Native SOC 2, ISO 27001, NF525 & GDPR compliance built-in
# Install the CLI (once)# Create a new projectcd my-api
./forge serve
Alternative: without the installer
composer create-project fennectra/skeleton my-api
Module
Description
Router Attribute-based routing, groups, middleware pipeline, auto-generated OpenAPI 3.0 docs via Scalar
ORM Relations (belongsTo, hasMany, hasOne), eager loading, soft deletes, type casting, pagination
DI Container Constructor injection, singletons, autowiring, service resolution
Validator DTO validation via PHP 8 attributes: #[Required], #[Email], #[Min], #[Regex]...
CLI (Forge) 35+ commands organized by theme: scaffolding, database, server, compliance
Security & Authentication
Module
Command
Description
Auth & RBAC make:authFull auth module: users, roles, permissions, personal access tokens, JWT, registration, password reset
Organizations make:organizationMulti-org SaaS pattern: teams, invitations, member roles
JWT built-in
Access + refresh tokens, configurable TTL, revocation via DB
Encryption built-in
AES-256-GCM at rest for sensitive fields
Rate Limiting built-in
Redis or in-memory stores, per-route or global
Security Headers built-in
HSTS, CSP, X-Frame-Options, X-Content-Type-Options
Compliance (built-in, not a plugin)
Module
Command
Standard
Audit Trail make:auditSOC 2 — full action logging, retention policies, immutable records
Security Logging built-in
ISO 27001 — account lockout, password policies, security events
Fiscal Certification make:nf525NF525 — hash chain integrity, FEC export, period closings
Data Privacy make:rgpdGDPR — consent management, DPO dashboard, right to erasure
Module
Command
Description
Email Templates make:emailMultilingual templates in DB, SMTP sending, typed Mailable classes
Notifications built-in
Multi-channel: Email (SMTP), Slack, Database, Webhooks
Webhooks make:webhookOutbound webhooks with HMAC-SHA256 signatures, async delivery
SSE Broadcasting built-in
Server-Sent Events via Redis Pub/Sub
Module
Description
Multi-Database PostgreSQL, MySQL, SQLite — switch with DB_DRIVER
Multi-Tenant Database-per-tenant isolation, auto-resolved from domain or port
Queue & Jobs Async job processing with retry, failure handling, priority queues
Scheduler Cron-like task scheduling, K8s-safe with Redis distributed locks
Storage Multi-driver: Local filesystem, AWS S3, Google Cloud Storage
Cache Redis, file-based, tagged cache groups, route caching
FrankenPHP Worker Boot once, serve requests in ~1-2ms, memory-leak safe
Feature Flags Enable/disable features at runtime via Redis
Module
Description
Code Generation make:all generates full CRUD (Model + DTOs + Controller + Routes) in one command
Quality ./forge quality runs PHPStan level 5 + PHP-CS-Fixer + PHPUnit in one shot
Tinker ./forge tinker --sql="SELECT * FROM users" — instant SQL queries
Profiler Per-request profiling: SQL queries, timing, memory usage
OpenAPI + Scalar API documentation auto-generated from your DTOs and attributes
