rhales 0.4.0 → 0.5.3

metadata

@@ -1,14 +1,56 @@
 --- !ruby/object:Gem::Specification
 name: rhales
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.3
 platform: ruby
 authors:
 - delano
 bindir: exe
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json_schemer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: tilt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
 description: |
   Rhales is a framework for building server-rendered components with
   client-side data hydration using .rue files called RSFCs (Ruby
@@ -23,39 +65,115 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- CLAUDE.locale.txt
+- ".github/renovate.json5"
+- ".github/workflows/ci.yml"
+- ".github/workflows/claude-code-review.yml"
+- ".github/workflows/claude.yml"
+- ".github/workflows/code-smells.yml"
+- ".github/workflows/ruby-lint.yml"
+- ".github/workflows/yardoc.yml"
+- ".gitignore"
+- ".pr_agent.toml"
+- ".pre-commit-config.yaml"
+- ".prettierignore"
+- ".prettierrc"
+- ".reek.yml"
+- ".rubocop.yml"
+- ".serena/.gitignore"
+- ".yardopts"
+- CHANGELOG.md
 - CLAUDE.md
+- Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
+- Rakefile
+- debug_context.rb
+- demo/rhales-roda-demo/.gitignore
+- demo/rhales-roda-demo/Gemfile
+- demo/rhales-roda-demo/Gemfile.lock
+- demo/rhales-roda-demo/MAIL.md
+- demo/rhales-roda-demo/README.md
+- demo/rhales-roda-demo/RODA-TEMPLATE-ENGINES.md
+- demo/rhales-roda-demo/Rakefile
+- demo/rhales-roda-demo/app.rb
+- demo/rhales-roda-demo/bin/rackup
+- demo/rhales-roda-demo/config.ru
+- demo/rhales-roda-demo/db/migrate/001_create_rodauth_tables.rb
+- demo/rhales-roda-demo/db/migrate/002_create_rodauth_password_tables.rb
+- demo/rhales-roda-demo/db/migrate/003_add_admin_account.rb
+- demo/rhales-roda-demo/templates/change_login.rue
+- demo/rhales-roda-demo/templates/change_password.rue
+- demo/rhales-roda-demo/templates/close_account.rue
+- demo/rhales-roda-demo/templates/create_account.rue
+- demo/rhales-roda-demo/templates/dashboard.rue
+- demo/rhales-roda-demo/templates/home.rue
+- demo/rhales-roda-demo/templates/layouts/main.rue
+- demo/rhales-roda-demo/templates/login.rue
+- demo/rhales-roda-demo/templates/logout.rue
+- demo/rhales-roda-demo/templates/reset_password.rue
+- demo/rhales-roda-demo/templates/verify_account.rue
+- demo/rhales-roda-demo/test_full_output.rb
+- demo/rhales-roda-demo/test_simple.rb
+- docs/.gitignore
+- docs/architecture/data-flow.md
+- examples/dashboard-with-charts.rue
+- examples/form-with-validation.rue
+- examples/simple-page.rue
+- examples/vue.rue
+- generate-json-schemas.ts
+- json_schemer_migration_summary.md
 - lib/rhales.rb
+- lib/rhales/adapters.rb
 - lib/rhales/adapters/base_auth.rb
 - lib/rhales/adapters/base_request.rb
 - lib/rhales/adapters/base_session.rb
 - lib/rhales/configuration.rb
-- lib/rhales/context.rb
-- lib/rhales/csp.rb
-- lib/rhales/earliest_injection_detector.rb
+- lib/rhales/core.rb
+- lib/rhales/core/context.rb
+- lib/rhales/core/rue_document.rb
+- lib/rhales/core/template_engine.rb
+- lib/rhales/core/view.rb
+- lib/rhales/core/view_composition.rb
 - lib/rhales/errors.rb
 - lib/rhales/errors/hydration_collision_error.rb
-- lib/rhales/hydration_data_aggregator.rb
-- lib/rhales/hydration_endpoint.rb
-- lib/rhales/hydration_injector.rb
-- lib/rhales/hydration_registry.rb
-- lib/rhales/hydrator.rb
-- lib/rhales/link_based_injection_detector.rb
-- lib/rhales/mount_point_detector.rb
-- lib/rhales/parsers/handlebars-grammar-review.txt
+- lib/rhales/hydration.rb
+- lib/rhales/hydration/earliest_injection_detector.rb
+- lib/rhales/hydration/hydration_data_aggregator.rb
+- lib/rhales/hydration/hydration_endpoint.rb
+- lib/rhales/hydration/hydration_injector.rb
+- lib/rhales/hydration/hydration_registry.rb
+- lib/rhales/hydration/hydrator.rb
+- lib/rhales/hydration/link_based_injection_detector.rb
+- lib/rhales/hydration/mount_point_detector.rb
+- lib/rhales/hydration/safe_injection_validator.rb
+- lib/rhales/integrations.rb
+- lib/rhales/integrations/refinements/require_refinements.rb
+- lib/rhales/integrations/tilt.rb
+- lib/rhales/middleware.rb
+- lib/rhales/middleware/json_responder.rb
+- lib/rhales/middleware/schema_validator.rb
+- lib/rhales/parsers.rb
 - lib/rhales/parsers/handlebars_parser.rb
 - lib/rhales/parsers/rue_format_parser.rb
-- lib/rhales/refinements/require_refinements.rb
-- lib/rhales/rue_document.rb
-- lib/rhales/safe_injection_validator.rb
-- lib/rhales/template_engine.rb
-- lib/rhales/tilt.rb
+- lib/rhales/security/csp.rb
+- lib/rhales/utils.rb
+- lib/rhales/utils/json_serializer.rb
+- lib/rhales/utils/logging_helpers.rb
+- lib/rhales/utils/schema_extractor.rb
+- lib/rhales/utils/schema_generator.rb
 - lib/rhales/version.rb
-- lib/rhales/view.rb
-- lib/rhales/view_composition.rb
+- lib/tasks/rhales_schema.rake
+- package.json
+- pnpm-lock.yaml
+- pnpm-workspace.yaml
+- proofs/error_handling.rb
+- proofs/expanded_object_inheritance.rb
+- proofs/partial_context_scoping_fix.rb
+- proofs/ui_context_partial_inheritance.rb
 - rhales.gemspec
+- schema_vs_data_comparison.md
+- test_direct_access.rb
 homepage: https://github.com/onetimesecret/rhales
 licenses:
 - MIT
@@ -71,14 +189,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.4.0
+      version: 3.3.4
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 3.7.2
 specification_version: 4
 summary: Rhales - Server-rendered components with client-side hydration (RSFCs)
 test_files: []

data/CLAUDE.locale.txt

@@ -1,7 +0,0 @@
-Our own private local claude notes. Not read by claude or checked in.
-
-https://claudelog.com/mechanics/plan-mode
-https://handlebars-lang.github.io/spec/#sec-handlebars-specification-statements
-https://github.com/jeremyevans/rodauth/tree/588b865cf70c7f327f0f24a4e277dfe787a6674f/doc
-https://docs.anthropic.com/en/docs/claude-code/hooks#subagentstop
-https://www.anthropic.com/engineering/claude-code-best-practices

data/lib/rhales/context.rb

@@ -1,239 +0,0 @@
-# lib/rhales/context.rb
-
-require_relative 'configuration'
-require_relative 'adapters/base_auth'
-require_relative 'adapters/base_session'
-require_relative 'adapters/base_request'
-require_relative 'csp'
-
-module Rhales
-    # RSFCContext provides a clean interface for RSFC templates to access
-    # server-side data. Follows the established pattern from InitScriptContext
-    # and EnvironmentContext for focused, single-responsibility context objects.
-    #
-    # The context provides two layers of data:
-    # 1. App: Framework-provided data (CSRF tokens, authentication, config)
-    # 2. Props: Application data passed to the view (user, content, features)
-    #
-    # App data is accessible as both direct variables and through the app.* namespace.
-    # Props take precedence over app data for variable resolution.
-    #
-    # One RSFCContext instance is created per page render and shared across
-    # the main template and all partials to maintain security boundaries.
-    class Context
-      attr_reader :req, :sess, :cust, :locale, :props, :config, :app_data
-
-      def initialize(req, sess = nil, cust = nil, locale_override = nil, props: {}, config: nil)
-        @req           = req
-        @sess          = sess || default_session
-        @cust          = cust || default_customer
-        @config        = config || Rhales.configuration
-        @locale        = locale_override || @config.default_locale
-
-        # Normalize props keys to strings for consistent access
-        @props = normalize_keys(props).freeze
-
-        # Build context layers (two-layer model: app + props)
-        @app_data = build_app_data.freeze
-
-        # Pre-compute all_data before freezing
-        # Props take precedence over app data, and add app namespace
-        @all_data = @app_data.merge(@props).merge({ 'app' => @app_data }).freeze
-
-        # Make context immutable after creation
-        freeze
-      end
-
-      # Get variable value with dot notation support (e.g., "user.id", "features.account_creation")
-      def get(variable_path)
-        path_parts    = variable_path.split('.')
-        current_value = all_data
-
-        path_parts.each do |part|
-          case current_value
-          when Hash
-            if current_value.key?(part)
-              current_value = current_value[part]
-            elsif current_value.key?(part.to_sym)
-              current_value = current_value[part.to_sym]
-            else
-              return nil
-            end
-          when Object
-            if current_value.respond_to?(part)
-              current_value = current_value.public_send(part)
-            elsif current_value.respond_to?("#{part}?")
-              current_value = current_value.public_send("#{part}?")
-            else
-              return nil
-            end
-          else
-            return nil
-          end
-
-          return nil if current_value.nil?
-        end
-
-        current_value
-      end
-
-      # Get all available data (runtime + business + computed)
-      attr_reader :all_data
-
-      # Check if variable exists
-      def variable?(variable_path)
-        !get(variable_path).nil?
-      end
-
-      # Get list of all available variable paths (for validation)
-      def available_variables
-        collect_variable_paths(all_data)
-      end
-
-      # Resolve variable (alias for get method for hydrator compatibility)
-      def resolve_variable(variable_path)
-        get(variable_path)
-      end
-
-    private
-
-      # Build consolidated app data (replaces runtime_data + computed_data)
-      def build_app_data
-        app = {}
-
-        # Request context (from current runtime_data)
-        if req && req.respond_to?(:env) && req.env
-          app['csrf_token'] = req.env.fetch(@config.csrf_token_name, nil)
-          app['nonce'] = get_or_generate_nonce
-          app['request_id'] = req.env.fetch('request_id', nil)
-          app['domain_strategy'] = req.env.fetch('domain_strategy', :default)
-          app['display_domain'] = req.env.fetch('display_domain', nil)
-        else
-          # Generate nonce even without request if CSP is enabled
-          app['nonce'] = get_or_generate_nonce
-        end
-
-        # Configuration (from both layers)
-        app['environment'] = @config.app_environment
-        app['api_base_url'] = @config.api_base_url
-        app['features'] = @config.features
-        app['development'] = @config.development?
-
-        # Authentication & UI (from current computed_data)
-        app['authenticated'] = authenticated?
-        app['theme_class'] = determine_theme_class
-
-        app
-      end
-
-      # Build API base URL from configuration (deprecated - moved to config)
-      def build_api_base_url
-        @config.api_base_url
-      end
-
-      # Determine theme class for CSS
-      def determine_theme_class
-        # Default theme logic - can be overridden by business data
-        if props['theme']
-          "theme-#{props['theme']}"
-        elsif cust && cust.respond_to?(:theme_preference)
-          "theme-#{cust.theme_preference}"
-        else
-          'theme-light'
-        end
-      end
-
-      # Check if user is authenticated
-      def authenticated?
-        sess && sess.authenticated? && cust && !cust.anonymous?
-      end
-
-      # Get default session instance
-      def default_session
-        Rhales::Adapters::AnonymousSession.new
-      end
-
-      # Get default customer instance
-      def default_customer
-        Rhales::Adapters::AnonymousAuth.new
-      end
-
-      # Normalize hash keys to strings recursively
-      def normalize_keys(data)
-        case data
-        when Hash
-          data.each_with_object({}) do |(key, value), result|
-            result[key.to_s] = normalize_keys(value)
-          end
-        when Array
-          data.map { |item| normalize_keys(item) }
-        else
-          data
-        end
-      end
-
-      # Recursively collect all variable paths from nested data
-      def collect_variable_paths(data, prefix = '')
-        paths = []
-
-        case data
-        when Hash
-          data.each do |key, value|
-            current_path = prefix.empty? ? key.to_s : "#{prefix}.#{key}"
-            paths << current_path
-
-            if value.is_a?(Hash) || value.is_a?(Object)
-              paths.concat(collect_variable_paths(value, current_path))
-            end
-          end
-        when Object
-          # For objects, collect method names that look like attributes
-          data.public_methods(false).each do |method|
-            method_name = method.to_s
-            next if method_name.end_with?('=') # Skip setters
-            next if method_name.start_with?('_') # Skip private-ish methods
-
-            current_path = prefix.empty? ? method_name : "#{prefix}.#{method_name}"
-            paths << current_path
-          end
-        end
-
-        paths
-      end
-
-      # Get or generate nonce for CSP
-      def get_or_generate_nonce
-        # Try to get existing nonce from request env
-        if req && req.respond_to?(:env) && req.env
-          existing_nonce = req.env.fetch(@config.nonce_header_name, nil)
-          return existing_nonce if existing_nonce
-        end
-
-        # Generate new nonce if auto_nonce is enabled or CSP is enabled
-        return CSP.generate_nonce if @config.auto_nonce || (@config.csp_enabled && csp_nonce_required?)
-
-        # Return nil if nonce is not needed
-        nil
-      end
-
-      # Check if CSP policy requires nonce
-      def csp_nonce_required?
-        return false unless @config.csp_enabled
-
-        csp = CSP.new(@config)
-        csp.nonce_required?
-      end
-
-      class << self
-        # Create context with business data for a specific view
-        def for_view(req, sess, cust, locale, config: nil, **props)
-          new(req, sess, cust, locale, props: props, config: config)
-        end
-
-        # Create minimal context for testing
-        def minimal(props: {}, config: nil)
-          new(nil, nil, nil, 'en', props: props, config: config)
-        end
-      end
-  end
-end

data/lib/rhales/hydration_data_aggregator.rb

@@ -1,221 +0,0 @@
-# lib/rhales/hydration_data_aggregator.rb
-
-require 'json'
-require_relative 'template_engine'
-require_relative 'errors'
-
-module Rhales
-  # HydrationDataAggregator traverses the ViewComposition and executes
-  # all <data> sections to produce a single, merged JSON structure.
-  #
-  # This class implements the server-side data aggregation phase of the
-  # two-pass rendering model, handling:
-  # - Traversal of the template dependency tree
-  # - Execution of <data> sections with full server context
-  # - Merge strategies (deep, shallow, strict)
-  # - Collision detection and error reporting
-  #
-  # The aggregator replaces the HydrationRegistry by performing all
-  # data merging in a single, coordinated pass.
-  class HydrationDataAggregator
-    class JSONSerializationError < StandardError; end
-
-    def initialize(context)
-      @context = context
-      @window_attributes = {}
-      @merged_data = {}
-    end
-
-    # Aggregate all hydration data from the view composition
-    def aggregate(composition)
-      composition.each_document_in_render_order do |template_name, parser|
-        process_template(template_name, parser)
-      end
-
-      @merged_data
-    end
-
-    private
-
-    def process_template(_template_name, parser)
-      data_content = parser.section('data')
-      return unless data_content
-
-      window_attr = parser.window_attribute || 'data'
-      merge_strategy = parser.merge_strategy
-
-      # Build template path for error reporting
-      template_path = build_template_path(parser)
-
-      # Process the data section first to check if it's empty
-      processed_data = process_data_section(data_content, parser)
-
-      # Check for collisions only if the data is not empty
-      if @window_attributes.key?(window_attr) && merge_strategy.nil? && !empty_data?(processed_data)
-        existing = @window_attributes[window_attr]
-        existing_data = @merged_data[window_attr]
-
-        # Only raise collision error if existing data is also not empty
-        unless empty_data?(existing_data)
-          raise ::Rhales::HydrationCollisionError.new(window_attr, existing[:path], template_path)
-        end
-      end
-
-      # Merge or set the data
-      @merged_data[window_attr] = if @merged_data.key?(window_attr)
-        merge_data(
-          @merged_data[window_attr],
-          processed_data,
-          merge_strategy || 'deep',
-          window_attr,
-          template_path,
-        )
-      else
-        processed_data
-                                  end
-
-      # Track the window attribute
-      @window_attributes[window_attr] = {
-        path: template_path,
-        merge_strategy: merge_strategy,
-      }
-    end
-
-    def process_data_section(data_content, parser)
-      # Create a JSON-aware context wrapper for data sections
-      json_context = JsonAwareContext.new(@context)
-
-      # Process template variables in the data section
-      processed_content = TemplateEngine.render(data_content, json_context)
-
-      # Parse as JSON
-      begin
-        JSON.parse(processed_content)
-      rescue JSON::ParserError => ex
-        template_path = build_template_path(parser)
-        raise JSONSerializationError,
-          "Invalid JSON in data section at #{template_path}: #{ex.message}\n" \
-          "Processed content: #{processed_content[0..200]}..."
-      end
-    end
-
-    def merge_data(target, source, strategy, window_attr, template_path)
-      case strategy
-      when 'deep'
-        deep_merge(target, source)
-      when 'shallow'
-        shallow_merge(target, source, window_attr, template_path)
-      when 'strict'
-        strict_merge(target, source, window_attr, template_path)
-      else
-        raise ArgumentError, "Unknown merge strategy: #{strategy}"
-      end
-    end
-
-    def deep_merge(target, source)
-      result = target.dup
-
-      source.each do |key, value|
-        result[key] = if result.key?(key) && result[key].is_a?(Hash) && value.is_a?(Hash)
-          deep_merge(result[key], value)
-        else
-          value
-                      end
-      end
-
-      result
-    end
-
-    def shallow_merge(target, source, window_attr, template_path)
-      result = target.dup
-
-      source.each do |key, value|
-        if result.key?(key)
-          raise ::Rhales::HydrationCollisionError.new(
-            "#{window_attr}.#{key}",
-            @window_attributes[window_attr][:path],
-            template_path,
-          )
-        end
-        result[key] = value
-      end
-
-      result
-    end
-
-    def strict_merge(target, source, window_attr, template_path)
-      # In strict mode, any collision is an error
-      target.each_key do |key|
-        next unless source.key?(key)
-
-        raise ::Rhales::HydrationCollisionError.new(
-          "#{window_attr}.#{key}",
-          @window_attributes[window_attr][:path],
-          template_path,
-        )
-      end
-
-      target.merge(source)
-    end
-
-    def build_template_path(parser)
-      data_node = parser.section_node('data')
-      line_number = data_node ? data_node.location.start_line : 1
-
-      if parser.file_path
-        "#{parser.file_path}:#{line_number}"
-      else
-        "<inline>:#{line_number}"
-      end
-    end
-
-    # Check if data is considered empty for collision detection
-    def empty_data?(data)
-      return true if data.nil?
-      return true if data == {}
-      return true if data == []
-      return true if data.respond_to?(:empty?) && data.empty?
-
-      false
-    end
-  end
-
-  # Context wrapper that automatically converts Ruby objects to JSON in data sections
-  class JsonAwareContext
-    def initialize(context)
-      @context = context
-    end
-
-    # Delegate all methods to the wrapped context
-    def method_missing(method, *, &)
-      @context.send(method, *, &)
-    end
-
-    def respond_to_missing?(method, include_private = false)
-      @context.respond_to?(method, include_private)
-    end
-
-    # Override get method to return JSON-serialized objects
-    def get(variable_path)
-      value = @context.get(variable_path)
-
-      # Convert Ruby objects to JSON for data sections
-      case value
-      when Hash, Array
-        begin
-          value.to_json
-        rescue JSON::GeneratorError, SystemStackError => ex
-          # Handle serialization errors (circular references, unsupported types, etc.)
-          raise JSONSerializationError,
-            "Failed to serialize Ruby object to JSON: #{ex.message}. " \
-            "Object type: #{value.class}, var path: #{variable_path}..."
-        end
-      else
-        value
-      end
-    end
-
-    # Alias for compatibility with template engine
-    alias resolve_variable get
-  end
-end