Getting Started
InstallWhy Strata?RoutingModules Core Database Middleware Security CLIRequests & ResponsesDependency InjectionMigration

Modules

Strata core is ~450kb. Everything else is a module. Pick what you need, skip what you don’t.

Why modules?

No bloat

APIs don’t need templating. CLIs don’t need sessions. Start micro, grow if needed.

No lock-in

Use Eloquent, Doctrine, or raw PDO. Middleware from any PSR-15 package.

Explicit

composer require shows exactly what’s in your app. No hidden magic.

Quick Start

git clone https://github.com/lazysod/strataphp-public
cd strataphp-public/public_html
composer install
cp .env.example .env
# Edit .env with DB/mail creds
# Point vhost to /public_html

Official Modules

Module Install What it does
strata/router composer require lazysod/strata-router Radix tree router, PSR-7/15
strata/database composer require lazysod/strata-database Migrations, query builder, pooling
strata/cli composer require lazysod/strata-cli php strata make:controller etc
strata/user composer require lazysod/strata-user Auth, registration, password reset

Module Structure

Every module must have these files to pass validation:

your-module/
├── index.php          # Module metadata - required
├── routes.php         # Routes - required
├── README.md          # Docs - required
├── CHANGELOG.md       # Changes - recommended
├── controllers/       # If structure_requirements['controllers'] = true
├── models/           # If needed
├── views/            # If needed
└── assets/           # CSS, JS, images - optional

index.php metadata

<?php
return [
    'name' => 'Your Module Name',
    'slug' => 'your-module',
    'version' => '1.0.0',
    'description' => 'Brief description',
    'author' => 'You',
    'category' => 'Utility', // Content, E-commerce, Social, Utility, Analytics, Security, SEO, Media, API, Admin, Development, Marketing
    'license' => 'MIT',
    'framework_version' => '1.0.0',
    'repository' => 'https://github.com/you/module',
    'structure_requirements' => [
        'controllers' => true,
        'views' => true,
        'models' => false
    ],
    'enabled' => true
];

Validation System

Strata validates modules for structure, security, and quality. Check status at /admin/modules.

Status Meaning
Valid Required files present, no security issues, error handling + docs exist. Production ready.
Warnings Works but missing CHANGELOG.md, non-standard category, perf suggestions.
Invalid Missing required files, eval() in non-admin code, no try-catch. Fix before use.

CLI: php -r "require 'public_html/app/start.php'; $v = new \App\Services\ModuleValidator(); print_r($v->validateModule('public_html/modules/your-module'));"

Development Guidelines

  1. Database: Use DB class only. No mysqli_connect().
  2. CSRF: Every form needs <input type="hidden" name="token" value="<?= TokenManager::csrf() ?>">
  3. Errors: Wrap controller methods in try-catch. Log with Logger.
  4. Sessions: Prefix keys with PREFIX from config to avoid conflicts.
  5. Security: No eval, exec, system except admin modules. Parameterized queries only.
  6. Docs: PHPDoc on all classes/methods + README.md in module root.
  7. Assets: Put CSS/JS in module /assets/. Views in /views/.

Enable & Disable Modules

Control modules in app/config.php:

'modules' => [
                        'user' => true,
                        'forum' => false,
                        'api' => true,
                    ],

Disabled modules won’t load routes. The API module, admin links, and NSFW flags all respect this config. You can also toggle from /admin/modules.

Migrations & Seeding

php bin/migrate.php                # Apply new migrations
php bin/rollback.php 2             # Roll back last 2
php bin/migration_status.php       # Show status
php bin/create_migration.php AddUsersTable   # Scaffold migration
php bin/seed.php                   # Run seeds/
php bin/seed.php --down            # Remove seeded data

Always create a .down.php file for rollbacks. Migration locking prevents concurrent runs.

Next: Database →