v2.0.0: Rails conventions refactor (#38)

* refactor: migrate dashboard rendering to ERB views (WIP)

Replaces 11 *Presenter classes with app/views/**.html.erb plus
app/helpers/solid_queue_monitor/* helpers. Serves CSS/JS via a new
AssetsController with content-hashed URLs, removing the need for
inline <style nonce>/<script nonce> blocks. Public API unchanged
(config block, mount, URLs, auth, CSP nonce support).

WIP: jobs#show specs failing with MissingExactTemplate despite the
template existing — diagnosis + Phase 6 cleanup + version bump still
pending in follow-up commits.

* chore: phase 6 cleanup + bump to 2.0.0

- Delete BasePresenter, StatsPresenter, HtmlGenerator, StylesheetGenerator
  (~2,750 LOC of legacy HTML-in-Ruby removed)
- Remove BaseController#render_page (replaced by Rails implicit rendering)
- Upgrade CSP spec with no-inline-style-block / no-inline-script-block assertions
- Bump VERSION to 2.0.0
- Add CHANGELOG entry for [2.0.0] - 2026-05-12
- Refine job_details + jobs helpers and 3 job partials

* fix: readable dark-theme colors for paused queue row

The .queue-paused row only set a light cream background (#fffbeb)
without an explicit text color, so the dark theme inherited the
near-white default text and rendered as nearly invisible. Adds a
dark-theme override with dark amber background + light amber text
(~11:1 contrast). Light theme unchanged.

* chore: gitignore Codex agent files

* docs: update CSP section in README for v2.0

Reflects v2.0 behavior: strict `script-src 'self'; style-src 'self'`
works out of the box now that CSS/JS are served as external assets.
Removes the v1.3.0 caveat about nonces being required for strict
policies, and adds an upgrade note for v1.x users.

* docs: bump Gemfile example to ~> 2.0 in README installation section

* test: add request specs for ready/in_progress/scheduled/recurring jobs

These four index-only controllers lacked dedicated request specs in v1.x.
The refactor inherited the gap. Each new spec covers: happy path, empty
state, key DOM elements, filter by class_name (and queue_name for
ready_jobs).

Brings spec total from 294 to 315 examples.

Author: vishaltps

.gitignore

@@ -20,3 +20,7 @@
 # Claude Code personal workflows (local only)
 .claude/
 CLAUDE.md
+
+# Codex personal workflows (local only)
+.agents/
+AGENTS.md

CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## [2.0.0] - 2026-05-12
+
+### Changed
+
+- **Major architectural refactor**: the dashboard now renders via standard Rails ERB views, helpers, and partials instead of Ruby presenters emitting HTML strings. Configuration, mount point, URLs, HTTP Basic auth, and CSP nonce support are unchanged.
+- CSS and JavaScript are now served as external assets via a new `AssetsController` with content-hashed URLs and `Cache-Control: immutable`. No Sprockets or Propshaft dependency is required, so Rails API-only host applications keep working as in v1.x.
+- Dashboard pages now work under a strict `script-src 'self'; style-src 'self'` Content Security Policy without requiring host-app nonce configuration. Nonce-on-link-tag behavior is preserved for hosts running nonce-only CSPs.
+- Runtime configuration such as auto-refresh interval, auto-refresh enabled state, and theme preference is now passed via `<body data-*>` attributes instead of inline JavaScript interpolation.
+
+### Removed
+
+- `SolidQueueMonitor::HtmlGenerator`, `StylesheetGenerator`, `ChartPresenter`, `BasePresenter`, and all `*Presenter` classes. These were internal and not documented as public API. Users who reached into them via monkey patches will need to migrate to view/helper overrides.
+- `SolidQueueMonitor::BaseController#render_page` now that Rails implicit rendering handles all pages.
+- The brief inline `<script>` that prevented dark-mode first-paint flash has been removed in favor of zero inline scripts. Users with a dark system preference may see a short light flash on the first page load; subsequent loads use the cached localStorage value.
+
+### Migration
+
+For most users, `bundle update solid_queue_monitor` is sufficient. The dashboard looks and behaves identically. Configuration options, routes, authentication, and CSP nonce support are unchanged.
+
+If you customized the UI by monkey-patching a presenter, migrate that customization to view/helper overrides. Open an issue at https://github.com/vishaltps/solid_queue_monitor/issues if you need guidance.
+
 ## [1.3.0] - 2026-04-16
 
 ### Added

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    solid_queue_monitor (1.3.0)
+    solid_queue_monitor (2.0.0)
       rails (>= 7.0)
       solid_queue (>= 0.1.0)
 

README.md

@@ -72,7 +72,7 @@ A lightweight, zero-dependency web interface for monitoring Solid Queue backgrou
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'solid_queue_monitor', '~> 1.2'
+gem 'solid_queue_monitor', '~> 2.0'
 ```
 
 Then execute:
@@ -208,9 +208,23 @@ This makes it easy to find specific jobs when debugging issues in your applicati
 
 ## Content Security Policy
 
-Solid Queue Monitor is compatible with strict Content Security Policy as of v1.3.0.
+Solid Queue Monitor is fully CSP-compatible as of v2.0.0. The dashboard works out of the box under strict policies — no nonce configuration is required.
 
-If your application uses nonce-based CSP (the Rails default when `content_security_policy_nonce_generator` is set), Solid Queue Monitor will automatically stamp the per-request nonce onto every inline `<style>` and `<script>` tag it emits. Ensure your nonce directives include both `script-src` and `style-src`:
+### Strict CSP (v2.0.0+)
+
+As of v2.0 the dashboard's CSS and JavaScript are served as external, content-hashed assets (e.g. `/solid_queue/assets/application-a1b2c3d4.css`) with `Cache-Control: immutable`. The dashboard emits zero inline `<style>` or `<script>` blocks. A strict policy that only allows `'self'` for both directives is sufficient:
+
+```ruby
+# config/initializers/content_security_policy.rb
+Rails.application.config.content_security_policy do |policy|
+  policy.script_src :self
+  policy.style_src  :self
+end
+```
+
+### Nonce-based CSP
+
+Nonce-based CSP is also supported. When `content_security_policy_nonce_generator` is configured, Solid Queue Monitor stamps the per-request nonce onto the `<link rel="stylesheet">` and `<script src="...">` tags it emits — so policies that exclude `'self'` and only allow nonces still work:
 
 ```ruby
 # config/initializers/content_security_policy.rb
@@ -223,7 +237,9 @@ Rails.application.config.content_security_policy_nonce_generator = ->(req) { Sec
 Rails.application.config.content_security_policy_nonce_directives = %w[script-src style-src]
 ```
 
-No other configuration is required. If your application runs CSP without nonces (e.g., strict `script-src 'self'` only), the monitor UI will not function — asset-extraction support is tracked for a future release.
+### Upgrading from v1.x
+
+v1.x emitted inline `<style nonce>` and `<script nonce>` blocks, so a nonce generator was effectively required for strict policies. v2.0 removes all inline blocks. If you added a nonce generator only to make the monitor work, you can keep it (no harm) or remove it.
 
 ## Contributing