- fetch models inside services - validate `user_id` in contracts - use policy objects - extract more logic to actions - write specs for services and action
