# Mizan Roadmap ## v1 — Django + React ### Done - **@client decorator** — `context=`, `affects=`, `auth=`, `websocket=` - **ReactContext class** — type-safe context/affects references with linting - **Named contexts** — functions sharing a context name are grouped into one provider and one fetch - **Context bundling endpoint** — `GET /api/mizan/ctx//` returns all functions in one response - **Server-driven invalidation** — mutation responses carry `invalidate` from `affects=` metadata - **Scoped invalidation** — runtime supports `invalidate: [{context: "user", params: {user_id: 5}}]` - **Param elevation** — shared params become required provider props, non-shared become optional - **Schema export** — `x-mizan-functions` + `x-mizan-contexts` for codegen - **Auth guards** — `auth=True`, `auth='staff'`, `auth='superuser'`, `auth=callable` - **JWT + session auth** — auto-detected, CSRF handled - **Shapes** — Pydantic + django-readers for typed query projections - **WebSocket channels** — real-time bidirectional communication - **Codegen** — generates typed React providers, hooks, mutations from schema ### Next: CDN-Ready Headers Context GETs must be cacheable by a CDN sitting in front of Django. - `Cache-Control` headers on `GET /api/mizan/ctx//` responses - `Vary` headers for auth-dependent responses - Deterministic JSON output (sorted keys) - Mutation POSTs must return `Cache-Control: no-store` - Context error responses must not be cached ### Next: Fold mizan-runtime into mizan-react The runtime (~150 lines: context registry, invalidation batcher, fetch primitives) merges into mizan-react. Framework-agnostic split is deferred until a second frontend adapter exists. ### Next: SSR Bridge Django renders React components server-side via a persistent Bun subprocess. - Bun worker: stdin/stdout JSON-RPC, `renderToString`, component registry - Django bridge: subprocess management, IPC, request synthesis - Template tag: `{% mizan_render "ProfilePage" user_profile=profile %}` - Hydration: `window.__MIZAN_SSR_DATA__` consumed by generated providers - Generated contexts check SSR data before first fetch ### Next: Codegen Rewrite Generated code uses the runtime directly (`mizanFetch`, `mizanCall`, `registerContext`) instead of the legacy `MizanProvider` pattern. Mutations have zero invalidation knowledge — the runtime reads the server response. --- ## Mizan Cloud (closed-source) ### Mizan Edge Cloudflare Workers for automatic edge caching. - Reads the Mizan schema to configure cache rules - Context GETs cached at the edge, keyed by context name + params - Mutation POSTs trigger cache purges from the `invalidate` response key - Zero configuration — the schema IS the cache policy ### Mizan Render SSR at the edge via Cloudflare Workers. - The Bun SSR bridge, running on Cloudflare instead of colocated with Django - Context data fetched from Django (or edge cache), rendered at the edge - HTML response streamed to the user from the nearest PoP ### Mizan Deploy One-command deployment for Django + React apps. - Container orchestration (AWS/Azure) - Edge + Render auto-configured - `mizan deploy` from the CLI - The Vercel experience for Django --- ## Protocol Spec The protocol is the product. Every endpoint is designed for a CDN. ### Context fetch ``` GET /api/mizan/ctx//?param=value 200 OK Cache-Control: public, max-age=60, stale-while-revalidate=300 Vary: Authorization, Cookie { "function_a": { ... }, "function_b": [ ... ] } ``` ### Mutation call ``` POST /api/mizan/call/ Cache-Control: no-store { "result": { ... }, "invalidate": ["context_name"] } ``` ### Scoped invalidation ``` { "result": { ... }, "invalidate": [ "notifications", { "context": "user", "params": { "user_id": 5 } } ] } ```