RubyGems - plutonium - Versions diffs - 0.26.8 → 0.26.9 - Mend

plutonium 0.26.8 → 0.26.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/config/initializers/sqlite_alias.rb +3 -2
data/docs/.vitepress/config.ts +1 -1
data/docs/guide/{cursor-rules.md → claude-code-guide.md} +14 -15
data/docs/guide/tutorial/01-project-setup.md +1 -1
data/docs/guide/tutorial/04-creating-a-portal.md +1 -1
data/docs/modules/controller.md +45 -0
data/docs/modules/interaction.md +2 -2
data/docs/public/CLAUDE.md +535 -0
data/lib/plutonium/core/controller.rb +2 -0
data/lib/plutonium/interaction/README.md +1 -1
data/lib/plutonium/resource/controllers/crud_actions.rb +7 -7
data/lib/plutonium/resource/controllers/interactive_actions.rb +8 -8
data/lib/plutonium/version.rb +1 -1
metadata +4 -4
data/docs/public/plutonium.mdc +0 -565

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f500aadbdb233a0f38e68d3ce8d0ae90e6a27b68a5d63a5d96265cbaf82de602
-  data.tar.gz: d06ee6233d99cdcb0fa02bf413ec433f9a2820e694df1016c588e420e73860ff
+  metadata.gz: 798edf56262b9bfe08213c2871fa4fbf9e3efd49e88f6e803264daa700705af1
+  data.tar.gz: ebd25511c19d82df27c126e3aac448d33c6470d9e27574d9f6e94b76b74b97e1
 SHA512:
-  metadata.gz: 586131a1db61db7ec366d92d8f4c7bca6ccdfb17de6a022b6bb4157455a34e3f386f7c08eda31817dd6bb40bf12e2730dc45c7751df9229cfe785e40f6877406
-  data.tar.gz: 34b979b70fefb200982490c8f41df44dcd8f0b6804b63c4f691784ec6099a0b4c0b1446c3178512d0a57777ec9c4db8fd7031d0a15861d8f889e5d598343fa1f
+  metadata.gz: 33ef3085ddf812ba77df3e5fb8b9ba5e9e912d7a1577c66bd6c23627526d745e640bb30ff3c64bc83d07820035f7b36839db1dbe85822a08e02bcb976980e0ae
+  data.tar.gz: d0fd12b7b9e4e3a45942cccd5de1cb1ded0217837d364028f3b4453bdf2af383ce4a68e507491601525cbbf7c25fe99a0541afdba7dfd9dd9e6603b6f9c5cfe7

data/config/initializers/sqlite_alias.rb CHANGED Viewed

@@ -1,7 +1,8 @@
 # Alias json to jsonb in SQLite migrations
-ActiveSupport.on_load(:active_record) do
-  next unless ActiveRecord::Base.connection.adapter_name.downcase.include?("sqlite")
+return unless defined?(ActiveRecord::ConnectionAdapters::SQLite3)
+ActiveSupport.on_load(:active_record) do
   ActiveRecord::ConnectionAdapters::SQLite3::TableDefinition.class_eval do
     def jsonb(*args, **options)
       json(*args, **options)

data/docs/.vitepress/config.ts CHANGED Viewed

@@ -63,7 +63,7 @@ export default defineConfig(withMermaid({
         {
           text: "Developer Tools",
           items: [
-            { text: "Cursor Rules", link: "/guide/cursor-rules" },
+            { text: "Claude Code Guide", link: "/guide/claude-code-guide" },
           ]
         }
       ],

data/docs/guide/{cursor-rules.md → claude-code-guide.md} RENAMED Viewed

@@ -1,48 +1,47 @@
 ---
-title: Cursor Rules for Plutonium Development
+title: Claude Code Guide for Plutonium Development
 ---
 <script setup>
 import { withBase } from 'vitepress'
 </script>
-# Cursor Rules for Plutonium Development
+# Claude Code Guide for Plutonium Development
-This page provides comprehensive cursor rules for building Plutonium applications effectively. These rules are designed to help AI assistants and developers understand the framework's patterns and best practices.
+This page provides comprehensive development guidance for building Plutonium applications effectively. This guide is designed to help AI assistants and developers understand the framework's patterns and best practices.
 ## Quick Start
-**Download the Rules File**: <a :href="withBase('/plutonium.mdc')" target="_blank">📄 plutonium.mdc</a>
+**Download the CLAUDE.md File**: <a :href="withBase('/CLAUDE.md')" target="_blank">📄 CLAUDE.md</a>
 **Or download directly from your terminal**:
 ::: code-group
 ```bash [Unix/Linux/macOS/WSL]
-mkdir -p .cursor/rules && curl -o .cursor/rules/plutonium.mdc https://radioactive-labs.github.io/plutonium-core/plutonium.mdc
+curl -o CLAUDE.md https://radioactive-labs.github.io/plutonium-core/CLAUDE.md
 ```
 ```cmd [Windows]
-mkdir .cursor\rules 2>nul & curl -o .cursor\rules\plutonium.mdc https://radioactive-labs.github.io/plutonium-core/plutonium.mdc
+curl -o CLAUDE.md https://radioactive-labs.github.io/plutonium-core/CLAUDE.md
 ```
 :::
-## Using These Rules
+## Using This Guide
-Cursor uses Project Rules stored in `.cursor/rules/` directory:
+Claude Code uses CLAUDE.md files for project-specific context:
-1. **Download the rules file**: Right-click the link above and "Save As" to download the `.plutonium.mdc` file
-2. **Open Cursor Settings** → Rules → Project Rules
-3. **Click "Add new rule"** and give it a name (e.g., "plutonium")
-4. **Copy the downloaded content** into the new rule file
-5. The rule will be saved as `.cursor/rules/plutonium.mdc`
+1. **Download the guide**: Right-click the link above and "Save As" to download the `CLAUDE.md` file
+2. **Place in your project root** as `CLAUDE.md`
+3. **Claude Code automatically loads** this file for project context
+4. **Enhance with your own instructions** by adding project-specific details
-**Legacy Method**: You can also place the downloaded `.plutonium.mdc` file in your project root, but this method is deprecated.
+The guide provides comprehensive patterns and examples for building Plutonium applications with AI assistance.
 ## What's Included
-The cursor rules file contains comprehensive guidelines for:
+The CLAUDE.md guide contains comprehensive guidelines for:
 ### 🏗️ **Framework Architecture**
 - Resource-oriented development patterns

data/docs/guide/tutorial/01-project-setup.md CHANGED Viewed

@@ -63,7 +63,7 @@ plutonium_blog/
 Let's boot up the Rails server to make sure everything is working correctly.
 ```bash
-rails server
+bin/dev
 ```
 Open your web browser and navigate to [http://localhost:3000](http://localhost:3000). You should see the default Rails welcome page.

data/docs/guide/tutorial/04-creating-a-portal.md CHANGED Viewed

@@ -85,7 +85,7 @@ There's one last step. We need to tell our main Rails application how to handle
 ## See it in Action!
-Let's check our progress. Start your Rails server (`rails s`) and navigate to [http://localhost:3000](http://localhost:3000).
+Let's check our progress. Start your Rails server (`bin/dev`) and navigate to [http://localhost:3000](http://localhost:3000).
 You will be redirected to `/dashboard` and should see the login page.

data/docs/modules/controller.md CHANGED Viewed

@@ -120,6 +120,7 @@ end
 - **Enhanced Flash Messages**: Extended message types (`:success`, `:warning`, `:error`)
 - **View Integration**: Automatic view path resolution and layout management
 - **Resource Management**: Access to registered resources and metadata
+- **CSRF Protection**: Automatic CSRF protection with smart handling for API requests
 **Essential Methods:**
 ```ruby
@@ -385,6 +386,50 @@ resource_url_for(Post, parent: @user)     # => "/users/123/nested_posts"
 Plutonium automatically handles different response formats for you.
 It currently supports HTML, JSON, and Turbo Streams.
+### CSRF Protection
+Plutonium provides intelligent CSRF (Cross-Site Request Forgery) protection that automatically adapts to different request types:
+```ruby
+# Automatically configured in Plutonium::Core::Controller
+protect_from_forgery with: :null_session, if: -> { request.headers['Authorization'].present? }
+```
+**How It Works:**
+- **Session-based requests** (typical web forms, SPA AJAX calls): Full CSRF protection is enforced
+- **Token-based requests** (API calls with Authorization headers): CSRF protection is skipped using `:null_session`
+**Security Benefits:**
+- SPAs using session cookies remain protected against CSRF attacks
+- API clients using Bearer tokens, Basic auth, or other Authorization headers bypass CSRF (as intended)
+- No configuration needed - works automatically based on request characteristics
+**Authorization Header Examples:**
+```http
+# These requests will skip CSRF protection:
+Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...
+Authorization: Basic dXNlcjpwYXNzd29yZA==
+Authorization: ApiKey abc123
+```
+**For SPA Development:**
+If your SPA uses session-based authentication, include CSRF tokens in your AJAX requests:
+```javascript
+// Include CSRF token in meta tags
+<%= csrf_meta_tags %>
+// Send token in AJAX requests
+fetch('/api/posts', {
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'X-CSRF-Token': document.querySelector('[name="csrf-token"]').content
+  },
+  body: JSON.stringify(data)
+})
+```
 ## Related Modules
 The Controller module works seamlessly with other Plutonium components:

data/docs/modules/interaction.md CHANGED Viewed

@@ -119,7 +119,7 @@ Handles controller responses after successful interactions.
 **Render Response**
 ```ruby
 .with_render_response(:show, locals: { user: user })
-.with_render_response(:edit, status: :unprocessable_entity)
+.with_render_response(:edit, status: :unprocessable_content)
 ```
 **File Response**
@@ -147,7 +147,7 @@ class ApplicationController < ActionController::Base
       end
     else
       outcome.messages.each { |msg, type| flash.now[type || :error] = msg }
-      render json: { errors: outcome.errors }, status: :unprocessable_entity
+      render json: { errors: outcome.errors }, status: :unprocessable_content
     end
   end
 end