plutonium 0.47.0 → 0.49.0

data/config/initializers/pagy.rb

@@ -3,4 +3,4 @@ require "pagy/toolbox/helpers/support/series"
 
 # Allow clients to override the page size via the `limit` param.
 # Without this, Pagy::Request#resolve_limit ignores the param entirely.
-Pagy::OPTIONS[:client_max_limit] = 100
+Pagy::OPTIONS[:max_limit] = 100

data/docs/public/templates/plutonium.rb

@@ -23,6 +23,9 @@ after_bundle do
   generate "pu:gem:letter_opener"
   git(add: ".") && git(commit: %( -m 'add letter_opener' ))
 
+  generate "pu:gem:actual_db_schema"
+  git(add: ".") && git(commit: %( -m 'add actual_db_schema' ))
+
   generate "pu:core:assets"
   git(add: ".") && git(commit: %( -m 'integrate assets' ))
 end

data/gemfiles/rails_7.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    plutonium (0.45.3)
+    plutonium (0.48.0)
       action_policy (~> 0.7.0)
       listen (~> 3.8)
       pagy (~> 43.0)
@@ -100,6 +100,8 @@ GEM
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
+    addressable (2.9.0)
+      public_suffix (>= 2.0.2, < 8.0)
     ansi (1.5.0)
     appraisal (2.5.0)
       bundler
@@ -118,6 +120,15 @@ GEM
     bundler-audit (0.9.3)
       bundler (>= 1.2.0)
       thor (~> 1.0)
+    capybara (3.40.0)
+      addressable
+      matrix
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.11)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (>= 1.5, < 3.0)
+      xpath (~> 3.2)
     cgi (0.5.1)
     chunky_png (1.4.0)
     combustion (1.5.0)
@@ -174,6 +185,7 @@ GEM
       net-pop
       net-smtp
     marcel (1.1.0)
+    matrix (0.4.3)
     mini_mime (1.1.5)
     minitest (6.0.2)
       drb (~> 2.0)
@@ -265,6 +277,7 @@ GEM
     psych (5.3.1)
       date
       stringio
+    public_suffix (7.0.5)
     puma (7.2.0)
       nio4r (~> 2.0)
     rabl (0.17.0)
@@ -325,6 +338,7 @@ GEM
     regexp_parser (2.11.3)
     reline (0.6.3)
       io-console (~> 0.5)
+    rexml (3.4.4)
     roda (3.102.0)
       rack
     rodauth (2.42.0)
@@ -362,7 +376,14 @@ GEM
       rubocop-ast (>= 1.47.1, < 2.0)
     ruby-next-core (1.2.0)
     ruby-progressbar (1.13.0)
+    rubyzip (3.2.2)
     securerandom (0.4.1)
+    selenium-webdriver (4.43.0)
+      base64 (~> 0.2)
+      logger (~> 1.4)
+      rexml (~> 3.2, >= 3.2.5)
+      rubyzip (>= 1.2.2, < 4.0)
+      websocket (~> 1.0)
     semantic_range (3.1.1)
     sequel (5.102.0)
       bigdecimal
@@ -419,11 +440,14 @@ GEM
     unicode-emoji (4.2.0)
     uri (1.1.1)
     useragent (0.16.11)
+    websocket (1.2.11)
     websocket-driver (0.8.0)
       base64
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     wisper (2.0.1)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
     yaml (0.4.0)
     zeitwerk (2.7.5)
 
@@ -442,6 +466,7 @@ DEPENDENCIES
   bcrypt
   brakeman
   bundle-audit
+  capybara
   combustion
   importmap-rails
   minitest
@@ -454,6 +479,7 @@ DEPENDENCIES
   rodauth-rails
   rotp
   rqrcode
+  selenium-webdriver
   sequel-activerecord_connection
   sqlite3
   standard

data/gemfiles/rails_8.0.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    plutonium (0.45.3)
+    plutonium (0.48.0)
       action_policy (~> 0.7.0)
       listen (~> 3.8)
       pagy (~> 43.0)
@@ -98,6 +98,8 @@ GEM
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
+    addressable (2.9.0)
+      public_suffix (>= 2.0.2, < 8.0)
     ansi (1.5.0)
     appraisal (2.5.0)
       bundler
@@ -116,6 +118,15 @@ GEM
     bundler-audit (0.9.3)
       bundler (>= 1.2.0)
       thor (~> 1.0)
+    capybara (3.40.0)
+      addressable
+      matrix
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.11)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (>= 1.5, < 3.0)
+      xpath (~> 3.2)
     chunky_png (1.4.0)
     combustion (1.5.0)
       activesupport (>= 3.0.0)
@@ -164,6 +175,7 @@ GEM
       net-pop
       net-smtp
     marcel (1.1.0)
+    matrix (0.4.3)
     mini_mime (1.1.5)
     minitest (6.0.2)
       drb (~> 2.0)
@@ -241,6 +253,7 @@ GEM
     psych (5.3.1)
       date
       stringio
+    public_suffix (7.0.5)
     puma (7.2.0)
       nio4r (~> 2.0)
     rabl (0.17.0)
@@ -300,6 +313,7 @@ GEM
     regexp_parser (2.11.3)
     reline (0.6.3)
       io-console (~> 0.5)
+    rexml (3.4.4)
     roda (3.102.0)
       rack
     rodauth (2.42.0)
@@ -337,7 +351,14 @@ GEM
       rubocop-ast (>= 1.47.1, < 2.0)
     ruby-next-core (1.2.0)
     ruby-progressbar (1.13.0)
+    rubyzip (3.2.2)
     securerandom (0.4.1)
+    selenium-webdriver (4.43.0)
+      base64 (~> 0.2)
+      logger (~> 1.4)
+      rexml (~> 3.2, >= 3.2.5)
+      rubyzip (>= 1.2.2, < 4.0)
+      websocket (~> 1.0)
     semantic_range (3.1.1)
     sequel (5.102.0)
       bigdecimal
@@ -387,11 +408,14 @@ GEM
     unicode-emoji (4.2.0)
     uri (1.1.1)
     useragent (0.16.11)
+    websocket (1.2.11)
     websocket-driver (0.8.0)
       base64
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     wisper (2.0.1)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
     yaml (0.4.0)
     zeitwerk (2.7.5)
 
@@ -403,6 +427,7 @@ DEPENDENCIES
   bcrypt
   brakeman
   bundle-audit
+  capybara
   combustion
   importmap-rails
   minitest
@@ -415,6 +440,7 @@ DEPENDENCIES
   rodauth-rails
   rotp
   rqrcode
+  selenium-webdriver
   sequel-activerecord_connection
   sqlite3
   standard

data/gemfiles/rails_8.1.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    plutonium (0.46.0)
+    plutonium (0.48.0)
       action_policy (~> 0.7.0)
       listen (~> 3.8)
       pagy (~> 43.0)
@@ -101,6 +101,8 @@ GEM
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
+    addressable (2.9.0)
+      public_suffix (>= 2.0.2, < 8.0)
     ansi (1.5.0)
     appraisal (2.5.0)
       bundler
@@ -118,6 +120,15 @@ GEM
     bundler-audit (0.9.3)
       bundler (>= 1.2.0)
       thor (~> 1.0)
+    capybara (3.40.0)
+      addressable
+      matrix
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.11)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (>= 1.5, < 3.0)
+      xpath (~> 3.2)
     chunky_png (1.4.0)
     combustion (1.5.0)
       activesupport (>= 3.0.0)
@@ -166,6 +177,7 @@ GEM
       net-pop
       net-smtp
     marcel (1.1.0)
+    matrix (0.4.3)
     mini_mime (1.1.5)
     minitest (6.0.2)
       drb (~> 2.0)
@@ -243,6 +255,7 @@ GEM
     psych (5.3.1)
       date
       stringio
+    public_suffix (7.0.5)
     puma (7.2.0)
       nio4r (~> 2.0)
     rabl (0.17.0)
@@ -302,6 +315,7 @@ GEM
     regexp_parser (2.11.3)
     reline (0.6.3)
       io-console (~> 0.5)
+    rexml (3.4.4)
     roda (3.102.0)
       rack
     rodauth (2.42.0)
@@ -339,7 +353,14 @@ GEM
       rubocop-ast (>= 1.47.1, < 2.0)
     ruby-next-core (1.2.0)
     ruby-progressbar (1.13.0)
+    rubyzip (3.2.2)
     securerandom (0.4.1)
+    selenium-webdriver (4.43.0)
+      base64 (~> 0.2)
+      logger (~> 1.4)
+      rexml (~> 3.2, >= 3.2.5)
+      rubyzip (>= 1.2.2, < 4.0)
+      websocket (~> 1.0)
     semantic_range (3.1.1)
     sequel (5.102.0)
       bigdecimal
@@ -389,11 +410,14 @@ GEM
     unicode-emoji (4.2.0)
     uri (1.1.1)
     useragent (0.16.11)
+    websocket (1.2.11)
     websocket-driver (0.8.0)
       base64
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     wisper (2.0.1)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
     yaml (0.4.0)
     zeitwerk (2.7.5)
 
@@ -405,6 +429,7 @@ DEPENDENCIES
   bcrypt
   brakeman
   bundle-audit
+  capybara
   combustion
   importmap-rails
   minitest
@@ -417,6 +442,7 @@ DEPENDENCIES
   rodauth-rails
   rotp
   rqrcode
+  selenium-webdriver
   sequel-activerecord_connection
   sqlite3
   standard

data/lib/generators/pu/gem/actual_db_schema/actual_db_schema_generator.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require_relative "../../lib/plutonium_generators"
+
+module Pu
+  module Gem
+    # Installs actual_db_schema, which tracks phantom migrations across git
+    # branches so switching branches with diverging migration sets doesn't
+    # leave db/schema.rb out of sync.
+    #
+    # https://github.com/share-group/actual_db_schema
+    class ActualDbSchemaGenerator < Rails::Generators::Base
+      include PlutoniumGenerators::Generator
+
+      desc "Install the actual_db_schema gem"
+
+      def start
+        bundle "actual_db_schema", group: %i[development test]
+      rescue => e
+        exception "#{self.class} failed:", e
+      end
+    end
+  end
+end

data/lib/generators/pu/lib/plutonium_generators/concerns/configures_sqlite.rb

@@ -55,7 +55,7 @@ module PlutoniumGenerators
           end.compact!
         end
 
-        def new_database(name, migrations_paths: nil)
+        def new_database(name, migrations_paths: nil, schema_dump: nil)
           migrations_paths ||= "db/#{name}_migrate"
           db = Psych::Nodes::Mapping.new(name)
           db.children.concat [
@@ -66,6 +66,12 @@ module PlutoniumGenerators
             Psych::Nodes::Scalar.new("database"),
             Psych::Nodes::Scalar.new("storage/<%= Rails.env %>-#{name}.sqlite3")
           ]
+          unless schema_dump.nil?
+            db.children.concat [
+              Psych::Nodes::Scalar.new("schema_dump"),
+              Psych::Nodes::Scalar.new(schema_dump.to_s)
+            ]
+          end
           "\n" + emit_pair(Psych::Nodes::Scalar.new(name), db)
         end
 
@@ -91,10 +97,10 @@ module PlutoniumGenerators
         @database_yaml ||= DatabaseYAML.new(path: File.expand_path("config/database.yml", destination_root))
       end
 
-      def add_sqlite_database(name, migrations_paths: nil)
+      def add_sqlite_database(name, migrations_paths: nil, schema_dump: nil)
         # Define the new database configuration
         insert_into_file "config/database.yml",
-          database_yaml.new_database(name, migrations_paths: migrations_paths) + "\n",
+          database_yaml.new_database(name, migrations_paths: migrations_paths, schema_dump: schema_dump) + "\n",
           after: database_yaml.database_def_regex("default"),
           verbose: false,
           force: false

data/lib/generators/pu/lite/rails_pulse/rails_pulse_generator.rb

@@ -51,10 +51,13 @@ module Pu
         end
 
         # Then add database config
-        add_sqlite_database(@db_name, migrations_paths: "db/rails_pulse_migrate")
+        add_sqlite_database(@db_name, migrations_paths: "db/rails_pulse_migrate", schema_dump: false)
 
-        # Finally prepare the database (runs migration that loads schema)
-        prepare_database(@db_name)
+        # rails_pulse ships a callable schema lambda; load it idempotently
+        # against the rails_pulse connection.
+        Bundler.with_unbundled_env do
+          run "bin/rails db:schema:load_rails_pulse"
+        end
       end
 
       def mount_rails_pulse_engine

data/lib/generators/pu/lite/rails_pulse/templates/config/initializers/rails_pulse.rb.tt

@@ -6,6 +6,24 @@ RailsPulse.configure do |config|
 
   # Asset tracking (disable to reduce noise)
   config.track_assets = false
+
+  # Background job tracking (off by default in the gem; enabling mounts /jobs)
+  config.track_jobs = true
+
+  # Don't capture job arguments — they may contain sensitive data
+  config.capture_job_arguments = false
+
+  # Match the engine mount so Pulse doesn't self-track its own dashboard
+  config.mount_path = "<%= options[:route] %>"
+
+  # Auth is handled upstream by ManagementConstraint in routes.rb;
+  # disable the gem's built-in auth to avoid double prompts.
+  config.authentication_enabled = false
+
+  # Skip Rails' default health check and other mounted management engines
+  # (mission_control-jobs, solid_errors, litestream, etc.) so they don't
+  # pollute the application route list.
+  config.ignored_routes = ["/up", "/cable", %r{^/manage/}]
 <%- if options[:database] -%>
 
   # Use separate database for performance data

data/lib/plutonium/action/interactive.rb

@@ -31,7 +31,8 @@ module Plutonium
       #
       # @return [String, nil] The confirmation message or nil if not applicable
       def confirmation
-        super || (@immediate ? "#{label}?" : nil)
+        return @confirmation unless @confirmation.nil?
+        @immediate ? "#{label}?" : nil
       end
 
       # Factory for creating Interactive actions

data/lib/plutonium/core/controller.rb

@@ -18,7 +18,14 @@ module Plutonium
               raise exception
             end
             format.any do
-              @errors = ActiveModel::Errors.new(exception.policy.record)
+              # ActionPolicy stores the policy *class* on the exception
+              # (see ActionPolicy::Unauthorized#initialize), so reach for the
+              # live policy instance instead. Its record may itself be a Class
+              # for collection actions where no record is loaded — instantiate
+              # so ActiveModel::Errors has a real model instance to work with.
+              record = current_policy.record
+              record = record.new if record.is_a?(Class)
+              @errors = ActiveModel::Errors.new(record)
               @errors.add(:base, :unauthorized, message: exception.result.message)
               render "errors", status: :forbidden
             end
@@ -248,8 +255,8 @@ module Plutonium
         end
 
         # Build named route helper, mirroring the pattern used by build_nested_resource_url_args.
-        # e.g., "organization_scope_widgets" (collection), "organization_scope_widget" (member),
-        #        "edit_organization_scope_widget" (edit action)
+        # e.g., "organization_scoped_widgets" (collection), "organization_scoped_widget" (member),
+        #        "edit_organization_scoped_widget" (edit action)
         is_collection_action = action == :index || action == :create || (no_record && action != :new)
         helper_base = if is_singular || is_collection_action
           model_class.model_name.plural

data/lib/plutonium/engine.rb

@@ -19,7 +19,7 @@ module Plutonium
         # time — they're stable strings and don't depend on the live class
         # identity, so caching them is safe.
         resolved = @scoped_entity_class_name.constantize
-        @scoped_entity_param_key = param_key || :"#{resolved.model_name.singular_route_key}_scope"
+        @scoped_entity_param_key = param_key || :"#{resolved.model_name.singular_route_key}_scoped"
         @scoped_entity_route_key = route_key || resolved.model_name.singular.to_sym
       end
 

data/lib/plutonium/helpers/turbo_stream_actions_helper.rb

@@ -2,7 +2,26 @@ module Plutonium
   module Helpers
     module TurboStreamActionsHelper
       def turbo_stream_redirect(url)
-        turbo_stream_action_tag :redirect, url:
+        if turbo_stream_redirect_same_page?(url)
+          turbo_stream_action_tag :refresh
+        else
+          turbo_stream_action_tag :redirect, url:
+        end
+      end
+
+      private
+
+      def turbo_stream_redirect_same_page?(url)
+        return false if request.referer.blank?
+        turbo_stream_redirect_normalize_url(url) == turbo_stream_redirect_normalize_url(request.referer)
+      end
+
+      def turbo_stream_redirect_normalize_url(url)
+        uri = URI.parse(url.to_s)
+        path = uri.path.to_s.chomp("/").presence || "/"
+        [path, uri.query].compact.join("?")
+      rescue URI::InvalidURIError
+        url.to_s
       end
     end
   end

data/lib/plutonium/rodauth/controller_methods.rb

@@ -15,7 +15,11 @@ module Plutonium
       private
 
       def root_path
-        rodauth.login_redirect
+        if main_app.routes.url_helpers.respond_to?(:root_path)
+          main_app.root_path
+        else
+          rodauth.login_redirect
+        end
       end
     end
   end

data/lib/plutonium/ui/action_button.rb

@@ -64,7 +64,7 @@ module Plutonium
           form: {
             data: {
               turbo: @action.turbo,
-              turbo_confirm: @action.confirmation,
+              turbo_confirm: @action.confirmation.presence,
               turbo_frame: @action.turbo_frame
             }
           }

data/lib/plutonium/ui/color_mode_selector.rb

@@ -6,32 +6,21 @@ module Plutonium
     # @example Basic usage
     #   render ColorModeSelector.new
     class ColorModeSelector < Plutonium::UI::Component::Base
-      # Common CSS classes used across the component
-      COMMON_CLASSES = {
-        button: "inline-flex justify-center items-center p-2 text-[var(--pu-text-muted)] rounded-[var(--pu-radius-md)] cursor-pointer hover:text-[var(--pu-text)] hover:bg-[var(--pu-surface-alt)] transition-colors duration-200",
-        icon: "w-5 h-5"
-      }.freeze
+      BUTTON_CLASSES = "inline-flex justify-center items-center p-2 text-[var(--pu-text-muted)] rounded-[var(--pu-radius-md)] cursor-pointer hover:text-[var(--pu-text)] hover:bg-[var(--pu-surface-alt)] transition-colors duration-200"
+      ICON_SIZE = 18
+      ICON_STROKE = 1.5
 
-      # Available color modes with their associated icons and actions
-      COLOR_MODES = [
-        {mode: "light", icon: Phlex::TablerIcons::Sun, action: "setLightColorMode"},
-        {mode: "dark", icon: Phlex::TablerIcons::Moon, action: "setDarkColorMode"}
-      ].freeze
-
-      # Renders the color mode selector
-      # @return [void]
       def view_template
         button(
           type: "button",
-          class: COMMON_CLASSES[:button],
+          class: BUTTON_CLASSES,
           data_controller: "color-mode",
           data_action: "click->color-mode#toggleMode",
-          data_color_mode_current_value: "light", # Default to light mode
           title: "Toggle color mode"
         ) do
-          # Both icons rendered, only one visible at a time
-          render Phlex::TablerIcons::Sun.new(class: "#{COMMON_CLASSES[:icon]} color-mode-icon-light", data: {color_mode_icon: "light"})
-          render Phlex::TablerIcons::Moon.new(class: "#{COMMON_CLASSES[:icon]} color-mode-icon-dark", data: {color_mode_icon: "dark"})
+          render Phlex::TablerIcons::DeviceDesktop.new(size: ICON_SIZE, stroke: ICON_STROKE, class: "color-mode-icon-auto")
+          render Phlex::TablerIcons::Sun.new(size: ICON_SIZE, stroke: ICON_STROKE, class: "color-mode-icon-light hidden")
+          render Phlex::TablerIcons::Moon.new(size: ICON_SIZE, stroke: ICON_STROKE, class: "color-mode-icon-dark hidden")
         end
       end
     end

data/lib/plutonium/ui/layout/rodauth_layout.rb

@@ -15,6 +15,12 @@ module Plutonium
           class: "flex flex-col items-center justify-center gap-2 px-6 py-8 mx-auto lg:py-0"
         })
 
+        def render_before_main
+          div(class: "absolute top-4 right-4") {
+            render Plutonium::UI::ColorModeSelector.new
+          }
+        end
+
         def render_content(&)
           render_logo
 

data/lib/plutonium/ui/table/components/pagy_info.rb

@@ -55,7 +55,7 @@ module Plutonium
           end
 
           def page_url(limit)
-            @pagy.page_url(@pagy.page, limit: limit, client_max_limit: limit)
+            @pagy.page_url(@pagy.page, limit: limit, max_limit: limit)
           end
         end
       end

data/lib/plutonium/version.rb

@@ -1,5 +1,5 @@
 module Plutonium
-  VERSION = "0.47.0"
+  VERSION = "0.49.0"
   NEXT_MAJOR_VERSION = VERSION.split(".").tap { |v|
     v[1] = v[1].to_i + 1
     v[2] = 0

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@radioactive-labs/plutonium",
-  "version": "0.47.0",
+  "version": "0.49.0",
   "description": "Build production-ready Rails apps in minutes, not days. Convention-driven, fully customizable, AI-ready.",
   "type": "module",
   "main": "src/js/core.js",

data/plutonium.gemspec

@@ -16,6 +16,22 @@ Gem::Specification.new do |spec|
 
   spec.metadata["allowed_push_host"] = "https://rubygems.org"
 
+  spec.post_install_message = <<~MSG
+    ⚠️  Plutonium #{Plutonium::VERSION} — breaking change
+
+    Entity-scoped URL helpers and path params have been renamed from
+    `<entity>_scope_*` to `<entity>_scoped_*`.
+
+    Examples:
+      organization_scope_widgets_path  →  organization_scoped_widgets_path
+      params[:organization_scope]      →  params[:organization_scoped]
+
+    If you reference these helpers or params directly (e.g. in tests, custom
+    redirects, or hand-written links), update them to the new names.
+
+    Apps that only use `resource_url_for` are unaffected.
+  MSG
+
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "https://github.com/radioactive-labs/plutonium-core"
   # spec.metadata["changelog_uri"] = "https://google.com"
@@ -60,6 +76,8 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundle-audit"
   spec.add_development_dependency "appraisal"
   spec.add_development_dependency "combustion"
+  spec.add_development_dependency "capybara"
+  spec.add_development_dependency "selenium-webdriver"
 
   # For more information and examples about making a new gem, check out our
   # guide at: https://bundler.io/guides/creating_gem.html