core/php-framework
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
No description
50 commits 2 branches 0 tags 9.8 MiB
Find a file
Snider 1c5cbac9f7 feat: add security-checks.yaml spec for core php security command 
Defines 45+ security checks implementable in Go without PHP runtime:

**Check categories:**
- Environment (13): APP_DEBUG, APP_KEY, cookies, HTTPS, passwords
- Filesystem (6): .env exposure, permissions, sensitive files
- Config (4): CSRF, throttling, hashing, sessions
- Patterns (9): XSS, SQLi, command injection, hardcoded creds
- Tools (3): composer audit, npm audit, phpstan
- Headers (4): HSTS, CSP, X-Frame-Options (optional)

**Implementation approach:**
- Parse .env directly (no PHP needed)
- Regex patterns on PHP/Blade files
- Shell out to existing tools
- CWE references for each check

For `core php security` command in Go CLI.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 23:25:50 +00:00
.claude/skills feat: add initial framework files including API, console, and web routes; set up testing structure 2026-01-26 14:25:55 +00:00
.github feat(api): add API versioning support with middleware for version parsing and sunset headers 2026-01-26 16:59:47 +00:00
changelog/2026/jan docs: add changelog entries for Jan 2026 2026-01-27 16:27:42 +00:00
config feat(components): add new Blade components for Flux UI including icons, charts, and form elements 2026-01-26 21:21:53 +00:00
database/migrations fix: resolve CI test failures 2026-01-29 22:33:41 +00:00
docs docs(deploy): add PHP deployment guide 2026-01-29 22:27:50 +00:00
src fix: add return types to render() methods 2026-01-29 23:12:35 +00:00
stubs feat(components): add new Blade components for Flux UI including icons, charts, and form elements 2026-01-26 21:21:53 +00:00
tests fix: resolve all test failures 2026-01-29 22:42:19 +00:00
.gitignore feat: add QA pipeline with security and mutation testing tools 2026-01-29 23:21:12 +00:00
CLAUDE.md docs: add examples for Go, PHP, and VM commands 2026-01-29 21:33:10 +00:00
composer.json feat: add QA pipeline with security and mutation testing tools 2026-01-29 23:21:12 +00:00
CONTRIBUTING.md feat(workspace): implement workspace teams and permissions management with enhanced member model 2026-01-26 19:00:50 +00:00
infection.json5 feat: add QA pipeline with security and mutation testing tools 2026-01-29 23:21:12 +00:00
LICENSE Initial release: Core PHP modular monolith framework 2026-01-20 17:02:28 +00:00
package-lock.json feat(docs): restructure with PHP/Go framework sections 2026-01-29 10:47:50 +00:00
package.json feat(docs): restructure with PHP/Go framework sections 2026-01-29 10:47:50 +00:00
phpstan.neon fix: resolve static analysis issues and bump PHPStan to level 1 2026-01-29 23:09:27 +00:00
phpunit.xml feat(components): add new Blade components for Flux UI including icons, charts, and form elements 2026-01-26 21:21:53 +00:00
psalm.xml feat: add QA pipeline with security and mutation testing tools 2026-01-29 23:21:12 +00:00
qa.yaml feat: add QA pipeline with security and mutation testing tools 2026-01-29 23:21:12 +00:00
README.md feat(components): add new Blade components for Flux UI including icons, charts, and form elements 2026-01-26 21:21:53 +00:00
rector.php feat: add QA pipeline with security and mutation testing tools 2026-01-29 23:21:12 +00:00
ROADMAP.md feat(workspace): implement workspace teams and permissions management with enhanced member model 2026-01-26 19:00:50 +00:00
security-checks.yaml feat: add security-checks.yaml spec for core php security command 2026-01-29 23:25:50 +00:00
SECURITY.md feat(workspace): implement workspace teams and permissions management with enhanced member model 2026-01-26 19:00:50 +00:00
TODO.md feat(components): add new Blade components for Flux UI including icons, charts, and form elements 2026-01-26 21:21:53 +00:00

README.md

Core PHP Framework

Tests Code Coverage Latest Stable Version License PHP Version Laravel Version

A modular monolith framework for Laravel with event-driven architecture, lazy module loading, and built-in multi-tenancy.

Documentation

📚 Read the full documentation →

Features

  • Event-driven module system - Modules declare interest in lifecycle events and are only loaded when needed
  • Lazy loading - Web requests don't load admin modules, API requests don't load web modules
  • Multi-tenant isolation - Workspace-scoped data with automatic query filtering
  • Actions pattern - Single-purpose business logic classes with dependency injection
  • Activity logging - Built-in audit trails for model changes
  • Seeder auto-discovery - Automatic ordering via priority and dependency attributes
  • HLCRF Layout System - Hierarchical composable layouts (Header, Left, Content, Right, Footer)

Installation

composer require host-uk/core

The service provider will be auto-discovered.

Quick Start

Creating a Module

php artisan make:mod Commerce

This creates a module at app/Mod/Commerce/ with a Boot.php entry point:

<?php

namespace Mod\Commerce;

use Core\Events\WebRoutesRegistering;
use Core\Events\AdminPanelBooting;

class Boot
{
    public static array $listens = [
        WebRoutesRegistering::class => 'onWebRoutes',
        AdminPanelBooting::class => 'onAdmin',
    ];

    public function onWebRoutes(WebRoutesRegistering $event): void
    {
        $event->views('commerce', __DIR__.'/Views');
        $event->routes(fn () => require __DIR__.'/Routes/web.php');
    }

    public function onAdmin(AdminPanelBooting $event): void
    {
        $event->routes(fn () => require __DIR__.'/Routes/admin.php');
    }
}

Lifecycle Events

Event Purpose
WebRoutesRegistering Public-facing web routes
AdminPanelBooting Admin panel routes and navigation
ApiRoutesRegistering REST API endpoints
ClientRoutesRegistering Authenticated client routes
ConsoleBooting Artisan commands
McpToolsRegistering MCP tool handlers
FrameworkBooted Late-stage initialisation

Core Patterns

Actions

Extract business logic into testable, reusable classes:

use Core\Actions\Action;

class CreateOrder
{
    use Action;

    public function handle(User $user, array $data): Order
    {
        // Business logic here
        return Order::create($data);
    }
}

// Usage
$order = CreateOrder::run($user, $validated);

Multi-Tenant Isolation

Automatic workspace scoping for models:

use Core\Mod\Tenant\Concerns\BelongsToWorkspace;

class Product extends Model
{
    use BelongsToWorkspace;
}

// Queries are automatically scoped to the current workspace
$products = Product::all();

// workspace_id is auto-assigned on create
$product = Product::create(['name' => 'Widget']);

Activity Logging

Track model changes with minimal setup:

use Core\Activity\Concerns\LogsActivity;

class Order extends Model
{
    use LogsActivity;

    protected array $activityLogAttributes = ['status', 'total'];
}

HLCRF Layout System

Data-driven layouts with infinite nesting:

use Core\Front\Components\Layout;

$page = Layout::make('HCF')
    ->h('<nav>Navigation</nav>')
    ->c('<article>Main content</article>')
    ->f('<footer>Footer</footer>');

echo $page;

Variant strings define structure: HCF (Header-Content-Footer), HLCRF (all five regions), H[LC]CF (nested layouts).

See HLCRF.md for full documentation.

Configuration

Publish the config file:

php artisan vendor:publish --tag=core-config

Configure module paths in config/core.php:

return [
    'module_paths' => [
        app_path('Core'),
        app_path('Mod'),
    ],
];

Artisan Commands

php artisan make:mod Commerce      # Create a module
php artisan make:website Marketing # Create a website module
php artisan make:plug Stripe       # Create a plugin

Module Structure

app/Mod/Commerce/
├── Boot.php           # Module entry point
├── Actions/           # Business logic
├── Models/            # Eloquent models
├── Routes/
│   ├── web.php
│   ├── admin.php
│   └── api.php
├── Views/
├── Migrations/
└── config.php

Documentation

Testing

composer test

Requirements

  • PHP 8.2+
  • Laravel 11+

License

EUPL-1.2 - See LICENSE for details.