otto 2.0.0.pre1 → 2.0.0.pre3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a3de0a572bb6389f8e3f6b64d3295630c1d2f9872734d5840c5c2e5dc89f1fd4
-  data.tar.gz: 41caaa99c08d5646d576b5c15d4392757e541ae00218dd7a3831d4532ee7a30c
+  metadata.gz: abc8be5b60ac2a33d84dd0b89aec0e30797d36a995fdc26db7d9d2e65b28553f
+  data.tar.gz: 003a6c148c47011bbdc185c0035d9788f319b34eaa4bd2067cf06199749abf46
 SHA512:
-  metadata.gz: bbef30e2f11091b5b74c7c20aeead0b118b22bd5a52b77cc23c8901f8dcc58f9465748b1d3c46ae1c2cf0a75b7736d07248d9150a6b9fe28ddc02ef23543ca83
-  data.tar.gz: 765a1cc021e278ca5ff484dd55e49695176c8aac998a3374677026857c27643c237088347fd3b04bbae69f4d6eae2ffec089bffbb7019f339c43c85f6e035668
+  metadata.gz: 0b27bf0132a8648a0b7ba14c33e1c1553196447a34a826463572c2fb005c644cdcbadd9987b1b71787c41cc70332771034ac52bda39e76aaa2947c0b73138470
+  data.tar.gz: c45a50e6420a3a6a072abdbb03177228132359cc52193fdcbac230ea0b6f6aac8c86613190d4cb6be192125db6999510467a3a4a5abe0f1fee46e07e202448aa

data/.github/workflows/ci.yml

@@ -28,8 +28,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - ruby: "3.2"
-            experimental: false
           - ruby: "3.3"
             experimental: false
           - ruby: "3.4"
@@ -41,9 +39,10 @@ jobs:
       - uses: actions/checkout@v5
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
+        continue-on-error: ${{ matrix.experimental }}
         with:
           ruby-version: ${{ matrix.ruby }}
-          bundler-cache: true
+          bundler-cache: ${{ !matrix.experimental }}
 
       - name: Setup tmate session
         uses: mxschmitt/action-tmate@7b6a61a73bbb9793cb80ad69b8dd8ac19261834c # v3

data/.github/workflows/claude-code-review.yml

@@ -2,13 +2,8 @@ name: Claude Code Review
 
 on:
   pull_request:
-    types: [opened, synchronize]
-    # Optional: Only run on specific file changes
-    # paths:
-    #   - "src/**/*.ts"
-    #   - "src/**/*.tsx"
-    #   - "src/**/*.js"
-    #   - "src/**/*.jsx"
+    types: [opened, synchronize, labeled]
+  workflow_dispatch:
 
 jobs:
   claude-review:
@@ -19,6 +14,11 @@ jobs:
     #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
 
     runs-on: ubuntu-latest
+    if: |
+      (github.event.action == 'opened') ||
+      (github.event.action == 'labeled' && github.event.label.name == 'claude-review') ||
+      (github.event.action == 'synchronize' && contains(github.event.pull_request.labels.*.name, 'claude-review'))
+
     permissions:
       contents: read
       pull-requests: read
@@ -27,16 +27,18 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 1
 
       - name: Run Claude Code Review
         id: claude-review
-        uses: anthropics/claude-code-action@v1
+        uses: anthropics/claude-code-action@beta
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          prompt: |
+
+          # Direct prompt for automated review (no @claude mention needed)
+          direct_prompt: |
             Please review this pull request and provide feedback on:
             - Code quality and best practices
             - Potential bugs or issues
@@ -46,8 +48,22 @@ jobs:
 
             Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
 
-            Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
+          # Use sticky comments to reuse the same comment on subsequent pushes to the same PR
+          use_sticky_comment: true
 
-          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
-          # or https://docs.anthropic.com/en/docs/claude-code/sdk#command-line for available options
-          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
+      - name: Remove claude-review label
+        # Remove label whether success or failure - prevents getting stuck
+        if: always() && github.event.action != 'opened'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            try {
+              await github.rest.issues.removeLabel({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                name: 'claude-review'
+              });
+            } catch (error) {
+              console.log('Label not found or already removed');
+            }

data/.github/workflows/claude.yml

@@ -26,7 +26,7 @@ jobs:
       actions: read # Required for Claude to read CI results on PRs
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 1
 

data/.rubocop.yml

@@ -48,7 +48,10 @@ Gemspec/DevelopmentDependencies:
   Enabled: true
 
 Layout/HashAlignment:
-  Enabled: false
+  Enabled: true
+  EnforcedHashRocketStyle: key
+  EnforcedColonStyle: separator
+  EnforcedLastArgumentHashStyle: always_ignore # Changed from ignore_implicit
 
 Lint/Void:
   Enabled: false

data/CHANGELOG.rst

@@ -1,17 +1,65 @@
 CHANGELOG.rst
 =============
 
-All notable changes to Otto are documented here.
-
-The format is based on `Keep a
-Changelog <https://keepachangelog.com/en/1.1.0/>`__, and this project
-adheres to `Semantic
-Versioning <https://semver.org/spec/v2.0.0.html>`__.
+The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.1.0/>`__, and this project adheres to `Semantic Versioning <https://semver.org/spec/v2.0.0.html>`__.
 
 .. raw:: html
 
    <!--scriv-insert-here-->
 
+.. _changelog-2.0.0.pre2:
+
+2.0.0.pre2 — 2025-10-11
+=======================
+
+Added
+-----
+
+- Added `StrategyResult` class with improved user model compatibility and cleaner API
+- Helper methods ``authenticated?``, ``has_role?``, ``has_permission?``, ``user_name``, ``session_id`` for cleaner Logic class implementation
+- Added JSON request body parsing support in Logic class handlers
+- Added new modular directory structure under ``lib/otto/security/``
+- Added backward compatibility aliases to maintain existing API compatibility
+- Added proper namespacing for authentication components and middleware classes
+
+Changed
+-------
+
+- **BREAKING**: Logic class constructor signature changed from ``initialize(session, user, params, locale)`` to ``initialize(context, params, locale)``
+- Logic classes now receive an immutable context object instead of separate session/user parameters
+- LogicClassHandler simplified to single arity pattern, removing backward compatibility code
+- Authentication middleware now creates `StrategyResult` instances for all requests
+- Replaced `RequestContext` with `StrategyResult` class for better authentication handling
+- Simplified authentication strategy API to return `StrategyResult` or `nil` for success/failure
+- Enhanced route handlers to support JSON request body parsing
+- Updated authentication middleware to use `StrategyResult` throughout
+- Reorganized Otto security module structure for better maintainability and separation of concerns
+- Moved authentication strategies to ``Otto::Security::Authentication::Strategies`` namespace
+- Moved security middleware to ``Otto::Security::Middleware`` namespace
+- Moved ``StrategyResult`` and ``FailureResult`` to ``Otto::Security::Authentication`` namespace
+
+Removed
+-------
+
+- Removed `RequestContext` class (which was introduced and then replaced by `StrategyResult` during this development cycle)
+- Removed `AuthResult` class from authentication system
+- Removed `ConcurrentCacheStore` example class for an ActiveSupport::Cache::MemoryStore-compatible interface with Rack::Attack
+- Removed OpenStruct dependency across the framework
+
+Documentation
+-------------
+
+- Updated migration guide with comprehensive examples for the new context object and step-by-step conversion instructions
+- Updated Logic class examples in advanced_routes and authentication_strategies to demonstrate new pattern
+- Enhanced documentation with API reference and helper method examples for the new context object
+
+AI Assistance
+-------------
+
+- AI-assisted architectural design for RequestContext Data class and security module reorganization
+- Comprehensive migration of Logic classes and documentation with AI guidance for consistency
+- Automated test validation and intelligent file organization following Ruby conventions
+
 .. _changelog-2.0.0-pre1:
 
 2.0.0-pre1 — 2025-09-10