v3.10.82

v3.10.82

ORM Parity

• find(filter) unified — All frameworks: Model.find({"name": "Alice"}) returns array. Model.find_by_id(1) returns single record.
• PHP static methods — User::find(), User::findById(), User::where(), User::create() now work as static calls. Instance calls still supported for backward compatibility.
• PHP global DB binding — ORM::setGlobalDb($db) / App::setDatabase($db) auto-binds to all models (like Python's orm_bind()).
• Node.js save() — Returns false on failure (was null), matching Python/PHP/Ruby.
• load() API — load() uses PK set on instance, load("id = ?", [1]) uses filter. Consistent across all four.

PHP Database

• Database implements DatabaseAdapter — One interface everywhere, no more union types.
• fetch() param order unified — ($sql, $params, $limit, $offset) across all adapters, matching Python.
• Migration CLI fixed — Correct DB type, startTransaction() method name.
• Response cookies emitted in both handle() and Server.php.
• Superglobals populated in built-in socket server.

Dev Admin

• Dynamic version label (fetches from backend).
• XSS hardening on chat/code blocks.
• Metrics drill-down fixed.

Tests

• Python: 2,179 passed, 0 failures
• PHP: 2,009 passed, 0 failures
• Node.js: 2,629 passed, 1 pre-existing
• WebSocket tests fixed for Python 3.14 on Windows

v3.10.76

v3.10.76

Fixes

• Middleware auth bypass — Write routes with custom middleware skip the built-in Bearer auth gate. Use @secured() / ->secure() / .secure to opt back in.
• Dev admin SPA — Dynamic version label, XSS hardening, code block escaping.
• Metrics drill-down — File detail endpoint works correctly on all server modes.

PHP-specific

• Built-in socket server — Now populates $_COOKIE, $_GET, $_POST, $_SERVER before dispatch. Cookie-based OAuth sessions work under tina4 serve.
• .htaccess — Removed forced HTTPS redirect (commented out, enable for production).
• nginx.conf.example — New file with complete PHP-FPM config, security rules, auth header passthrough.
• Version check — Fixed version_compare with mixed v-prefix Packagist versions.

Tests

• 10 new Python tests, 8 new PHP tests for middleware auth bypass.

v3.10.75

Fixes

• Middleware auth bypass — Write routes with custom middleware now skip the built-in Bearer auth gate. Fixes incompatibility with OAuth cookie-based sessions. Use @secured() to opt back in.
• Dev admin SPA — XSS hardening, dynamic version label (no longer hardcoded), code block escaping.
• Metrics drill-down — File detail endpoint now works on PHP built-in server (scan root resolved per-request).

Tests

• 10 new tests for middleware auth bypass (test_middleware_auth_bypass.py)

v3.10.74

v3.10.74 — Version parity release with test detection fix and Canvas metrics

v3.10.73

v3.10.73

• Fix test detection: search relative to scan root when scanning framework code
• Fix dependency arrows: improved import path matching across all languages
• Canvas 2D metrics: single-click drill-down with CC bar chart
• Node.js: handleDevAdminJs reads SPA bundle from file with multi-path fallback
• Updated SPA bundle across all frameworks

v3.10.71 — Dev Admin SPA + Canvas Metrics

v3.10.71 — Dev Admin SPA + Canvas Metrics + Rust Agent

Dev Admin SPA

• Unified 2,500-line TypeScript SPA replaces ~9,600 lines of duplicated inline HTML/CSS/JS
• /__dev now serves the SPA on all 4 frameworks
• 5-click unlock for Code With Me AI chat
• Close button to dismiss the dev admin panel

Metrics — Canvas 2D Rewrite

• Proper physics simulation: gravity, spring edges, soft repulsion, velocity damping
• Packed bubbles sized by LOC+complexity, colored by health (tests + deps + CC)
• D badge at top, T badge at bottom of each bubble
• Single-click drill-down with horizontal bar chart sorted by cyclomatic complexity
• +/−/Fit zoom buttons, right-click pan, drag bubbles
• Scans user code only — falls back to framework for demo

Code With Me (AI Chat)

• SSE streaming via Rust agent server
• 6 agents: supervisor, planner, coder, vision, image-gen, debug
• Supervisor asks questions before planning, never shows framework internals
• Interactive question inputs with Yes/No/Later/Skip buttons
• Checklist items with checkboxes and inline comments
• Plan approval: Approve & Execute, Keep for Later, Dismiss
• Settings: 3-column modal with Connect + model dropdown per provider
• Tina4 Cloud as default provider
• Background thinking loop with escalation tracking
• Chat persistence in .tina4/chat/
• Conversation history sent as context

Other

• SSE response.stream() shipped in v3.10.70
• Metrics scan fix: user code only, not framework internals
• tina4 ai fixed for tina4-js frontend projects

v3.10.70 — SSE/Streaming Support

v3.10.70 — SSE / Streaming Support

New Feature: response.stream()

Server-Sent Events (SSE) support across all 4 Tina4 frameworks. Pass a generator to response.stream() and the framework handles chunked transfer encoding, Content-Type: text/event-stream, Cache-Control: no-cache, Connection: keep-alive, and X-Accel-Buffering: no headers automatically.

Quick Example

@get("/events")
async def stream(request, response):
    async def generate():
        for i in range(10):
            yield f"data: message {i}\n\n"
            await asyncio.sleep(1)
    return response.stream(generate())

What's Included

• response.stream() method with async generator support
• Built-in ASGI server modified to flush chunks immediately (more_body flag)
• Custom content type support (NDJSON, etc.)
• SSE headers set automatically
• 13 new SSE tests
• Chapter 24: Server-Sent Events added to documentation
• Feature count: 55

Full Parity

All 4 frameworks (Python, PHP, Ruby, Node.js) ship with identical SSE support. 60 tests total across all frameworks.

v3.10.65

v3.10.65

New

• Metrics 3-stage test detection — filename, path, and content matching. Parent-named tests now detected (test_database covers database/sqlite).
• Metrics framework mode — when src/ is empty, scans the actual framework source with correct relative paths.
• tina4 console — interactive REPL across all 4 frameworks
• tina4 env — interactive environment configuration
• Brand — "TINA4 — The Intelligent Native Application 4ramework"
• Quick references — 36 sections, identical order across all 4 frameworks
• DotEnv API documented in quick references
• 37 chapters — 7 new (Events, Localization, Logging, API Client, WSDL/SOAP, DI Container, Service Runner)

Fixes

• Metrics relativePath uses scan root not cwd (framework mode)
• RouteGroup double prefix (Python)
• Port kill-and-take-over on startup
• Node.js bin wrapper + CLI workspace imports
• PHP DotEnv::loadEnv() in console
• Example files removed from Python framework repo

v3.10.60

v3.10.60

New

• tina4 console — interactive REPL with framework loaded (Python, PHP, Ruby, Node.js)
• tina4 env — interactive environment configuration
• Brand update — "TINA4 — The Intelligent Native Application 4ramework"
• Quick references — 36 sections per framework, all identical

Fixes

• RouteGroup double prefix bug (Python)
• Port kill-and-take-over on startup (all frameworks)
• Metrics test detection expanded
• Version read dynamically from package metadata

v3.10.59

v3.10.59

• Port kill-and-take-over — default port always kills existing process instead of auto-incrementing. Use --port for a different port.
• Node.js findAvailablePort — checks 0.0.0.0 not 127.0.0.1
• PHP @noauth docblock — annotations now affect dispatch, not just Swagger
• PHP dynamic version — reads from composer metadata at runtime
• PHP Packagist v2 API — version checker uses repo.packagist.org
• Python SyntaxError fix — global _database replaced with orm_bind()
• Test port +1000 — renamed AI Port → Test Port