plutonium 0.58.1 → 0.60.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4aacffd8e85ac820827b65cc219e00cded934d37d879756ea808a8f9ba86fc26
-  data.tar.gz: bc6d63a46c46f0f01b2351590b36ee54108a29372c4f9aa1d0d3922ab014f334
+  metadata.gz: 3fa2b8cea268efcf47ef9f1d599f0899ad89c86fb63b3bc7faa8451da9ddae14
+  data.tar.gz: 4c10a0e528713d73ab87012443ac6b1032c633487cf57b231bc1d956061b6aa0
 SHA512:
-  metadata.gz: d29f628a11fdff4163c3430d225912902d07481fef1bc23bdacb23390cda5a063a604a3432929938a1c37bf7afc04aea643f1c0400d99478be62314d3ec8be89
-  data.tar.gz: 52b66cfe37dde6f57dcb2cda8d8ab9369e585d0f8847d4af0e35b78f3af4bd5bad20a6c0de2840c872bc37fe34b45343538001308bd822c5f3bbc399b44e2b1b
+  metadata.gz: fdd98d0175ac22901548a4eb9dd82b52877aaec986dad07b635999a5b2a6bcccc52cc4b3034c85c3199657cd1c8c6dc496d6a8e9463b9f7de783fc504d8aa992
+  data.tar.gz: d59318593eb59b0976fb4a15f78b7a05a83c891ff0c2fb768610ee7ed8e6073f91812a6828b43ed19503d6b906431eb6b41b11cb5f1048c39cb2e638a277c9a5

data/.claude/skills/plutonium-auth/SKILL.md

@@ -70,7 +70,7 @@ rails generate pu:rodauth:account user [options]
 
 ### Admin account — `pu:rodauth:admin`
 
-Pre-configured secure admin with multi-phase login, required TOTP, recovery codes, lockout, active session tracking, audit logging, role-based access, invite interaction, and **no public signup**.
+Pre-configured secure admin with multi-phase login, required TOTP, recovery codes, lockout, active session tracking, audit logging, role-based access, invite + resend-invite interactions, and **no public signup**.
 
 ```bash
 rails generate pu:rodauth:admin admin
@@ -89,6 +89,12 @@ rails generate pu:rodauth:admin admin --extra-attributes=name:string,department:
 enum :role, super_admin: 0, admin: 1
 ```
 
+**Invite + resend actions.** The admin resource gets two actions:
+- **Invite** — invite a new admin by email; they set their password via the verification link.
+- **Resend invitation** — re-send that verification email, shown only for admins who haven't verified yet.
+
+This is Rodauth account verification — distinct from the tenancy invitation system (see [[plutonium-tenancy]]).
+
 Rake task for direct admin creation (namespace is `rodauth`, task name is the account name):
 
 ```bash

data/.claude/skills/plutonium-behavior/SKILL.md

@@ -375,6 +375,9 @@ end
 | `new?` | `create?` | Rarely needed |
 | `edit?` | `update?` | Rarely needed |
 | `search?` | `index?` | Search-specific rules |
+| `typeahead?` | `index?` | Autocomplete-specific rules |
+
+`export_csv?` is the exception — it defaults to `false` (not derived) so CSV export is strictly opt-in. Override it to `true` (or `index?`) to enable the built-in export. The exported column set is `permitted_attributes_for_export` (defaults to `permitted_attributes_for_index`). See [[plutonium-resource]] → CSV Export.
 
 ### Custom actions
 
@@ -423,6 +426,7 @@ end
 | `permitted_attributes_for_show` | `permitted_attributes_for_read` |
 | `permitted_attributes_for_new` | `permitted_attributes_for_create` |
 | `permitted_attributes_for_edit` | `permitted_attributes_for_update` |
+| `permitted_attributes_for_export` | `permitted_attributes_for_index` (CSV export columns; primary key is always prepended) |
 
 ### Per-action override
 

data/.claude/skills/plutonium-resource/SKILL.md

@@ -1290,6 +1290,55 @@ end
 - **Immediate** — interaction has only `:resource` (or `:resources`) and no other inputs. Shows an auto-generated browser confirmation (`"#{label}?"`, e.g. `"Archive?"`) on click, then runs. Pass `confirmation: "Custom message"` to override, or `confirmation: false` to skip.
 - **Form** — interaction declares extra `attribute`/`input` beyond `:resource`/`:resources`. Renders a modal form first; no auto-confirmation (the form itself is the confirmation step).
 
+## CSV Export (built-in)
+
+Every resource has a streamed CSV export, **disabled by default**. It is not declared
+with `action :export_csv` — it's a policy-gated capability with its own split button.
+The route (`GET /<resources>/export_csv`) is auto-mounted; the button appears on the
+index page once the policy permits it. Enable it by overriding one policy method:
+
+```ruby
+class PostPolicy < ResourcePolicy
+  def export_csv? = true          # or `index?` to mirror list access
+end
+```
+
+**Two exports** (split button in the index toolbar, after Filter):
+- **Export** (primary) — the current view: selected scope + filters + search (the
+  index's `?q`), all matching rows (not just the visible page). File: `posts_<date>.csv`.
+- **Export all** (dropdown) — the entire authorized scope, ignoring scope/filters/
+  search (`?all=1`). File: `posts_all_<date>.csv`.
+
+Both stream via `find_each` (memory-safe on large tables; primary-key order, so the
+file does not preserve the index sort).
+
+- **Columns** = `permitted_attributes_for_export` (defaults to the index columns),
+  with the **primary key always first**. Override to tailor:
+
+```ruby
+def permitted_attributes_for_export = [:title, :author, :total, :created_at]
+```
+
+- **Per-field output** — customize a cell's value and header in the definition with
+  the `export` DSL (parallels `display`/`column`):
+
+```ruby
+class PostDefinition < ResourceDefinition
+  export :author, label: "Author email", &->(post) { post.author.email }
+  export :total,                          &->(post) { post.total.format }
+end
+```
+
+- **Without** an `export` block a column is read off the record: scalars as-is,
+  associations as their `display_name_of` label (e.g. `User #5`, not `#<User:…>`). A
+  computed/virtual column with no real method **needs** an `export` block (a `label:`-only
+  `export` doesn't supply a value) — otherwise the cell renders `<<invalid column>>`.
+- **CSV/formula injection** is neutralized automatically (cells starting with `= + - @` or
+  tab/CR get a leading `'`).
+
+The button opens in a new tab (so the streamed download bypasses Turbo). Full reference:
+`docs/reference/resource/export.md`.
+
 ---
 
 ## Related Skills

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+## [0.60.0] - 2026-06-14
+
+### 🚀 Features
+
+- *(generators)* Add resend-invite action to rodauth admin
+- *(forms)* Form sectioning DSL (form_layout / section / ungrouped) (#61)
+## [0.59.0] - 2026-06-13
+
+### 🚀 Features
+
+- *(resource)* Add built-in policy-gated CSV export
+
+### 🐛 Bug Fixes
+
+- *(generators)* Configure solid_errors reading connection and env lookup
+- *(query)* Resolve association filter class via resource_class reflection
 ## [0.58.1] - 2026-06-10
 
 ### 🐛 Bug Fixes