This guide provides a comprehensive overview of PivotPHP Core v1.1.3 architecture, highlighting the significant improvements made in this release following our ARCHITECTURAL_GUIDELINES principle of "Simplicidade sobre Otimização Prematura" (Simplicity over Premature Optimization).
PivotPHP Core follows a modular, event-driven architecture inspired by Express.js while maintaining strict PHP typing and PSR compliance.
┌─────────────────────────────────────────────────────────────┐
│ Application Layer │
├─────────────────────────────────────────────────────────────┤
│ Bootstrap │ Config │ Service Providers │ Event Dispatcher │
├─────────────────────────────────────────────────────────────┤
│ Middleware Pipeline │
├─────────────────────────────────────────────────────────────┤
│ Security │ Performance │ HTTP │ Core │
├─────────────────────────────────────────────────────────────┤
│ HTTP Layer │
├─────────────────────────────────────────────────────────────┤
│ Request │ Response │ PSR-7/15 │ Object Pools │
├─────────────────────────────────────────────────────────────┤
│ Routing System │
├─────────────────────────────────────────────────────────────┤
│ URL Router │ Route Cache │ Parameters │ Array Callables │
├─────────────────────────────────────────────────────────────┤
│ Core Components │
├─────────────────────────────────────────────────────────────┤
│ Container │ Events │ Cache │ Memory Manager │
└─────────────────────────────────────────────────────────────┘
Before v1.1.3 (Scattered):
src/Http/Psr15/Middleware/
├── CorsMiddleware.php
├── ErrorMiddleware.php
├── SecurityMiddleware.php
└── [Mixed responsibilities]
v1.1.3 (Organized by Responsibility):
src/Middleware/
├── Security/ # Security-focused middleware
│ ├── AuthMiddleware.php
│ ├── CsrfMiddleware.php
│ ├── SecurityHeadersMiddleware.php
│ └── XssMiddleware.php
├── Performance/ # Performance-focused middleware
│ ├── CacheMiddleware.php
│ └── RateLimitMiddleware.php
├── Http/ # HTTP protocol middleware
│ ├── CorsMiddleware.php
│ └── ErrorMiddleware.php
└── Core/ # Base middleware infrastructure
├── BaseMiddleware.php
└── MiddlewareInterface.php
Benefits:
- ✅ Clear separation of concerns
- ✅ Intuitive organization
- ✅ Easier maintenance
- ✅ 100% backward compatibility via automatic aliases
Following ARCHITECTURAL_GUIDELINES, we moved over-engineered features to experimental/:
Moved to experimental/:
JsonPrecompiler.php(660 lines) - Complex eval() usageRoutePrecompiler.php(779 lines) - Academic optimizationStaticRouteCodeGenerator.php(593 lines) - Premature optimization
Impact:
- ✅ 2,032 lines of complexity removed from core
- ✅ Zero security risks from eval() usage
- ✅ Maintained practical features (StaticFileManager, etc.)
- ✅ Preserved functionality for existing users
Before v1.1.3:
- Request pool reuse: 0%
- Response pool reuse: 0%
- Framework throughput: 20,400 ops/sec
v1.1.3 Improvements:
- Request pool reuse: 100% ✅
- Response pool reuse: 99.9% ✅
- Framework throughput: 44,092 ops/sec (+116%) ✅
┌─────────────────────────────────────────┐
│ DynamicPoolManager │
├─────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────────┐ │
│ │ Request │ │ Response │ │
│ │ Pool │ │ Pool │ │
│ │ 100% reuse │ │ 99.9% reuse │ │
│ └─────────────┘ └─────────────────┘ │
├─────────────────────────────────────────┤
│ Smart Pool Warming │
│ (Pre-allocation on startup) │
└─────────────────────────────────────────┘namespace PivotPHP\Core\Core;
class Application
{
// v1.1.3: Enhanced with array callable support
public function get(string $path, callable|array $handler): void
public function post(string $path, callable|array $handler): void
public function put(string $path, callable|array $handler): void
public function delete(string $path, callable|array $handler): void
}Key Features:
- ✅ Array callable support (PHP 8.4+ compatible)
- ✅ Service provider registration
- ✅ Event-driven lifecycle
- ✅ Middleware pipeline management
namespace PivotPHP\Core\Core;
class Container
{
// PSR-11 compliant container with lazy loading
public function get(string $id): mixed
public function has(string $id): bool
public function singleton(string $id, callable $factory): void
public function bind(string $id, callable $factory): void
}Features:
- ✅ PSR-11 compliance
- ✅ Lazy loading
- ✅ Circular dependency detection
- ✅ Singleton management
namespace PivotPHP\Core\Events;
class EventDispatcher
{
// PSR-14 compliant event dispatcher
public function dispatch(object $event): object
public function listen(string $event, callable $listener): void
}Events:
ApplicationStarted- Application initializationRequestReceived- Incoming requestResponseSent- Outgoing response- Custom events for extensions
// Traditional closure (still supported)
$app->get('/users', function($req, $res) {
return $res->json(['users' => []]);
});
// NEW: Array callable syntax
$app->get('/users', [UserController::class, 'index']);
$app->post('/users', [$controller, 'store']);
// With parameters
$app->get('/users/:id', [UserController::class, 'show']);Implementation:
namespace PivotPHP\Core\Routing;
class Router
{
// v1.1.3: callable|array union type for PHP 8.4+ compatibility
public function addRoute(string $method, string $path, callable|array $handler): void
{
// Validates callable or array format
if (is_array($handler) && !is_callable($handler)) {
throw new InvalidArgumentException('Invalid array callable format');
}
// Store route with proper handler validation
$this->routes[] = new Route($method, $path, $handler);
}
}┌─────────────────────────────────────┐
│ Route Cache │
├─────────────────────────────────────┤
│ ┌─────────────┐ ┌───────────────┐ │
│ │ Static │ │ Dynamic │ │
│ │ Routes │ │ Routes │ │
│ │ (O(1) lookup)│ │ (Regex cache) │ │
│ └─────────────┘ └───────────────┘ │
├─────────────────────────────────────┤
│ Parameter Extraction │
│ (Optimized for performance) │
└─────────────────────────────────────┘┌─────────────────────────────────────────┐
│ Input Layer │
├─────────────────────────────────────────┤
│ XSS Prevention │ Input Validation │
├─────────────────────────────────────────┤
│ Authentication │
├─────────────────────────────────────────┤
│ JWT │ API Keys │ Custom Auth Methods │
├─────────────────────────────────────────┤
│ Authorization │
├─────────────────────────────────────────┤
│ CSRF Protection │ Rate Limiting │
├─────────────────────────────────────────┤
│ Output Layer │
├─────────────────────────────────────────┤
│ Security Headers │ Content-Type │
└─────────────────────────────────────────┘use PivotPHP\Core\Middleware\Security\{
SecurityHeadersMiddleware,
XssMiddleware,
CsrfMiddleware,
AuthMiddleware
};
// Automatic security headers
$app->use(new SecurityHeadersMiddleware([
'X-Frame-Options' => 'DENY',
'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '1; mode=block',
'Strict-Transport-Security' => 'max-age=31536000'
]));
// XSS protection
$app->use(new XssMiddleware());
// CSRF protection
$app->use(new CsrfMiddleware());┌─────────────────────────────────────────┐
│ JSON Buffer Pool │
├─────────────────────────────────────────┤
│ ┌──────────┐ ┌──────────┐ ┌─────────┐ │
│ │ Small │ │ Medium │ │ Large │ │
│ │ (2KB) │ │ (8KB) │ │ (32KB) │ │
│ │ 161K/sec │ │ 17K/sec │ │ 1.7K/s │ │
│ └──────────┘ └──────────┘ └─────────┘ │
├─────────────────────────────────────────┤
│ Automatic Selection │
│ (Based on data size/complexity) │
└─────────────────────────────────────────┘Automatic Optimization:
- Smart detection: Arrays 10+ elements, objects 5+ properties
- Transparent fallback: Small data uses traditional
json_encode() - Zero configuration: Works out-of-the-box
namespace PivotPHP\Core\Memory;
class MemoryManager
{
// Intelligent memory pressure monitoring
public function getMemoryPressure(): float
public function optimizeMemoryUsage(): void
public function getMemoryStats(): array
}namespace PivotPHP\Core\Providers;
abstract class ServiceProvider
{
// Registration phase
abstract public function register(): void;
// Boot phase (after all providers registered)
public function boot(): void {}
}Example Extension:
class CustomServiceProvider extends ServiceProvider
{
public function register(): void
{
$this->container->singleton('custom.service', function() {
return new CustomService();
});
}
public function boot(): void
{
// Access other services after registration
$router = $this->container->get('router');
$router->addMiddleware(new CustomMiddleware());
}
}┌─────────────────────────────────────┐
│ PHPStan Level 9 │
├─────────────────────────────────────┤
│ ✅ 100% type coverage │
│ ✅ Zero mixed types │
│ ✅ Strict parameter validation │
│ ✅ Return type enforcement │
└─────────────────────────────────────┘
- 684+ tests with comprehensive assertions
- Core, Integration, Performance test suites
- Multi-PHP validation (8.1-8.4)
- Docker-based CI/CD testing
- Object pooling: 100% reuse rate
- Framework throughput: 44,092 ops/sec (+116%)
- Memory efficiency: Optimized garbage collection
- Multi-version compatibility: PHP 8.1-8.4
Features moved to experimental/ directory (not production-ready):
experimental/
├── Json/
│ └── JsonPrecompiler.php # Advanced JSON precompilation
├── Routing/
│ ├── RoutePrecompiler.php # Route code generation
│ └── StaticRouteCodeGenerator.php # Static route optimization
└── README.md # Usage warnings and alternativesWhy experimental?
- Complex implementations with diminishing returns
- Security risks (eval() usage)
- Violation of simplicity principles
- Academic interest rather than practical value
- WebSocket support (via ReactPHP extension)
- GraphQL integration
- Advanced caching layers
- Microservice orchestration
- Enhanced monitoring
- ✅ Simplicity over premature optimization
- ✅ Type safety over convenience
- ✅ Performance through optimization, not complexity
- ✅ Backward compatibility always
- ✅ Community-driven development
This architecture guide reflects PivotPHP Core v1.1.3's maturity as a production-ready microframework that balances high performance with architectural simplicity, following modern PHP best practices while maintaining the familiar Express.js development experience.