maatify/validation

Schema-based validation library for PHP applications

Maintainers

Package info

github.com/Maatify/Validation

pkg:composer/maatify/validation

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0.0 2026-03-05 13:11 UTC

Requires

Requires (Dev)

MIT 235c1496170d6601043b3bf51869b5110b467d68

  • Mohamed Abdulalim <mohamed.woop@maatify.dev>

This package is auto-updated.

Last update: 2026-03-05 13:18:33 UTC

README

Latest Version PHP Version License

PHPStan

Changelog Security

Monthly Downloads Total Downloads

A type-safe, framework-agnostic input validation module built on top of
Respect/Validation, designed for clean architecture, strict static analysis, and future extraction as a standalone library.

This module is designed for standalone usage and is not coupled to:

  • Authentication
  • Authorization (Guards)
  • Domain Logic
  • HTTP Frameworks (Slim, PSR-7)
  • UI / Templates

๐ŸŽฏ Goals

  • Centralize input validation in a clean, reusable layer
  • Eliminate duplicated validation logic in controllers
  • Enforce type-safety using DTOs and Enums
  • Pass PHPStan level max with zero suppressions
  • Prepare the module for future extraction as a standalone package

๐Ÿงฑ Architectural Principles

1. Validation is a Cross-Cutting Concern

Validation:

  • Touches Controllers and Requests
  • Does not belong to Domain, Auth, or Guards
  • Produces no side effects (no audit, no security events)

2. Validation โ‰  Authorization

  • Validation checks data correctness
  • Authorization checks permissions
  • They are strictly separated

3. No Strings, No Magic

  • All error codes are Enums
  • All responses are DTOs
  • No hard-coded strings in schemas

๐Ÿ“ Directory Structure


src/
โ”œโ”€โ”€ Contracts/
โ”‚   โ”œโ”€โ”€ SchemaInterface.php
โ”‚   โ”œโ”€โ”€ ValidatorInterface.php
โ”‚   โ”œโ”€โ”€ ErrorMapperInterface.php
โ”‚   โ””โ”€โ”€ SystemErrorMapperInterface.php
โ”‚
โ”œโ”€โ”€ DTO/
โ”‚   โ”œโ”€โ”€ ValidationResultDTO.php
โ”‚   โ””โ”€โ”€ ApiErrorResponseDTO.php
โ”‚
โ”œโ”€โ”€ Enum/
โ”‚   โ”œโ”€โ”€ ValidationErrorCodeEnum.php
โ”‚   โ”œโ”€โ”€ AuthErrorCodeEnum.php
โ”‚   โ””โ”€โ”€ HttpStatusCodeEnum.php
โ”‚
โ”œโ”€โ”€ ErrorMapper/
โ”‚   โ”œโ”€โ”€ ApiErrorMapper.php
โ”‚   โ””โ”€โ”€ SystemApiErrorMapper.php
โ”‚
โ”œโ”€โ”€ Rules/
โ”‚   โ”œโ”€โ”€ EmailRule.php
โ”‚   โ”œโ”€โ”€ PasswordRule.php
โ”‚   โ””โ”€โ”€ RequiredStringRule.php
โ”‚
โ”œโ”€โ”€ Schemas/
โ”‚   โ”œโ”€โ”€ AbstractSchema.php
โ”‚   โ”œโ”€โ”€ AuthLoginSchema.php
โ”‚   โ””โ”€โ”€ AdminCreateSchema.php
โ”‚
โ””โ”€โ”€ Validator/
โ””โ”€โ”€ RespectValidator.php

๐Ÿ“ฆ Dependency

This module relies on:

composer require respect/validation

No other external dependencies are required.

๐Ÿงฉ Core Concepts

1๏ธโƒฃ Rules

Rules are pure validation units built on Respect/Validation.

  • One rule = one responsibility
  • No HTTP, no DTOs, no Domain logic
  • Return Validatable via docblocks for PHPStan compatibility

Example:

EmailRule::rule()

2๏ธโƒฃ Schemas

Schemas describe request-level validation.

  • One schema per endpoint / use-case
  • Declarative rules
  • No try/catch duplication
  • All schemas extend AbstractSchema

Example:

final class AuthLoginSchema extends AbstractSchema
{
    protected function rules(): array
    {
        return [
            'email' => [v::email(), ValidationErrorCodeEnum::INVALID_EMAIL],
            'password' => [CredentialInputRule::rule(), ValidationErrorCodeEnum::INVALID_PASSWORD],
        ];
    }
}

3๏ธโƒฃ ValidationResultDTO

Schemas always return a ValidationResultDTO:

  • isValid(): bool
  • getErrors(): array<string, list<ValidationErrorCodeEnum>>

No exceptions are thrown for invalid input.

4๏ธโƒฃ Error Mapping

Errors are mapped once at the system boundary.

  • Validation โ†’ ValidationErrorCodeEnum
  • Auth / Guards โ†’ AuthErrorCodeEnum
  • Transport โ†’ HttpStatusCodeEnum

All errors are converted into a single response shape via:

SystemApiErrorMapper

5๏ธโƒฃ ApiErrorResponseDTO

All API error responses are represented as a DTO:

ApiErrorResponseDTO
  • Contains HTTP status
  • Contains error code
  • Contains structured field errors
  • No arrays returned directly from mappers

๐ŸŒ Typical Flow (API)

  1. Controller receives input

  2. Schema validates input

  3. ValidationResultDTO is returned

  4. If invalid:

    • Errors mapped via SystemApiErrorMapper
    • Controller sends HTTP response

  5. If valid:

    • Controller proceeds to Service layer

โŒ What This Module Does NOT Do

  • โŒ No authentication logic
  • โŒ No authorization checks
  • โŒ No audit logging
  • โŒ No database access
  • โŒ No localization (i18n)
  • โŒ No HTTP framework coupling

๐Ÿงช Static Analysis

  • Designed to pass PHPStan level max
  • No suppressions
  • No dynamic magic exposed to type system
  • Respect/Validation handled via docblocks where needed

๐Ÿ”ฎ Future Extensions (Planned)

  • Localization mapping (Enum โ†’ i18n keys)
  • Composite schemas
  • Context-aware validation (create vs update)
  • Standalone package extraction (maatify/validation)
  • Shared SuccessResponseDTO for APIs

๐Ÿง  Architectural Decision (LOCKED)

All input validation must be expressed as Schemas using Rules + Enums, and mapped through a single system-level ErrorMapper. No strings, no duplication, no side effects.

โœ… Status

  • Architecture: LOCKED
  • Implementation: STABLE
  • PHPStan: PASS (level max)
  • Ready for reuse and extraction

๐Ÿชช License

This library is licensed under the MIT License. See the LICENSE file for details.

๐Ÿ‘ค Author

Engineered by Mohamed Abdulalim (@megyptm) Backend Lead & Technical Architect https://www.maatify.dev

๐Ÿค Contributors

Special thanks to the Maatify.dev engineering team and all open-source contributors. Contributions are welcome.

Built with โค๏ธ by Maatify.dev โ€” Unified Ecosystem for Modern PHP Libraries