Wiring is a PHP micro framework core with Interoperability (PSRs).
This package is compliant with PSR-1, PSR-3, PSR-4, PSR-6, PSR-7, PSR-11, PSR-12, PSR-14, PSR-15, PSR-17 and PSR-18.
-
Via Composer
composer require ar2labs/wiring
or if you don't have a composer installation:
-
Create a start project:
composer create-project ar2labs/wiring-start
-
Change to the directory created
cd wiring-start/ -
Create
.envcp .env.example .env
-
Start PHP Built-in web server:
php maker serve
or run with php:
php -S 127.0.0.1:8000 -t public/
-
Open your browser at:
http://127.0.0.1:8000
The following versions of PHP are supported by this version.
- PHP 8.5
PHP Extension Requirements:
- JSON
- Mbstring
Development and CI checks also use Composer, PHPUnit, PHPStan, PHP-CS-Fixer, DOM/XML extensions, and Xdebug for Clover coverage generation.
The project is expected to pass these release checks:
composer validate --strict
composer install
composer audit --locked --abandoned=fail
composer check-platform-reqs
vendor/bin/php-cs-fixer fix --config=php_cs.dist --dry-run --diff --no-interaction
vendor/bin/phpstan analyse --configuration phpstan.neon --no-progress --ansi
vendor/bin/phpunit --configuration phpunit.xml.dist --colors=always
vendor/bin/phpunit --configuration phpunit.xml.dist --coverage-clover build/logs/clover.xml --colors=alwaysWiring is a micro-framework core. Authentication, authorization, CSRF token storage, session storage, database query execution, template escaping policy, and application-specific input validation are provided by consuming applications through interfaces and injected services.
Security-sensitive defaults in this package include relative-only controller redirects, XML request parsing with network access disabled, JavaScript-safe console helper encoding, generic production error messages, redaction of sensitive logger context values, CR/LF rejection before emitting headers, and cookies with HttpOnly plus SameSite=Lax by default. Cookie Secure is set automatically when PHP reports an HTTPS request; deployments behind reverse proxies should pass true explicitly or normalize HTTPS server parameters before setting cookies.
Residual deployment assumptions include HTTPS termination, HSTS policy, trusted reverse-proxy headers, cookie domain scope, production php.ini, secret management, template escaping in the configured renderer, prepared SQL statements in database implementations, CSRF enforcement in applications that process state-changing forms, and operational log retention/redaction controls.
Project documentation is available in docs/README.md.
- Getting Started
- Integration Guide
- Architecture
- API Reference
- PHP 8.5 Migration And Security Notes
- Security Policy
- Release Process
Code and documentation copyright (c) 2020, Code released under the BSD-3-Clause license.