tina4-python 0.2.200__tar.gz → 0.2.202__tar.gz

{tina4_python-0.2.200 → tina4_python-0.2.202}/PKG-INFO

@@ -1,15 +1,13 @@
 Metadata-Version: 2.4
 Name: tina4-python
-Version: 0.2.200
+Version: 0.2.202
 Summary: Tina4Python - This is not another framework for Python
 Author-email: Andre van Zuydam <andrevanzuydam@gmail.com>
 Requires-Python: <4.0,>=3.12
 Requires-Dist: asyncer>=0.0.8
 Requires-Dist: bcrypt<5.0.0,>=4.2.1
-Requires-Dist: cryptography<45.0.0,>=44.0.0
 Requires-Dist: hypercorn>=0.18.0
 Requires-Dist: jinja2<4.0.0,>=3.1.5
-Requires-Dist: jurigged>=0.6.0
 Requires-Dist: libsass<0.24.0,>=0.23.0
 Requires-Dist: litequeue<0.10,>=0.9
 Requires-Dist: pyjwt<3.0.0,>=2.10.1
@@ -17,6 +15,24 @@ Requires-Dist: python-dotenv<2.0.0,>=1.0.1
 Requires-Dist: requests>=2.32.5
 Requires-Dist: simple-websocket<2.0.0,>=1.1.0
 Requires-Dist: watchdog<7.0.0,>=6.0.0
+Provides-Extra: all-db
+Requires-Dist: firebird-driver>=1.10.0; extra == 'all-db'
+Requires-Dist: mysql-connector-python>=9.3.0; extra == 'all-db'
+Requires-Dist: psycopg2-binary>=2.9.10; extra == 'all-db'
+Requires-Dist: pymongo>=4.0.0; extra == 'all-db'
+Requires-Dist: pymssql>=2.3.0; extra == 'all-db'
+Provides-Extra: dev-reload
+Requires-Dist: jurigged>=0.6.0; extra == 'dev-reload'
+Provides-Extra: firebird
+Requires-Dist: firebird-driver>=1.10.0; extra == 'firebird'
+Provides-Extra: mongo
+Requires-Dist: pymongo>=4.0.0; extra == 'mongo'
+Provides-Extra: mssql
+Requires-Dist: pymssql>=2.3.0; extra == 'mssql'
+Provides-Extra: mysql
+Requires-Dist: mysql-connector-python>=9.3.0; extra == 'mysql'
+Provides-Extra: postgres
+Requires-Dist: psycopg2-binary>=2.9.10; extra == 'postgres'
 Description-Content-Type: text/markdown
 
 # Tina4 Python — This is not a framework
@@ -262,3 +278,13 @@ https://opensource.org/licenses/MIT
 ---
 
 **Tina4** — The framework that keeps out of the way of your coding.
+
+---
+
+## Our Sponsors
+
+**Sponsored with 🩵 by Code Infinity**
+
+[<img src="https://codeinfinity.co.za/wp-content/uploads/2025/09/c8e-logo-github.png" alt="Code Infinity" width="100">](https://codeinfinity.co.za/about-open-source-policy?utm_source=github&utm_medium=website&utm_campaign=opensource_campaign&utm_id=opensource)
+
+*Supporting open source communities <span style="color: #1DC7DE;">•</span> Innovate <span style="color: #1DC7DE;">•</span> Code <span style="color: #1DC7DE;">•</span> Empower*

{tina4_python-0.2.200 → tina4_python-0.2.202}/README.md

@@ -241,3 +241,13 @@ https://opensource.org/licenses/MIT
 ---
 
 **Tina4** — The framework that keeps out of the way of your coding.
+
+---
+
+## Our Sponsors
+
+**Sponsored with 🩵 by Code Infinity**
+
+[<img src="https://codeinfinity.co.za/wp-content/uploads/2025/09/c8e-logo-github.png" alt="Code Infinity" width="100">](https://codeinfinity.co.za/about-open-source-policy?utm_source=github&utm_medium=website&utm_campaign=opensource_campaign&utm_id=opensource)
+
+*Supporting open source communities <span style="color: #1DC7DE;">•</span> Innovate <span style="color: #1DC7DE;">•</span> Code <span style="color: #1DC7DE;">•</span> Empower*

{tina4_python-0.2.200 → tina4_python-0.2.202}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "tina4-python"
-version = "0.2.200"
+version = "0.2.202"
 description = "Tina4Python - This is not another framework for Python"
 authors = [
     {name = "Andre van Zuydam",email = "andrevanzuydam@gmail.com"}
@@ -11,8 +11,7 @@ dependencies = [
     "jinja2>=3.1.5,<4.0.0",
     "libsass (>=0.23.0,<0.24.0)",
     "python-dotenv (>=1.0.1,<2.0.0)",
-    "pyjwt (>=2.10.1,<3.0.0)",
-    "cryptography (>=44.0.0,<45.0.0)",
+    "pyjwt>=2.10.1,<3.0.0",
     "watchdog (>=6.0.0,<7.0.0)",
     "bcrypt (>=4.2.1,<5.0.0)",
     "litequeue (>=0.9,<0.10)",
@@ -20,11 +19,26 @@ dependencies = [
     "asyncer>=0.0.8",
     "hypercorn>=0.18.0",
     "requests>=2.32.5",
-    "jurigged>=0.6.0",
+]
+
+[project.optional-dependencies]
+dev-reload = ["jurigged>=0.6.0"]
+postgres  = ["psycopg2-binary>=2.9.10"]
+mysql     = ["mysql-connector-python>=9.3.0"]
+mssql     = ["pymssql>=2.3.0"]
+firebird  = ["firebird-driver>=1.10.0"]
+mongo     = ["pymongo>=4.0.0"]
+all-db    = [
+    "psycopg2-binary>=2.9.10",
+    "mysql-connector-python>=9.3.0",
+    "pymssql>=2.3.0",
+    "firebird-driver>=1.10.0",
+    "pymongo>=4.0.0",
 ]
 
 [dependency-groups]
 dev = [
+    "jurigged>=0.6.0",
     "flake8>=7.2.0",
     "mkdocs>=1.6.1",
     "mysql-connector-python>=9.3.0",

tina4_python-0.2.202/tina4_python/Auth.py

@@ -0,0 +1,236 @@
+#
+# Tina4 - This is not a 4ramework.
+# Copy-right 2007 - current Tina4
+# License: MIT https://opensource.org/licenses/MIT
+#
+# flake8: noqa: E501
+"""JWT authentication and password hashing for Tina4.
+
+Provides the ``Auth`` class which handles:
+    - HS256 JWT token creation and validation using the ``SECRET`` env var
+    - Configurable token expiry (default 2 minutes, override via
+      ``TINA4_TOKEN_LIMIT`` environment variable)
+    - Password hashing and verification using bcrypt
+    - Payload extraction from valid or expired tokens
+
+The framework creates a global ``tina4_python.tina4_auth`` instance at
+startup. Sessions, secured routes, and middleware all delegate to this
+instance for token operations.
+
+Example::
+
+    from tina4_python import tina4_auth
+
+    token = tina4_auth.get_token({"user_id": 42})
+    is_valid = tina4_auth.valid(token)
+    payload = tina4_auth.get_payload(token)
+    hashed = tina4_auth.get_password("secret")
+    ok = tina4_auth.check_password("secret", hashed)
+"""
+
+__all__ = ["Auth", "AuthJSONSerializer"]
+
+import datetime
+import os
+import jwt
+import bcrypt
+from json import JSONEncoder
+
+
+class AuthJSONSerializer(JSONEncoder):
+    """
+    Custom JSON encoder used by PyJWT when serializing payload objects.
+
+    Ensures that ``datetime.datetime`` instances are correctly converted to ISO-8601
+    strings so they can be embedded in JWT claims.
+    """
+
+    def default(self, o):
+        if isinstance(o, datetime.datetime):
+            return o.isoformat()
+        return super().default(o)
+
+
+class Auth:
+    """
+    Authentication & authorization helper for Tina4 projects.
+
+    Handles:
+      - Password hashing/verification (bcrypt)
+      - Signing JWT tokens with HS256 (SECRET env var)
+      - Verifying JWT tokens with HS256
+      - Simple API-KEY fallback validation
+
+    Environment variables used:
+        - ``SECRET``            → HMAC-SHA256 signing secret for JWT
+        - ``API_KEY``           → optional static API key (checked before JWT)
+        - ``TINA4_TOKEN_LIMIT`` → default token lifetime in minutes (default: 2)
+    """
+
+    secret: str | None = None
+    root_path: str = None
+
+    # ------------------------------------------------------------------
+    # Password handling (bcrypt)
+    # ------------------------------------------------------------------
+    def hash_password(self, text: str) -> str:
+        """
+        Generate a bcrypt hash for the given plain-text password.
+
+        Args:
+            text (str): Plain-text password.
+
+        Returns:
+            str: bcrypt hash (as UTF-8 string). Safe to store in a database.
+        """
+        password_bytes = text.encode("utf-8")
+        salt = bcrypt.gensalt()
+        return bcrypt.hashpw(password_bytes, salt).decode("utf-8")
+
+    def check_password(self, password_hash: str, text: str) -> bool:
+        """
+        Verify a plain-text password against a previously created bcrypt hash.
+
+        Args:
+            password_hash (str): Hash returned by :meth:`hash_password`.
+            text (str): Plain-text password to verify.
+
+        Returns:
+            bool: ``True`` if the password matches the hash.
+        """
+        password_bytes = text.encode("utf-8")
+        return bcrypt.checkpw(password_bytes, password_hash.encode("utf-8"))
+
+    # ------------------------------------------------------------------
+    # Constructor
+    # ------------------------------------------------------------------
+    def __init__(self, root_path: str):
+        """
+        Initialise the Auth helper.
+
+        Detects and removes legacy RS256 key files from older Tina4 installs,
+        printing a one-time migration notice when found.
+
+        Args:
+            root_path (str): Absolute path to the project root.
+        """
+        from tina4_python.Debug import Debug
+        from tina4_python import Messages
+
+        self.root_path = root_path
+        self.secret = os.environ.get("SECRET", "{self.secret}")
+        if self.secret == "{self.secret}":
+            Debug.warning(Messages.MSG_AUTH_NO_SECRET)
+
+        # ------------------------------------------------------------------
+        # One-time RS256 → HS256 migration: remove old key files if present
+        # ------------------------------------------------------------------
+        secrets_dir = os.path.join(root_path, "secrets")
+        legacy_files = [
+            os.path.join(secrets_dir, "private.key"),
+            os.path.join(secrets_dir, "public.key"),
+            os.path.join(secrets_dir, "domain.cert"),
+        ]
+        if any(os.path.isfile(f) for f in legacy_files):
+            for f in legacy_files:
+                if os.path.isfile(f):
+                    os.remove(f)
+            Debug.warning(Messages.MSG_AUTH_RS256_MIGRATION)
+
+    # ------------------------------------------------------------------
+    # JWT creation & verification (HS256)
+    # ------------------------------------------------------------------
+    def get_token(self, payload_data: dict, expiry_minutes: int = 0) -> str:
+        """
+        Create a signed JWT (HS256) containing the supplied payload.
+
+        If ``expires`` is not present in ``payload_data`` an expiration claim
+        will be added automatically using ``TINA4_TOKEN_LIMIT`` (default 2 minutes)
+        or the value supplied via ``expiry_minutes``.
+
+        Args:
+            payload_data (dict): Claims to embed in the token.
+            expiry_minutes (int): Override default token lifetime (0 = use env default).
+
+        Returns:
+            str: Signed JWT (compact serialization).
+        """
+        now = datetime.datetime.now(datetime.timezone.utc)
+
+        if "expires" not in payload_data:
+            token_limit_minutes = int(os.environ.get("TINA4_TOKEN_LIMIT", 2))
+            if expiry_minutes != 0:
+                token_limit_minutes = expiry_minutes
+            expiry_time = now + datetime.timedelta(minutes=token_limit_minutes)
+            payload_data["expires"] = expiry_time.isoformat()
+
+        token = jwt.encode(
+            payload=payload_data,
+            key=self.secret,
+            algorithm="HS256",
+            json_encoder=AuthJSONSerializer,
+        )
+        return token
+
+    def get_payload(self, token: str) -> dict | None:
+        """
+        Decode a JWT and return its payload (without verification of expiry).
+
+        Args:
+            token (str): JWT to decode.
+
+        Returns:
+            dict | None: Payload dictionary or ``None`` on invalid signature.
+        """
+        try:
+            payload = jwt.decode(
+                token,
+                key=self.secret,
+                algorithms=["HS256"],
+                options={"verify_exp": False},
+            )
+            return payload
+        except Exception:
+            return None
+
+    def validate(self, token: str) -> bool:
+        """
+        Full token validation.
+
+        Checks:
+          1. Optional static ``API_KEY`` environment variable (quick bypass)
+          2. HS256 signature using SECRET
+          3. Presence and validity of the ``expires`` claim
+
+        Args:
+            token (str): Bearer token.
+
+        Returns:
+            bool: ``True`` if the token is valid and not expired.
+        """
+        if os.environ.get("API_KEY") and token == os.environ.get("API_KEY"):
+            return True
+
+        try:
+            payload = jwt.decode(
+                token,
+                key=self.secret,
+                algorithms=["HS256"],
+                options={"verify_exp": False},
+            )
+
+            if "expires" not in payload:
+                return False
+
+            expiry_time = datetime.datetime.fromisoformat(payload["expires"])
+            if expiry_time.tzinfo is None:
+                expiry_time = expiry_time.replace(tzinfo=datetime.timezone.utc)
+
+            return datetime.datetime.now(datetime.timezone.utc) <= expiry_time
+
+        except Exception:  # noqa: BLE001
+            return False
+
+    def valid(self, token: str) -> bool:
+        """Alias of :meth:`validate`. Kept for backward compatibility."""
+        return self.validate(token)

{tina4_python-0.2.200 → tina4_python-0.2.202}/tina4_python/CLAUDE.md

@@ -116,7 +116,7 @@ Never use `style="..."` attributes in Twig templates. All styling must live in S
 ```
 
 Rules:
-- Use Bootstrap 5 utility classes (e.g. `mt-4`, `text-center`, `d-flex`) for spacing, alignment, and layout instead of inline styles
+- Use Tina4 CSS utility classes (e.g. `mt-4`, `text-center`, `d-flex`) for spacing, alignment, and layout instead of inline styles — Tina4 CSS ships built-in, no external CDN needed
 - Use SCSS variables for colours, spacing, and font sizes — never hardcode hex values in templates
 - One SCSS file per page or component (e.g. `dashboard.scss`, `user-card.scss`)
 - Prefer semantic class names (`.product-card`, `.nav-sidebar`) over generic ones (`.box`, `.wrapper`)
@@ -230,6 +230,7 @@ Tina4 provides a full toolkit. Before writing custom code, check if the framewor
 | Form token validation | `{{ form_token() }}` in templates + built-in middleware |
 | CRUD admin interfaces | `result.to_crud(request)` or `CRUD.to_crud()` |
 | Swagger/OpenAPI docs | `@description()`, `@tags()`, `@example()` decorators |
+| GraphQL API | `GraphQL` from `tina4_python.GraphQL` |
 | SOAP/WSDL services | `WSDL` class from `tina4_python.WSDL` |
 | Database migrations | `tina4 migrate:create` + `tina4 migrate` |
 | WebSockets | `Websocket` from `tina4_python.Websocket` |
@@ -467,7 +468,7 @@ Every project must have a `src/templates/base.twig`. All pages extend it.
     <meta charset="UTF-8">
     <title>{% block title %}{{ APP_NAME }}{% endblock %}</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css">
+    <link rel="stylesheet" href="/css/tina4.min.css">
     <link rel="stylesheet" href="/css/default.css">
     {% block stylesheets %}{% endblock %}
 </head>
@@ -475,7 +476,7 @@ Every project must have a `src/templates/base.twig`. All pages extend it.
 {% block nav %}{% include "partials/nav.twig" ignore missing %}{% endblock %}
 {% block content %}{% endblock %}
 {% block javascripts %}
-<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
+<script src="/js/tina4.js"></script>
 <script src="/js/tina4helper.js"></script>
 {% endblock %}
 </body>
@@ -570,9 +571,9 @@ async def dashboard(request, response):
     return {"title": "Dashboard", "stats": get_stats()}
 ```
 
-## Frontend — Bootstrap + tina4helper.js
+## Frontend — Tina4 CSS + tina4helper.js
 
-The framework includes Bootstrap 5 by default and `tina4helper.js` for AJAX calls.
+The framework includes Tina4 CSS (~24KB, Bootstrap-compatible class names) and `tina4helper.js` for AJAX calls. No external CDN dependencies — everything ships built-in.
 
 ### tina4helper.js functions
 
@@ -598,7 +599,7 @@ getRoute("/api/partial", function(html) {
 // Post data to a URL, render response into element
 postUrl("/api/save", {name: "Alice"}, "resultDiv");
 
-// Show a Bootstrap alert
+// Show an alert message
 showMessage("Record saved successfully!");
 ```
 
@@ -815,6 +816,86 @@ uv run tina4 migrate:create "create products table"
 uv run tina4 migrate
 ```
 
+### How migrations work internally
+
+- SQL files live in `migrations/` folder, named `NNNNNN_description.sql` (6-digit sequence)
+- Files are executed **alphabetically** and split on the `;` delimiter
+- State is tracked in the `tina4_migration` table (auto-created per engine)
+- A migration only runs once — if `passed = 1` in the tracking table, it is skipped
+- Failed migrations (passed = 0) are deleted and retried on the next run
+- On **any** error, the migration rolls back and the process exits with `sys.exit(1)` — fix the error before re-running
+
+### Engine-specific DDL patterns
+
+Each database engine has different syntax for auto-increment primary keys, column types, and DDL features. **Always use the correct syntax for your target engine:**
+
+```sql
+-- SQLite
+CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    name TEXT NOT NULL,
+    email TEXT,
+    age INTEGER,
+    active INTEGER DEFAULT 1
+);
+
+-- PostgreSQL
+CREATE TABLE IF NOT EXISTS users (
+    id SERIAL PRIMARY KEY,
+    name VARCHAR(200) NOT NULL,
+    email VARCHAR(200),
+    age INTEGER,
+    active INTEGER DEFAULT 1
+);
+
+-- MySQL / MariaDB
+CREATE TABLE IF NOT EXISTS users (
+    id INTEGER NOT NULL AUTO_INCREMENT,
+    name VARCHAR(200) NOT NULL,
+    email VARCHAR(200),
+    age INTEGER,
+    active INTEGER DEFAULT 1,
+    PRIMARY KEY(id)
+);
+
+-- MSSQL (no IF NOT EXISTS — use table_exists check or handle errors)
+CREATE TABLE users (
+    id INTEGER IDENTITY(1,1) NOT NULL,
+    name VARCHAR(200) NOT NULL,
+    email VARCHAR(200),
+    age INTEGER,
+    active INTEGER DEFAULT 1,
+    PRIMARY KEY(id)
+);
+
+-- Firebird (no IF NOT EXISTS, no AUTOINCREMENT — use generators/sequences for auto-IDs)
+CREATE TABLE users (
+    id INTEGER NOT NULL,
+    name VARCHAR(200) NOT NULL,
+    email VARCHAR(200),
+    age INTEGER,
+    active INTEGER DEFAULT 1,
+    PRIMARY KEY(id)
+);
+```
+
+### Firebird idempotency
+
+Firebird does **not** support `IF NOT EXISTS` for `ALTER TABLE ... ADD` statements. The framework handles this automatically — when running on Firebird, it checks `RDB$RELATION_FIELDS` before executing `ALTER TABLE ... ADD <column>` and skips if the column already exists. No special handling is needed in your migration SQL files.
+
+### Common migration mistakes to avoid
+
+1. **Don't use the wrong auto-increment syntax** — `AUTOINCREMENT` (SQLite), `SERIAL` (PostgreSQL), `AUTO_INCREMENT` (MySQL), `IDENTITY(1,1)` (MSSQL) are all different and not interchangeable
+2. **Don't put `BEGIN`/`COMMIT`/`ROLLBACK` in migration SQL** — the framework handles transactions automatically
+3. **Don't use `IF NOT EXISTS` on Firebird or MSSQL** — they don't support it (Firebird ALTER TABLE ADD is handled automatically; for CREATE TABLE, check `table_exists()` or handle the error)
+4. **Don't modify a migration file that has already run** — create a new migration instead
+5. **Don't mix unrelated schema changes** — one logical change per migration file
+6. **Don't use `TEXT` on Firebird** — use `VARCHAR(n)` or `BLOB SUB_TYPE TEXT` instead
+7. **Don't use `REAL`/`FLOAT` on Firebird** — use `DOUBLE PRECISION` instead
+8. **Don't forget to handle `DEFAULT` clause differences** — MSSQL puts `DEFAULT` after `NOT NULL`, Firebird puts it before
+9. **Don't create ORM models without a corresponding migration** — the schema must exist before the ORM can use it
+10. **Don't use database-specific functions** (e.g. `NOW()`, `GETDATE()`, `CURRENT_TIMESTAMP`) without checking engine compatibility
+
 ## Middleware
 
 Middleware methods are classified by name prefix:
@@ -1015,6 +1096,55 @@ class SecureService(WSDL):
         return result
 ```
 
+## GraphQL
+
+Tina4 includes a zero-dependency GraphQL engine with a recursive-descent parser, schema builder, query executor, and ORM auto-generation.
+
+```python
+from tina4_python.GraphQL import GraphQL
+
+# Auto-generate from ORM
+gql = GraphQL()
+gql.schema.from_orm(User)
+gql.schema.from_orm(Product)
+gql.register_route("/graphql")  # POST = queries, GET = GraphiQL IDE
+```
+
+`from_orm()` creates: type, single query (`user(id: ID)`), list query (`users(limit, offset)`), create/update/delete mutations.
+
+### Manual schema
+
+```python
+gql.schema.add_type("Widget", {"id": "ID", "name": "String", "price": "Float"})
+gql.schema.add_query("widget", {
+    "type": "Widget",
+    "args": {"id": "ID"},
+    "resolve": lambda root, args, ctx: {"id": args["id"], "name": "Cog", "price": 5.0},
+})
+gql.schema.add_mutation("deleteWidget", {
+    "type": "Boolean",
+    "args": {"id": "ID!"},
+    "resolve": lambda root, args, ctx: True,
+})
+```
+
+### Programmatic usage (no HTTP)
+
+```python
+result = gql.execute('{ users(limit: 3) { id name } }', variables={}, context={})
+# {"data": {"users": [...]}}
+```
+
+Supports: queries, mutations, variables, fragments, aliases, `@skip`/`@include` directives, nested selections, list types, inline fragments. Resolver exceptions are captured as GraphQL errors.
+
+| ORM Field | GraphQL Type |
+|-----------|-------------|
+| IntegerField | Int |
+| NumericField | Float |
+| StringField/TextField | String |
+| DateTimeField | String |
+| Primary key | ID |
+
 ## Localization (i18n)
 
 Tina4 supports translations via Python's `gettext` module. Translation files live in `tina4_python/translations/`.
@@ -1218,7 +1348,7 @@ async def admin_users(request, response):
 ```
 
 This auto-generates:
-- Searchable, paginated HTML table with Bootstrap 5
+- Searchable, paginated HTML table with Tina4 CSS
 - Create / Edit / Delete modals with form tokens
 - 4 RESTful API routes (GET list, POST create, POST update, DELETE)
 - Per-table Twig template in `src/templates/crud/` (customisable after generation)

{tina4_python-0.2.200 → tina4_python-0.2.202}/tina4_python/Database.py

@@ -99,7 +99,7 @@ class Database:
             elif params[0] == MONGODB:
                 install_message = f"Please install pymongo: {MONGODB_INSTALL}"
 
-            sys.exit(Messages.MSG_DB_DRIVER_NOT_FOUND.format(driver=params[0]) + "\n" + install_message + "\n" + str(e))
+            raise ImportError(Messages.MSG_DB_DRIVER_NOT_FOUND.format(driver=params[0]) + "\n" + install_message + "\n" + str(e))
 
 
         self.database_engine = params[0]

{tina4_python-0.2.200 → tina4_python-0.2.202}/tina4_python/DevReload.py

@@ -40,6 +40,10 @@ import time
 from watchdog.observers import Observer
 from watchdog.events import PatternMatchingEventHandler, FileSystemEvent
 
+import importlib
+import sys
+from pathlib import Path
+
 from tina4_python.Debug import Debug
 
 # Global set of asyncio.Queue objects — one per connected browser tab
@@ -112,6 +116,67 @@ def _debounced_notify(change_type: str, delay: float = 0.1):
         _debounce_timer.start()
 
 
+def _reload_python_module(file_path: str):
+    """Re-import a Python module when its source file changes.
+
+    For files inside ``src/routes/``, ``src/orm/``, or ``src/app/``,
+    this clears any routes previously registered by the module, then
+    reloads it so that decorators (``@get``, ``@post``, etc.) re-run
+    and re-register in ``tina4_routes``.
+
+    New route files are imported for the first time; deleted files have
+    their routes cleaned up.
+
+    Args:
+        file_path: Absolute path to the changed ``.py`` file.
+    """
+    import tina4_python
+
+    # Only reload files under src/ (routes, orm, app)
+    try:
+        rel = Path(file_path).relative_to(Path.cwd())
+    except ValueError:
+        return  # Outside project directory
+
+    parts = rel.parts
+    if len(parts) < 2 or parts[0] != "src":
+        return
+
+    # Skip __init__.py, __pycache__, private files
+    if any(p.startswith("_") for p in parts):
+        return
+
+    # Skip non-code directories (templates, scss, public)
+    if parts[1] in ("templates", "scss", "public"):
+        return
+
+    # Build dotted module name: src/routes/users.py → src.routes.users
+    module_name = ".".join(rel.with_suffix("").parts)
+
+    # Remove routes previously registered by callbacks defined in this module
+    old_module = sys.modules.get(module_name)
+    if old_module is not None:
+        callbacks_to_remove = []
+        for callback in list(tina4_python.tina4_routes.keys()):
+            cb_module = getattr(callback, "__module__", None)
+            if cb_module == module_name:
+                callbacks_to_remove.append(callback)
+        for cb in callbacks_to_remove:
+            del tina4_python.tina4_routes[cb]
+            Debug.debug(f"[DevReload] Removed route for {cb.__name__} from {module_name}")
+
+    # (Re-)import the module — decorators will re-register routes
+    try:
+        if module_name in sys.modules:
+            importlib.reload(sys.modules[module_name])
+            Debug.info(f"[DevReload] Reloaded module: {module_name}")
+        elif os.path.isfile(file_path):
+            importlib.import_module(module_name)
+            Debug.info(f"[DevReload] Loaded new module: {module_name}")
+    except Exception as e:
+        Debug.error(f"[DevReload] Failed to reload {module_name}: {e}")
+
+
 class DevFileWatcher(PatternMatchingEventHandler):
     """Watchdog handler that triggers live-reload on file changes.
 
@@ -152,6 +217,11 @@ class DevFileWatcher(PatternMatchingEventHandler):
                 except Exception as e:
                     Debug.error(f"[DevReload] SCSS compile error: {e}")
             _debounced_notify("css-reload")
+        elif ext == ".py":
+            # Hot-reload Python routes/orm/app modules so new or changed
+            # decorators (@get, @post, etc.) re-register in tina4_routes
+            _reload_python_module(path)
+            _debounced_notify("reload")
         else:
             _debounced_notify("reload")