Introduction
XenoPHP is built on a specific philosophy: Simple on the surface, Robust at the core.
Why XenoPHP?
Modern web development often requires choosing between simplicity and power. XenoPHP eliminates that choice by providing a Hybrid Backend Framework.
We believe in "Standing on the shoulders of giants." XenoPHP isn't just another framework; it is a curated orchestration of the best PHP technologies available, designed specifically for backend dominance.
The Hybrid Advantage
XenoPHP mixes multiple framework concepts to create a superior developer experience:
- Laravel Foundation: Uses the industry-standard Eloquent ORM and Routing for reliability and ease of use.
- Symfony Stability: Incorporates robust Symfony components for low-level system management and HTTP handling.
- CakePHP & CodeIgniter Spirit: adopts the "Convention over Configuration" and "Performance First" philosophies to keep the framework agile and lightweight.
Note on "Public" Directory: Since XenoPHP is an API-first framework (MC Architecture), the
public/ directory contains strictly the server entry point (index.php). There are
no frontend assets to build or compile.
The result is a framework that feels Simple to code in, but is extremely Robust in production.
Source Code
You can view the source code or contribute directly on GitHub:
$ git clone https://github.com/Asadullah-nadeem/XenoPHP.git
Get Started
Ready to experience the power? Follow these steps to set up your environment.
Installation
# Install dependencies
$ composer install
$ npm install
# (Note: Do NOT run 'npm run build'. This is a backend-only framework)
# Setup environment
$ cp .env.example .env
$ php xeno key:generate
# Run migrations
$ php xeno migrate
# Start the server (Full Dev Suite)
$ php xeno serve
# Start the server (Internal Only - Fast)
$ php xeno serve --internal
INFO Server running on [http://127.0.0.1:8000].
Press Ctrl+C to stop the server
Once started, the server usually runs on http://127.0.0.1:8000.
Interactive Easy Mode (New)
Overwhelmed by commands? XenoPHP includes an interactive wrapper that categorizes and searches all available CLI tools for you.
$ php xeno xeno:easy
Welcome to XenoPHP Easy Mode! 🚀
Select a command category (or type to search):
[0] Global
[1] Make
[2] Database
...
This tool is perfect for discovering new features or running complex commands without memorizing flags.
Configuration
XenoPHP uses a Symfony-style YAML configuration system located at config/xeno.yaml for a cleaner
experience.
# config/xeno.yaml
app:
name: "XenoPHP Application"
power_mode: true
security:
honeypot:
enabled: true
field_name: "xeno_honey"
headers:
hsts: "max-age=31536000; includeSubDomains"
You can verify your configuration settings using the helper function xeno_config('key').
Security Features
XenoPHP comes with a built-in security suite called "Shield".
- Honeypot Protection: Automatically blocks spam bots using smart middleware.
- Configurable Security Headers: Manage HSTS, CSP, and X-Frame options directly via YAML.
To check your application's security posture, run:
$ php xeno shield:status
Scanning XenoPHP Security Shield...
+-------------------------+---------------+-----------------------------+
| Feature | Status | Configuration |
+-------------------------+---------------+-----------------------------+
| Honeypot | ACTIVE | Field: xeno_honey |
| Content Security Policy | ACTIVE | Configured in xeno.yaml |
| HSTS | ACTIVE | Force HTTPS |
| App Debug Mode | INSECURE (ON) | Should be OFF in production |
+-------------------------+---------------+-----------------------------+
Security optimizations recommended.
Optimization Tools
Ensure your application runs at maximum production speed with built-in optimization tools.
One-Command Optimize
Caches routes, config, and views instantly.
$ php xeno xeno:optimize
Server Health Check
Validate your server environment, PHP extensions, and settings.
$ php xeno server:check
Starting XenoPHP Server Robustness Check...
System Requirements
--------------------
✔ PHP Version >= 8.2
✘ Extension: intl
✔ Extension: mbstring
✔ Extension: openssl
✔ Extension: ctype
✔ Extension: xml
Security Checks
--------------------
âš Expose PHP (should be Off) (Recommended for Production)
âš Allow URL Fopen (should be Off) (Recommended for Production)
âš Display Errors (should be Off) (Recommended for Production)
Check Complete.
Power Logging: Critical system events are logged to storage/logs/power.log.
API & Architecture (MC)
XenoPHP adopts a streamlined MC (Model-Controller) architecture, intentionally removing the "View" layer.
By eliminating server-side HTML rendering, XenoPHP operates as a pure high-performance Backend API. Resources are strictly dedicated to:
- Models (M): Defining data structure and database interactions.
- Controllers (C): Handling logic and returning standardized JSON responses.
Standardized Responses
Using the ApiResponse trait, all endpoints return a consistent JSON structure:
{
"success": true,
"message": "Operation successful",
"data": { ... }
}
Built-in Endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/status | Check API availability |
| GET | /api/health | View system health (Disk, Memory, DB) |
Supported Capabilities
XenoPHP is built to handle diverse API patterns from legacy enterprise to modern real-time systems.
| Protocol | Type | Use Case |
|---|---|---|
| RESTful | Resource-based | Standard Web Servers |
| GraphQL | Query Language | Reduced Network Load |
| gRPC | High Performance | Microservices |
| WebSocket | Bi-directional | Low-latency Data Exchange |
| Webhooks | Asynchronous | Event-driven Applications |
| SOAP | XML-based | Enterprise applications |
Global Helpers
Boost your productivity with these global helper functions.
| Helper | Description |
|---|---|
xeno_clean($data) |
Robust input sanitization for strings and arrays. |
xeno_config($key) |
Access YAML configurations easily (e.g., xeno_config('app.name')). |