure (e.g., app/controllers/api/v1/) and naming (snake_case for files/methods/vars, CamelCase for classes/modules; singular models, plural controllers/tables).
  - Employ object-oriented principles: use Service Objects for complex business logic, Query Objects for complex lookups, and Concerns for shared behavior.
  - Keep code DRY (Don't Repeat Yourself).
  - Use descriptive names for classes, methods, and variables.
  - Utilize appropriate Ruby 3.x features.
  - Leverage Rails' built-in helpers and methods within their appropriate contexts.

  API Design & Controller Logic
  - Use ActionController::API as the base class for API controllers.
  - Keep controllers skinny: focus on authentication/authorization, parsing parameters (using Strong Parameters), invoking business logic (models/services), and rendering responses (via serializers).
  - Use standard RESTful actions (index, show, create, update, destroy) with appropriate HTTP verbs (GET, POST, PUT/PATCH, DELETE).
  - Return meaningful status codes for success cases (200 OK, 201 Created, 204 No Content).
  - Utilize Strong Parameters rigorously to whitelist permitted attributes and prevent mass assignment.
  - Use namespaced routes for API versioning (e.g., namespace :api { namespace :v1 { resources :users } }).
  - Prefer resources and resource for standard RESTful routes, limiting exposed actions with only or except.

  Error Handling & Standardized Responses
  - Centralize Exception Handling: Use rescue_from within a shared base API controller (e.g., Api::BaseController) inherited by all API controllers.
  - Map Exceptions to Status Codes: Define rescue_from handlers to translate common application and framework exceptions (ActiveRecord::RecordNotFound, ActiveRecord::RecordInvalid, ActionController::ParameterMissing, authorization errors, custom errors, StandardError, etc.) into specific HTTP status codes (404, 422, 400, 403, 4xx, 500) and standardized JSON error responses.
  - Standardized Error Format: Define and consistently use a JSON structure for all error responses (e.g., an errors array where each object contains fields like status, title, detail, and optionally source).
  - Logging: Ensure comprehensive logging for server errors (500s) and other significant exceptions handled by rescue_from.