Development Roadmap
Track the journey from v1.9.6 to v2.0.0 — the complete production-grade fullstack Python framework.
This document outlines the development roadmap for Dars Framework. The goal is to guide the framework's growth towards a robust and viable alternative for Python-based user interface development.
All of the following have been implemented and shipped:
Component
class,
App
class, Virtual DOM, reactive rendering.
Text
,
Button
,
Input
,
Container
,
Page
,
Checkbox
,
RadioButton
,
Select
,
Slider
,
DatePicker
,
Image
,
Link
,
Textarea
,
ProgressBar
,
Tooltip
,
Spinner
,
Markdown
,
Section
,
Video
,
Audio
,
Card
,
Modal
,
Navbar
,
Table
,
Tabs
,
Accordion
,
FileUpload
,
Head
,
Outlet
,
Chart
,
DataTable
.
Flex
,
Grid
,
Anchor
.
FunctionComponent
,
Props
, extensible
Component
base.
dScript
, DAP (Dars Action Protocol),
RawJS
, zero-eval runtime, secure script injection.
State
V2 (reactive properties, increment/decrement, auto loops, transitions), legacy
dState
/
Mod
backward compat.
useDynamic
,
useValue
,
useWatch
,
setVRef
,
updateVRef
,
V()
,
url()
,
transform()
.
public
,
private
,
protected
,
SSR
), route obfuscation.
dars init
,
dars dev
,
dars build
,
dars export
,
dars preview
,
dars doctor
,
dars test
, hot reload.
fadeIn
,
fadeOut
,
slideIn
,
slideOut
,
scaleIn
,
scaleOut
,
shake
,
bounce
,
pulse
,
rotate
,
flip
,
popIn
,
popOut
,
sequence
.
apiConfig.py
, dev server orchestration.
fetch
,
get
,
post
,
put
,
delete
,
patch
,
useData
,
DataAccessor
.
FormData
,
collect_form
.
dars-ready
visibility mechanism with safety fallbacks to prevent FOUC and blank screens during hydration.
dars preview
with automatic configuration detection, optional paths, and customizable ports. Standardized
dars dev
port propagation.
app.js
strategy.
minify
config key
: Replaced
viteMinify
+
defaultMinify
with a single
minify: true/false
key in
dars.config.json
. Backward-compatible with old keys.
router.js
+ patches
dars.min.js
to remove dead router imports at build time.
DarsModel
declarative ORM with
TextField
,
IntegerField
,
FloatField
,
BooleanField
,
DateTimeField
,
JSONField
,
ForeignKey
.
Database
thread-safe connection manager with WAL mode, migration tracking. Auto-generated CRUD API via
register_model_api()
.
@server_action
decorator for registering Python functions as API endpoints.
call_server()
for calling them from client-side events. Type validation via Pydantic, sync/async support, auth-protected actions, auto-discovery.
RouteType
enum (
PUBLIC
,
SSR
,
PRIVATE
,
PROTECTED
).
RouteGuard
with
requires_auth
,
roles
,
custom_check
.
RouteMetadata
for per-route security configuration.
@guard
decorator for fine-grained access control.
@requires_auth
FastAPI route decorator with auto
request.state.user
injection.
@requires_role("admin")
RBAC decorator. Auto-registration of auth configs with predictable
auth_id
. Scoped endpoints
/_dars/auth/{auth_id}/login
,
/me
,
/logout
,
/refresh
. Session management with
SessionManager
+
InMemorySessionStore
.
SessionStore
protocol for custom backends.
DarsMiddleware
abstract base with lifecycle hooks.
AuthMiddleware
(JWT + CSRF + multi-auth).
SecurityHeadersMiddleware
(CSP, HSTS, X-Frame-Options, etc.).
CORSMiddleware
(configurable origins, credentials, preflight).
RateLimitMiddleware
(sliding-window, burst, per-IP/user).
LoggingMiddleware
(structured request/response logging).
CompressionMiddleware
(gzip).
MiddlewareChain
(compose middlewares).
register_default_middlewares()
(one-call setup).
DAPOp
constants for all supported operations in
actionProtocol.py
.
ActionBuilder
helpers for secure client-side action generation.
Everything below is what's needed to make Dars a real, production-usable fullstack framework.
DarsAuth
class with JWT generation (
jwt.encode
) and verification
HS256
/
RS256
), and token expiration
key
isAuthenticated()
check for conditional UI rendering (via
useFetch
to
/me
)
auth.login()
/
auth.logout()
handled via native endpoints and form submits
/_dars/auth/login
,
/logout
,
/refresh
,
/me
with Multi-Auth support
@requires_auth
decorator for SSR/API routes (v1.9.16 — simplified, auto
request.state.user
injection)
@requires_role("admin")
RBAC decorator (v1.9.16)
setup_auth()
)
SessionManager
,
InMemorySessionStore
,
SessionStore
protocol (v1.9.16)
dars_access_token_{auth_id}
) and dynamic endpoints (v1.9.16)
DarsMiddleware
base class with
before_request()
/
after_response()
hooks (v1.9.16)
app.add_middleware()
(v1.9.16)
@middleware(AuthMiddleware)
MiddlewareChain
composition (v1.9.16)
AuthMiddleware
— verify JWT on protected routes with CSRF + multi-auth (v1.9.16)
CORSMiddleware
— configurable cross-origin resource sharing (v1.9.16)
RateLimitMiddleware
— per-IP / per-user rate limiting with burst support (v1.9.16)
LoggingMiddleware
— structured request/response logging (v1.9.16)
SecurityHeadersMiddleware
— CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy (v1.9.16)
CompressionMiddleware
— gzip response compression (v1.9.16)
register_default_middlewares()
— one-call setup (v1.9.16)
JsonStore
— JSON file-based key-value store for prototyping
Database
connection manager (v1.9.16)
store.get()
,
store.set()
,
store.delete()
,
store.list()
DarsModel
declarative model base (v1.9.16)
DarsModel
base class with CRUD operations:
.save()
,
.delete()
,
.to_dict()
(v1.9.16)
register_model_api()
(v1.9.16)
_dars_schema_version
table (v1.9.16)
TextField
,
IntegerField
,
FloatField
,
BooleanField
,
DateTimeField
,
JSONField
,
ForeignKey
(v1.9.16)
ModelManager
query API:
all()
,
get()
,
filter()
,
count()
,
create()
,
delete()
(v1.9.16)
dars db migrate
/
dars db upgrade
CLI commands
useFetch()
hook — declarative data fetching bound to State
isLoading
/
error
/
data
state management
fetch()
)
fetch()
with
FormData
support
form_helpers.py
network_request
DAP operation for
FormData.submit()
required
,
email
,
minLength
,
maxLength
,
pattern
,
custom
Form
wrapper component with built-in validation
Field
component for labeled inputs with error display
on_file_selected
callback with file metadata (name, size, type, preview URL)
uploadTo(url)
helper that sends files via
FormData
sessionStorage
helpers (get/set/remove/clear)
notify()
— Web Notifications API wrapper
navigator.onLine
)
IntersectionObserver
for lazy loading / scroll triggers
matchMedia
for responsive breakpoint detection
IndexedDB
wrapper for large client-side datasets
navigator.share()
)
ResizeObserver
for responsive components
window.print()
helper
useComputed()
/
useMemo()
— derived reactive values with dependency tracking
Show(condition, component)
— toggle visibility
Each(items, template_fn)
/
For
— list rendering with keys
@server_action
+
call_server()
(v1.9.16)
debounce(ms, action)
— debounce event handlers
throttle(ms, action)
— throttle event handlers
Toast
— notification toasts with auto-dismiss and stacking
Drawer
— slide-in side panel (left/right/top/bottom)
Breadcrumb
— navigation breadcrumbs
Pagination
— standalone pagination component
Badge
— status badges / chips
Avatar
— user avatar with fallback initials
Skeleton
— loading skeleton placeholders
Switch
/
Toggle
— boolean toggle switch
ColorPicker
— color selection input
RichTextEditor
— WYSIWYG text editing integration
Table
— client-side pagination, sorting, filtering, row selection, column resize
Select
— search/filter, multi-select, async options loading
Input
— input masks, debounced
on_change
, inline validation display
Modal
— transition animations, backdrop click to close, nested modals
Navbar
— mobile responsive hamburger menu, dropdown submenus
Tabs
— lazy-load tab content, URL synchronization
Accordion
— multi-open mode, collapse/expand animations
.env
file support for secrets and environment variables
dars.config.json
awareness in CLI (preview/dev ports and paths)
dars generate
— scaffold new pages
dars generate component <name>
— scaffold new components
dars generate page <name>
— scaffold new pages
dars generate model <name>
— scaffold data models
Dockerfile
template
| # | Area | Why First |
|---|---|---|
| 1 | Authentication | Nothing works without user identity |
| 2 | Middleware | Auth depends on middleware pipeline |
| 3 | Data Persistence | Apps need to store data |
| 4 | Form Validation | Every app has forms |
| 5 | HTTP Client | Frontend needs to talk to backend reliably |
| 6 | FileUpload Pipeline | Current component is non-functional |
| 7 | Security Hardening | Required for production |
| 8 | Business Logic | Conditional rendering, computed state |
| 9 | Browser APIs | Quality of life |
| 10 | Components | New + upgraded components |
| 11 | DX & Testing | Developer happiness |