This document outlines the vision, adoption strategy, and planned features for the Anonymize Bundle. The goal is to make it the default Symfony solution for database anonymization and GDPR-friendly dev/test data.
- Vision and why this bundle will be widely used
- Adoption roadmap (next 12–24 months)
- Current Status (1.0.12 - Released)
- Phase 1: Enhanced Fakers (v0.1.0)
- Phase 2: Advanced Anonymization Features (v0.2.0)
- Phase 3: Database and Platform Support (v0.3.0)
- Phase 4: Developer Experience (v0.4.0)
- Phase 5: Enterprise Features (v0.5.0)
- Phase 6: Performance and Scalability (v0.6.0)
- Phase 7: Security and Compliance (v0.7.0)
- Phase 8: Advanced Features (v0.8.0)
- Implementation Priority
- Community and contributions
- Version Timeline
- Notes
"Anonymize Bundle: the standard way to anonymize database data in Symfony apps—in under a minute, with zero risk in production."
Bundles that become community standards (DoctrineBundle, MakerBundle, SecurityBundle, API Platform) share a few traits: they solve a clear, recurring pain; they have a fast time-to-value; they are safe by default; and they fit the Symfony ecosystem (attributes, DI, events). This roadmap doubles down on those traits without losing focus on the core job: anonymize sensitive data in dev/test and support GDPR workflows.
- Development and test only: Anonymize production-like copies so teams can work without real PII. Production execution remains blocked by design.
- Attribute-first, optional config: One entity, a few attributes, one command. No required YAML for the happy path.
- Doctrine ORM first: MySQL, PostgreSQL, SQLite today; MongoDB and others as first-class when demand and maintainability allow.
- GDPR-aware: Right to erasure, data portability, and “anonymous dev data” are use cases we support via patterns, traits, and docs—not by running in production.
| Pillar | What we do | Why it drives adoption |
|---|---|---|
| Developer experience | Quick start in <1 min, sensible defaults, --dry-run and pre-flight checks, progress and stats |
Low friction → more teams try it; fewer “it broke my DB” stories → trust. |
| Ecosystem fit | Symfony Flex recipe, compatibility with 6.1/7/8, events and services for extensibility | Standard install path; works in real Symfony projects and CI. |
| Trust | Dev/test only, no prod, clear docs, semver, upgrade guide | Security and compliance teams accept it; maintainers can recommend it. |
| Reach | Docs, “Anonymize in 60 seconds”, Symfony blog/community, optional integrations (Messenger, Lock, Fixtures) | Visibility and “it works with my stack” → word of mouth and stars. |
This roadmap prioritizes work that strengthens these four pillars while keeping the core use case central.
Concrete milestones to increase usage and community. Order is intentional: visibility and DX first, then integrations, then scale and optional enterprise.
-
Symfony Flex recipe (recipes-contrib)
- Publish recipe so
composer require nowo-tech/anonymize-bundle --devcreates config and registers the bundle in the right envs. - Impact: Same “one command and go” experience as other popular bundles.
- Publish recipe so
-
“Anonymize in 60 seconds” guide
- Single doc or README section: copy one entity snippet, run one command, see anonymized data. No optional features.
- Impact: Conference/demo slide and first-run success.
-
Symfony blog / community spotlight
- One post or spotlight (Symfony blog, newsletter, or community site) explaining the problem and the bundle.
- Impact: Credibility and discoverability.
-
CI / pipeline documentation
- Document (or small example) for “run anonymization in CI” (e.g. after fixtures or before E2E). Optional GitHub Action or Make target.
- Impact: Fits modern dev workflows and increases retention.
-
Symfony Messenger integration
- Optional: dispatch anonymization per entity or per connection to Messenger (async).
- Impact: Large DBs and teams that already use Messenger get a natural fit.
-
Symfony Lock integration
- Use Lock component to prevent concurrent anonymization runs (e.g. same connection).
- Impact: Safety in shared dev/staging and scripts.
-
MongoDB ODM support
- First-class support for Doctrine MongoDB ODM (demos already have infrastructure).
- Impact: Full-stack and API teams often have both SQL and MongoDB.
-
Doctrine Data Fixtures / Foundry
- Document “load fixtures then anonymize” or optional hook/recipe step. No required coupling.
- Impact: Fits “realistic test data” workflows without changing fixture semantics.
-
Resume / checkpoint
- Optional checkpoint and resume for long-running runs.
- Impact: Very large DBs and staging environments.
-
Config-file alternative
- Optional YAML/JSON config for entity-level rules (in addition to attributes) for teams that prefer config.
- Impact: Enterprise and “config-driven” teams without breaking attribute-first.
-
Plugin / community fakers
- Simple registry or tag for third-party fakers (e.g. domain-specific: healthcare, finance).
- Impact: Community can extend without forking; niche use cases get supported.
-
Compliance and audit
- Optional audit log of “what was anonymized when” (e.g. for compliance reports). Stays dev/test oriented.
- Impact: Trust from security and compliance when recommending the bundle.
Nothing in Phases A–C changes the rule: dev/test only, production execution blocked, attribute-first by default.
- Fakers: email, name, surname, age, phone, IBAN, credit_card, service, address, date, username, url, company, masking, password, ip_address, mac_address, uuid, hash, coordinate, color, boolean, numeric, file, json, text, enum, country, language, hash_preserve, shuffle, constant, dni_cif, name_fallback, html, pattern_based, copy, null, utm, map (40 total)
- Core Features: Attribute-based configuration, multiple connections, batch processing, dry-run mode, pre-flight checks, progress bars, enhanced environment protection, debug/verbose modes
- Tracking: AnonymizableTrait with
anonymizedcolumn - Patterns: Inclusion/exclusion pattern matching with
|(OR) operator support and relationship patterns (e.g.,'type.name' => '%HR') - Databases: MySQL, PostgreSQL, SQLite support
- MongoDB Tools: Command to generate scripts for adding
anonymizedfield to MongoDB documents - Services: SchemaService for column detection
- Demos: 9 entities (User, Customer, Product, Order, Invoice, Employee, SystemLog, EmailSubscription, Type) with comprehensive fixtures and complete CRUD interfaces
- Demos Coverage: 100% faker coverage (all 40 fakers demonstrated)
- Demos Databases: MySQL, PostgreSQL, SQLite, MongoDB (infrastructure ready)
-
✅ AddressFaker - IMPLEMENTED
- Generate street addresses
- Options:
country,include_postal_code,format(full/short) - Use cases: User addresses, company locations
- Status: Available in v0.0.11
-
✅ DateFaker - IMPLEMENTED
- Generate dates (birth dates, registration dates, etc.)
- Options:
min_date,max_date,format,type(past/future/between) - Use cases: Birth dates, registration dates, last login dates
- Status: Available in v0.0.11
-
✅ CompanyFaker - IMPLEMENTED
- Generate company names
- Options:
type(corporation/llc/inc),suffix(Inc./Ltd./GmbH) - Use cases: Company entities, business names
- Status: Available in v0.0.11
-
✅ UrlFaker - IMPLEMENTED
- Generate URLs and domains
- Options:
scheme(http/https),domain,path - Use cases: Website URLs, API endpoints, profile URLs
- Status: Available in v0.0.11
-
✅ UsernameFaker - IMPLEMENTED
- Generate usernames
- Options:
min_length,max_length,prefix,suffix,include_numbers - Use cases: User accounts, social media handles
- Status: Available in v0.0.11
-
✅ MaskingFaker - IMPLEMENTED (Phase 2 feature, early implementation)
- Partial masking of sensitive data
- Options:
preserve_start,preserve_end,mask_char,mask_length - Use cases: Email masking, phone masking, credit card masking
- Status: Available in v0.0.11
-
✅ PasswordFaker - IMPLEMENTED
- Generate secure passwords (for testing)
- Options:
length,include_special,include_numbers,include_uppercase - Use cases: Password reset testing, account creation
- Status: Available in v0.0.12
-
✅ IpAddressFaker - IMPLEMENTED
- Generate IP addresses (IPv4/IPv6)
- Options:
version(4/6),type(public/private/localhost) - Use cases: Log IPs, session IPs, API request IPs
- Status: Available in v0.0.12
-
✅ MacAddressFaker - IMPLEMENTED
- Generate MAC addresses
- Options:
separator(colon/dash/none),uppercase - Use cases: Device tracking, network logs
- Status: Available in v0.0.12
-
✅ UuidFaker - IMPLEMENTED
- Generate UUIDs (v1, v4)
- Options:
version(1/4),format(with/without dashes) - Use cases: API tokens, unique identifiers
- Status: Available in v0.0.12
-
✅ HashFaker - IMPLEMENTED
- Generate hash values (MD5, SHA1, SHA256, SHA512)
- Options:
algorithm(md5/sha1/sha256/sha512),length - Use cases: Password hashes, token hashes
- Status: Available in v0.0.12
-
✅ CoordinateFaker - IMPLEMENTED
- Generate GPS coordinates (latitude/longitude)
- Options:
format(array/string/json),precision,bounds(min_lat, max_lat, min_lng, max_lng) - Use cases: Location data, geolocation tracking
- Status: Available in v0.0.12
-
✅ ColorFaker - IMPLEMENTED
- Generate color values
- Options:
format(hex/rgb/rgba),alpha - Use cases: User preferences, theme colors
- Status: Available in v0.0.12
-
✅ FileFaker - IMPLEMENTED
- Generate file paths and names
- Options:
extension,directory,absolute - Use cases: File uploads, document paths
- Status: Available in v0.0.12
-
✅ JsonFaker - IMPLEMENTED
- Generate JSON structures
- Options:
schema,depth,max_items - Use cases: JSON columns, API responses stored in DB
- Status: Available in v0.0.12
-
✅ TextFaker - IMPLEMENTED
- Generate text content (sentences, paragraphs)
- Options:
type(sentence/paragraph),min_words,max_words - Use cases: Comments, descriptions, notes
- Status: Available in v0.0.12
-
✅ NumericFaker - IMPLEMENTED
- Generate numeric values (integers, decimals)
- Options:
type(int/float),min,max,precision(for floats) - Use cases: Prices, quantities, scores, ratings
- Status: Available in v0.0.12
-
✅ BooleanFaker - IMPLEMENTED
- Generate boolean values
- Options:
true_probability(0-100) - Use cases: Flags, toggles, status booleans
- Status: Available in v0.0.12
-
✅ EnumFaker - IMPLEMENTED
- Generate values from a predefined enum/list
- Options:
values(array),weighted(associative array with probabilities) - Use cases: Status fields, categories, types
- Status: Available in v0.0.12
-
✅ CountryFaker - IMPLEMENTED
- Generate country codes/names
- Options:
format(code/name/iso2/iso3),locale - Use cases: Country fields, nationality
- Status: Available in v0.0.12
-
✅ LanguageFaker - IMPLEMENTED
- Generate language codes/names
- Options:
format(code/name),locale - Use cases: Language preferences, content language
- Status: Available in v0.0.12
-
EmailFaker
- Add:
domainoption (custom domain) - Add:
formatoption (name.surname@domain, random@domain) - Add:
local_part_lengthoption
- Add:
-
PhoneFaker
- Add:
country_codeoption (specific country) - Add:
formatoption (international/national) - Add:
include_extensionoption
- Add:
-
CreditCardFaker
- Add:
typeoption (visa/mastercard/amex) - Add:
validoption (generate valid Luhn numbers) - Add:
formattedoption (with/without spaces/dashes)
- Add:
-
IbanFaker
- Add:
countryoption (specific country) - Add:
validoption (generate valid IBANs) - Add:
formattedoption (with/without spaces)
- Add:
-
AgeFaker
- Add:
distributionoption (uniform/normal) - Add:
meanandstd_devfor normal distribution
- Add:
-
NameFaker / SurnameFaker
- Add:
genderoption (male/female/random) - Add:
locale_specificoption (use locale-specific names)
- Add:
-
✅ MaskingFaker: Partial masking - IMPLEMENTED (v0.0.11)
- Options:
preserve_start,preserve_end,mask_char,mask_length - Use cases: Email masking, phone masking, credit card masking
- Status: Available in v0.0.11, early implementation from Phase 2
- Options:
-
✅ HashPreserveFaker: Hash original value (deterministic anonymization) - IMPLEMENTED (v0.0.13)
- Options:
algorithm(md5/sha1/sha256/sha512),salt,preserve_format,length - Use cases: When you need to maintain referential integrity
- Status: Available in v0.0.13
- Options:
-
✅ ShuffleFaker: Shuffle values within a column (maintains distribution) - IMPLEMENTED (v0.0.13)
- Options:
values(required),seed(for reproducibility),exclude - Use cases: When statistical properties must be preserved
- Status: Available in v0.0.13
- Options:
-
✅ ConstantFaker: Replace with constant value - IMPLEMENTED (v0.0.13)
- Options:
value(required, can be any type including null) - Use cases: Null out sensitive data or replace with fixed values
- Status: Available in v0.0.13
- Options:
-
ForeignKeyFaker: Maintain referential integrity
- Options:
preserve_relationships,cascade_mode - Use cases: Foreign keys, related entities
- Options:
-
ConsistentFaker: Same value for same original (deterministic)
- Options:
seed,scope(global/entity/connection) - Use cases: When same original should always anonymize to same value
- Options:
-
RegexPatternMatcher: Support regex patterns
- Options:
pattern,flags - Use cases: Complex matching rules
- Options:
-
DateRangePatternMatcher: Date-based patterns
- Options:
before,after,between - Use cases: Anonymize records older than X days
- Options:
-
CompositePatternMatcher: Multiple conditions (AND/OR)
- Options:
logic(and/or),patterns - Use cases: Complex business rules
- Options:
-
Parallel Processing: Process multiple connections in parallel
- Options:
max_workers,connection_parallelism - Use cases: Large databases with multiple connections
- Options:
-
Progress Tracking: Real-time progress reporting
- Options:
progress_callback,update_interval - Use cases: Long-running anonymization jobs
- Options:
-
Resume Support: Resume interrupted anonymization
- Options:
checkpoint_file,resume_from_checkpoint - Use cases: Large datasets that may be interrupted
- Options:
- ODM (Object Document Mapper) support
- Document-level anonymization
- Embedded document handling
- Status: Infrastructure ready in demos, ODM support pending
- Full support for SQLite databases
- File-based database handling
- Lightweight database for development/testing
- Use cases: Local development, testing, embedded applications
- Full compatibility with MySQL (drop-in replacement)
- Similar syntax and features to MySQL
- Use cases: Open-source alternative to MySQL, high availability setups
- Enterprise-grade database support
- Oracle-specific SQL syntax handling
- Advanced features: partitioning, materialized views
- Use cases: Enterprise applications, large-scale systems
- SQL Server-specific syntax and features
- Support for T-SQL extensions
- Integration with Azure SQL
- Use cases: Enterprise applications, Windows-based infrastructure
- Key-value store anonymization
- Support for different data structures (strings, hashes, lists, sets, sorted sets)
- Session and cache data anonymization
- Use cases: Caching, session storage, real-time analytics
- Distributed NoSQL database support
- Column-family data model
- Wide-column store anonymization
- Use cases: Big Data, IoT, time-series data, high write throughput
- Document database support (alternative to MongoDB)
- JSON document anonymization
- Multi-master replication support
- Use cases: Content management, mobile applications, offline-first apps
- Graph database anonymization
- Node and relationship anonymization
- Property anonymization in graph structures
- Use cases: Social networks, recommendation engines, fraud detection
- InfluxDB: Time-series data anonymization
- TimescaleDB: PostgreSQL extension for time-series
- Temporal data anonymization
- Use cases: IoT, monitoring, metrics, financial data
- Bulk operations for better performance
- Database-specific SQL optimizations
- Connection pooling support
- Query optimization per database type
- Batch processing optimizations
-
Pre-flight Checks: Validate configuration before execution
- Check entity existence
- Check column existence
- Validate patterns
- Check database connectivity
- Validate faker types and options
- Check for circular dependencies in relationships
-
Backup Integration: Automatic backup before anonymization
- Options:
auto_backup,backup_format,backup_location - Use cases: Safety net for production-like environments
- Integration with Symfony backup tools
- Options:
-
Rollback Support: Ability to rollback anonymization
- Options:
create_snapshot,rollback_from_snapshot - Use cases: Testing anonymization strategies
- Transaction-based rollback support
- Options:
-
✅ Environment Protection: Enhanced production safety - IMPLEMENTED (v0.0.13)
- ✅ Additional environment checks in all commands
- ✅ Configuration file validation (prevent prod config)
- ✅ Runtime environment detection improvements
- ✅ Bundle registration validation in bundles.php
-
✅ Interactive Mode: Interactive command execution - IMPLEMENTED (v0.0.17)
- ✅ Step-by-step confirmation prompts
- ✅ Summary display before anonymization
- ✅ Confirmation for each entity manager
- ✅ Confirmation for each entity
- ✅ Entity details display (table name, property count)
- ⏳ Interactive pattern builder (Pending)
- ⏳ Guided entity selection (Pending)
-
✅ Progress Bars: Visual progress indicators - IMPLEMENTED (v0.0.13)
- ✅ Real-time progress bars for batch processing
- ✅ Estimated time remaining
- ✅ Per-entity progress tracking
- ✅ Option
--no-progressto disable
-
✅ Verbose Modes: Enhanced output options - IMPLEMENTED (v0.0.13)
- ✅ Multiple verbosity levels (normal, verbose, debug)
- ✅
--verbose, -voption - ✅
--debugoption - ✅ Detailed information in debug mode
- Color-coded output
- Structured output formats (table, JSON, YAML)
-
Command Chaining: Chain multiple commands
- Pipeline support for multiple operations
- Conditional execution based on previous results
-
✅ Detailed Reports: Enhanced statistics and reporting - PARTIALLY IMPLEMENTED (v0.0.17)
- ✅ Per-entity statistics
- ✅ Per-property statistics
- ✅ Export to CSV/JSON
- ✅ Success rate calculation
- ⏳ Time-based analytics (Pending)
- ⏳ Export to PDF/HTML (Pending)
- ⏳ Comparison reports (before/after) (Pending)
-
✅ Anonymization History: Track anonymization runs - IMPLEMENTED (v0.0.17)
- ✅ Store metadata about each run
- ✅ Query anonymization history
- ✅ Compare runs
- ⏳ Timeline visualization (Pending)
- ⏳ Audit trail export (Pending)
-
Data Quality Metrics: Validate anonymization quality
- Uniqueness checks
- Distribution analysis
- Format validation
- Data integrity checks
- Referential integrity validation
-
Performance Profiling: Performance analysis
- Query execution time tracking
- Memory usage monitoring
- Bottleneck identification
- Optimization suggestions
-
YAML/JSON Configuration: Entity-level configuration files
- Define anonymization rules in config files
- Version control friendly
- Environment-specific configurations
- Configuration inheritance
- Configuration templates
-
Configuration Validation: Validate configuration files
- Schema validation
- Entity/column existence checks
- Pattern syntax validation
- Faker option validation
- Configuration diff tool
-
Configuration Migration: Migrate between configuration formats
- Convert attributes to config files
- Convert config files to attributes
- Configuration versioning
-
Test Data Generator: Generate test data with anonymization
- Create anonymized test datasets
- Export/import anonymized data
- Fixture generation
- Data factory integration
-
Anonymization Testing: Test anonymization rules
- Unit test helpers
- Integration test support
- Mock fakers for testing
- Test fixtures with anonymized data
- Assertion helpers for anonymized data
-
Test Coverage: Testing improvements
- Increase test coverage
- Performance tests
- Integration tests for all databases
- E2E tests with demos
-
Enhanced Documentation: Comprehensive guides
- Video tutorials
- Interactive examples
- Best practices guide
- Common patterns and recipes
- Troubleshooting guide
-
Code Examples: Real-world examples
- More demo projects
- Industry-specific examples (healthcare, finance, e-commerce)
- Complex use case examples
- Migration examples
-
API Documentation: Complete API reference
- PHPDoc improvements
- API reference generation
- Method documentation
- Class diagrams
-
GDPR Compliance Tools: GDPR-specific anonymization
- Right to be forgotten automation
- Data retention policies
- Consent management integration
-
Audit Logging: Comprehensive audit trails
- Who anonymized what and when
- Change tracking
- Compliance reporting
-
Data Classification: Classify data sensitivity
- PII detection
- Sensitivity levels
- Automatic classification
-
✅ Event System: Symfony events for extensibility - IMPLEMENTED (v0.0.13)
- ✅
BeforeAnonymizeEvent- Dispatched before anonymization starts - ✅
AfterAnonymizeEvent- Dispatched after anonymization completes - ✅
AnonymizePropertyEvent- Dispatched before anonymizing each property (allows modification/skipping) - ✅
BeforeEntityAnonymizeEvent- Dispatched before processing each entity - ✅
AfterEntityAnonymizeEvent- Dispatched after processing each entity - ✅ Custom event listeners support
- ✅ Event subscribers support
- ✅ EventDispatcher is optional (works without it)
- ✅
-
Plugin System: Third-party faker plugins
- Plugin registry
- Plugin discovery
- Plugin configuration
- Plugin marketplace
- Plugin versioning
-
Symfony Integration: Deep Symfony integration
- Symfony Messenger integration (async anonymization)
- Symfony Scheduler integration (scheduled anonymization)
- Symfony Lock integration (prevent concurrent runs)
- Symfony Cache integration (metadata caching)
- Symfony Serializer integration (data export)
-
API Integration: REST API for anonymization
- HTTP endpoints for anonymization
- Webhook support
- API authentication
- GraphQL support
- OpenAPI/Swagger documentation
-
Incremental Anonymization: Anonymize only new/changed records
- Track last anonymization date
- Delta anonymization
- Change detection
- Timestamp-based filtering
- Change log integration
-
Multi-tenant Support: Tenant-aware anonymization
- Tenant isolation
- Per-tenant configurations
- Tenant-specific patterns
- Tenant-aware statistics
- Cross-tenant anonymization prevention
-
Data Lineage: Track data relationships
- Dependency graph
- Impact analysis
- Cascade visualization
- Relationship mapping
- Dependency resolution
-
Conditional Anonymization: Smart anonymization rules
- Time-based rules (anonymize after X days)
- Status-based rules (anonymize inactive users)
- Custom condition evaluators
- Rule engine integration
-
Selective Anonymization: Fine-grained control
- Column-level selection
- Row-level selection
- Partial anonymization
- Incremental property anonymization
-
Query Optimization: Optimize database queries
- Index usage analysis and recommendations
- Query batching optimization
- Connection pooling
- Prepared statement caching
- Query plan analysis
-
Memory Management: Efficient memory usage
- Streaming for large datasets
- Memory-efficient batch processing
- Garbage collection optimization
- Memory profiling tools
- Memory leak detection
-
Caching: Cache metadata and configurations
- Entity metadata caching
- Pattern compilation caching
- Faker instance caching
- Query result caching
- Multi-level caching strategy
-
Parallel Processing: Multi-threaded processing
- Parallel entity processing
- Parallel connection processing
- Thread-safe operations
- Resource pool management
-
Distributed Processing: Support for distributed systems
- Queue integration (RabbitMQ, Redis, SQS)
- Worker processes
- Distributed coordination
- Load balancing
- Fault tolerance
-
Large Dataset Support: Handle very large databases
- Chunking strategies
- Progress persistence
- Resource management
- Streaming processing
- Pagination strategies
-
Horizontal Scaling: Scale across multiple servers
- Multi-server coordination
- Distributed locking
- Shared state management
- Load distribution
-
Metrics Collection: Performance metrics
- Processing time metrics
- Throughput metrics
- Error rate metrics
- Resource usage metrics
- Custom metrics support
-
Logging: Enhanced logging
- Structured logging
- Log levels configuration
- Log aggregation support
- Audit logging
- Performance logging
-
Tracing: Distributed tracing
- Request tracing
- Performance tracing
- Dependency tracing
- Integration with tracing tools (Jaeger, Zipkin)
-
Health Checks: System health monitoring
- Health check endpoints
- Database connectivity checks
- Service availability checks
- Performance health indicators
-
Access Control: Role-based access control
- Permission system for anonymization commands
- User authentication for API endpoints
- Audit logging of who ran anonymization
- IP whitelisting support
-
Data Encryption: Encrypt sensitive data during processing
- Field-level encryption
- Encryption at rest support
- Key management integration
-
Input Validation: Enhanced input validation
- SQL injection prevention
- XSS prevention in reports
- Command injection prevention
- Pattern injection prevention
-
Secrets Management: Secure configuration
- Environment variable encryption
- Secrets rotation support
- Integration with secret managers (Vault, AWS Secrets Manager)
-
GDPR Tools: Enhanced GDPR compliance
- Right to be forgotten automation
- Data retention policies
- Consent management integration
- Data portability support
- Privacy impact assessments
-
HIPAA Compliance: Healthcare data compliance
- PHI (Protected Health Information) detection
- HIPAA-compliant anonymization patterns
- Audit trail requirements
- Access logging
-
PCI DSS Compliance: Payment card data compliance
- PCI DSS compliant anonymization
- Card data detection
- Secure deletion of sensitive data
- Compliance reporting
-
SOC 2 Compliance: Security compliance
- Access control logging
- Change management tracking
- Security monitoring
- Compliance reporting
-
Smart Anonymization: AI-powered anonymization
- Pattern recognition for sensitive data
- Automatic faker type detection
- Anomaly detection
- Data classification using ML
-
Data Synthesis: Generate realistic synthetic data
- GAN-based data generation
- Statistical data synthesis
- Preserve data relationships
- Maintain data distributions
-
Data Validation: Comprehensive validation
- Format validation
- Range validation
- Referential integrity checks
- Business rule validation
-
Data Profiling: Data analysis tools
- Data distribution analysis
- Data quality metrics
- Anomaly detection
- Data completeness checks
-
Workflow Engine: Automated workflows
- Define anonymization workflows
- Conditional execution
- Error handling workflows
- Retry mechanisms
-
Scheduling: Advanced scheduling
- Cron-like scheduling
- Event-driven scheduling
- Conditional scheduling
- Schedule management UI
Priorities are aligned with the Adoption roadmap (Phases A–C) above. Technical work below supports those milestones.
- Symfony Flex recipe – Publish to recipes-contrib for one-command install and config.
- “Anonymize in 60 seconds” – Single-page quick start (README or dedicated doc).
- CI / pipeline docs – How to run anonymization in CI (e.g. after fixtures, before E2E).
- Community visibility – Symfony blog post or community spotlight.
- Symfony Messenger integration – Optional async anonymization (large DBs, queues).
- Symfony Lock integration – Prevent concurrent runs (shared dev/staging).
- MongoDB ODM support – First-class ODM support (demos infrastructure ready).
- Doctrine Fixtures / Foundry – Document or optional “after fixtures” step.
- Relationship Preservation (ForeignKeyFaker / ConsistentFaker) – Referential integrity.
- Configuration file alternative – Optional YAML/JSON for entity rules (in addition to attributes).
High Priority (Phase 3.1 - v0.3.1):
- MongoDB ODM - Complete ODM support (infrastructure ready in demos)
- SQLite - Lightweight, easy to implement, common for development/testing
Medium Priority (Phase 3.2 - v0.3.2): 3. MariaDB - MySQL-compatible, straightforward implementation 4. Redis - Key-value store, common use case for caching/sessions
Lower Priority (Phase 3.3 - v0.3.3): 5. Microsoft SQL Server - Enterprise support, Windows-based infrastructure 6. Oracle Database - Enterprise support, large-scale systems 7. Cassandra - Big Data use cases, distributed systems
Future Consideration (Phase 3.4+): 8. CouchDB - Alternative document database to MongoDB 9. Neo4j - Graph database support, relationship-heavy data 10. Time-Series Databases (InfluxDB, TimescaleDB) - Specialized use cases for metrics/IoT
- Resume / checkpoint – Long-running runs (very large DBs).
- Plugin / community fakers – Registry for third-party fakers.
- Compliance / audit – Optional “what was anonymized when” for reports.
- Enterprise options – Multi-tenant, API, distributed processing only where they clearly serve adoption without diluting the core (dev/test anonymization).
We welcome contributions that align with the adoption pillars (DX, ecosystem, trust, reach). That means:
- Highest impact: Flex recipe, docs (quick start, CI, best practices), visibility (blog post, talk, tweet).
- High impact: New fakers (especially domain-specific: healthcare, finance, i18n), MongoDB ODM support, Messenger/Lock integrations, tests and examples.
- Ongoing: Bug fixes, docs improvements, demos, and feedback on what would make you recommend the bundle to your team.
We prioritize work that helps more teams adopt and retain the bundle without breaking the core promise (dev/test only, attribute-first, production-safe). If you want to propose a big feature, open an issue with the use case and how it fits the roadmap; we’ll align it with a phase or explain why we defer it.
Areas where help is especially appreciated:
- Symfony Flex recipe: Prepare and maintain the recipe for recipes-contrib.
- Documentation: “Anonymize in 60 seconds”, CI/pipeline guide, best practices, i18n/locale examples.
- New fakers: Implement additional faker types (see FAKERS.md and existing implementations).
- Database drivers: MongoDB ODM first; other backends when they clearly serve adoption.
- Tests and examples: Increase coverage, real-world fixtures, integration with Data Fixtures/Foundry.
-
v0.0.16 (2026-01-20 - Released): Relationship patterns support and demo enhancements
- ✅ Relationship patterns support with dot notation (e.g.,
'type.name' => '%HR') - ✅ Automatic SQL JOIN construction for relationship patterns
- ✅ Type entity and relationship example in all demo projects
- ✅ Enhanced MongoDB CRUD navigation in all demo projects
- ✅ Relationship patterns support with dot notation (e.g.,
-
v0.0.15 (2026-01-20 - Released): MongoDB field migration command and demo improvements
- ✅ MongoDB field migration command (
nowo:anonymize:generate-mongo-field) - ✅ Enhanced CRUD navigation in all demo projects
- ✅ Improved MongoDB fixture scripts
- ✅ MongoDB field migration command (
-
v0.0.14 (2026-01-20 - Released): Pattern matching enhancements and bug fixes
- ✅ PatternMatcher OR operator support for multiple value matching
- ✅ Entity-level pattern filtering fix
- ✅ EmailSubscription demo entity with comprehensive pattern examples
- ✅ Comprehensive fixtures (~50 records) covering all pattern combinations
- ✅ Service registration improvements using attributes
-
v0.0.13 (2026-01-19 - Released): Phase 1 complete + Enhanced features
- ✅ All Phase 1 fakers implemented (32 total)
- ✅ Pre-flight checks, progress bars, environment protection
- ✅ Debug/verbose modes, info command, event system
- ✅ SystemLog entity with 100% faker coverage
-
v0.0.12 (2026-01-19 - Released): Phase 1 Complete + Enhanced Fakers
- ✅ All Phase 1 fakers implemented: File, Json, Text, Enum, Country, Language
- ✅ Enhanced existing fakers: Email, Phone, Credit Card, IBAN, Age, Name, Surname
- ✅ Total fakers: 32 (all Phase 1 + Phase 2 data preservation fakers)
- ✅ Progress: Phase 1 (100% complete - all 21 fakers)
-
v0.0.11 (2026-01-19 - Released): Phase 1 Partial Implementation
- ✅ 6 new fakers: Address, Date, Username, URL, Company, Masking
- ✅ Enhanced demos with 4 new entities (Product, Order, Invoice, Employee)
- ✅ Comprehensive fixtures for all entities
- ✅ Custom service faker example (CustomReferenceFaker)
- ✅ Total fakers: 14 (8 original + 6 new)
- ✅ Progress: Phase 1 (30% complete), Phase 2 (25% complete - MaskingFaker)
- v1.1.x (next): Adoption Phase A – Flex recipe, “60 seconds” guide, CI docs, visibility.
- v1.2.x: Adoption Phase B – Messenger (optional async), Lock, MongoDB ODM, Fixtures integration.
- v1.3.x+: Adoption Phase C – Resume/checkpoint, config file option, plugin/community fakers, compliance/audit.
- Phases 2–8 (v0.2.0–v0.8.0): Technical roadmap below remains the reference for advanced features (relationship preservation, more DBs, DX, enterprise, performance, security); delivery is aligned with adoption milestones above.
- This roadmap is subject to change based on community feedback and priorities.
- Adoption first: Features are prioritized when they strengthen DX, ecosystem fit, trust, or reach (see Four pillars).
- Core focus is fixed: Dev/test only, attribute-first, Doctrine-first, GDPR-aware. We do not dilute this to chase every use case.
- Community contributions (new fakers, docs, integrations) are welcome and can accelerate adoption milestones.
- Breaking changes will be clearly documented in UPGRADING.md; we follow semantic versioning.
Last Updated: 2026-02-17
Maintainer: Héctor Franco Aceituno (@HecFranco)
Organization: nowo-tech (https://github.com/nowo-tech)