XLNZdev
Getting Started
About XLNZdev
Simplify the complexity, XLNZdev is a proprietary devtool or harden Software Development Lifecycle (SDLC) with paradigm shift. Develop by one man to enabled one man or small team to creating and deliver amazing web app with simplicity, lightweight, low barrier to entry, ease to develop and maintain, high performance, high quality, scaleable and harden security out of the box.
Easy to scaled with 'Metamorphosis', transformable without rewrite from a monolith to distributed system or deploy with a single line CLI command.
Easy to maintain and develop while keeping time to develop relative low but with higher quality, correctness and harden securities with auto generate baseline tests such as: unit, feature, smoke, e2e/uat/dbb, property base, pentest and many more.
Comparation
| Product | Perf. RPS | Cont. Size | Harden Sec | Autogen Test |
|---|---|---|---|---|
| XLNZdev | ~6.800 | ~130Mb | ✅ | ✅ |
| Go-Lang Simple Blog A | ~7.700 | ~114Mb | ❌ | ❌ |
| PHP CMS A | ~40 | ~400-700Mb | ❌ | ❌ |
| PHP framework A | ~20 | ~1.3-2.2Gb | ❌ | ❌ |
| PHP framework A prod | ~50 | ~450-750Mb | ❌ | ❌ |
| PHP framework B | ~40 | ~400-700Mb | ❌ | ❌ |
Creating XLNZdev App
Before creating your first XLNZdev web application, make sure that your local machine had XLNZdev installer.
php xz_install
Configuration
...Cache, Lock & Release
With cache make your dynamic response or process result stored as static for a period of time to reduce compute time thus make it faster but used it wisely.Cache Set
cache_set(string $dbsel = '', string $key = '', string $value = '', int $ttl = 30): bool
Cache Get
cache_get(string $dbsel = '', string $key = ''): bool|string
Cache Flush
cache_flush(string $dbsel = ''): bool|string
Try Caching
trycaching(string $dbsel = '', string $key = '', int $ttl = 30, ?callable $fn = null): array|bool|string|int
Lock Get
lock_get(string $dbsel = '', string $key = '', int $ttl_ms = 1000): bool|string
Lock Release
lock_release(string $dbsel = '', string $key = '', string $token = ''): bool|int
Database
Database Table
Go to file: service/{service}/db_table.phpDatabase Seeder
Go to file: service/{service}/db_seeder.phpDriver Support
| Driver | Additional Stack | Stack | Desc |
|---|---|---|---|
| sqlite | no | sqlite | default dev env such as: queue, cache, rate limit, main db, etc |
| pgsql | yes | postgres | main db, default on staging and prod |
| valkey | yes | valkey | default on staging and prod |
File Storage
...Localization
Localization.Go to folder lang, it used 2 chars for language and key value array, example : es.php for spanish language, the key is english base like:
/lang
en.php
es.php
'home' => 'Hogar',
Logging
Helping you to learn more about what happens on your application.
/
* @param array $dt struct_MailSent{
* smtp_vendor?: string,
* to?: string,
* from_name?: string,
* from_email?: string,
* subject?: string,
* msg?: string,
* }
*/
function mail_sent(array $data = []): bool
Middleware
Middleware is a layer filtering HTTP requests.Add Middleware
Go to file: core/middleware.php. Then add a new function that follow the example spec:To use the middleware, on related route, fill the 'mw' array with the middleware name/s. Like on this example below:
// no middleware
['path' => '/', 'm' => 'get', 'fn' => 'gui_fe_home', 'mw' => []],// with middleware rate limit frontend
['path' => '/', 'm' => 'get', 'fn' => 'gui_fe_home', 'mw' => ['mw_rl_fe']],
Queues
Make your web snappier by sending your long process to background.Add Queue
queue_add(string $dbsel = '', string $key = '', mixed $value = '', int $ttl = 30): bool|int
Get Queue
queue_get(string $dbsel = '', string $key = ''): bool|array
Reduce Incorrectness
Zassert
Inspired by Tiger Style, The closest thing to full theorem-proving on PHP is Design by Contact (DbC) which on a simple CMS or blog is way overkill while assert is not DbC. This function is sit in-between those. while it's not a mandatory, but a nice thing to have in attempt to reduce wrong assumptions on the code and catch it earlier.Add Zassert
// $fn = function name
// $part = 'pre'|'invariant'|'post'
// $crash = 0 = add to log, 1 = throw Exception, on local env crash = 1
zassert(string $fn = '', string $part = 'pre', bool $cond = false, string $msg = '', int $crash = 0): void
Routing
...Add Route
Go to folder service/{service}/route.php. Then add an array with spec like example below, also the function need to be exists on service/{service}/v1/{file}.php
['path' => '/', 'm' => 'get', 'fn' => 'gui_fe_home', 'mw' => []]
> The naming convention is 'gui' to indicate this is gui, 'fe' is for frontend
| Key | Description |
|---|---|
| path | the url path |
| m | request method (get,post) |
| fn | the function call |
| mw | middleware name in array |
| Path Defined | Description |
|---|---|
| {lang} | language (always on first) |
| {slug} | url slug or |
| {id} | ID |
List Route
Run this command line to list routes:
php xz -a route
Rate Limiting
Limiting requests.
ratelimit(string $dbsel = '', string $key = '', int $max = 60, int $window = 1, string $zmd = ''): array|bool
Security
...Runtime Application Self-Protection (RASP)
With build-in basic Runtime Application Self-Protection (RASP) helping hardening security.CSRF
...Authentication
...Authorization
...Encryption
...Task Scheduling
Set a certain tasks run on scheduler.Go to file: service/{service}/v1/cron.php then add new function but follow the example spec, also don't forget to change the type into cron and set the cron_time:
'type' => 'cron',
'cron_time' => '1 *', // every minute
Developer Env Only
This section/feature only exists for developer envirotment, to help deliver high quality software.Dev Server
Is a local centerlized all data reports and internal tooling server for developer, to deploy it using this command line with url http://localhost:7000 :
php xz -a dpl -b intra
AV
AV helping to keep the project files safe on developer env from malware and virus.
php xz -a av -b [scan/memory/update]
Static Application Security Testing (SAST)
Helping to ensure to catch bug, wrong syntac etc, with PHPStan maximum level.
php xz -a sast
Software Composition Analysis (SCA)
Helping to ensure to software composition analysis.
php xz -a sca
Dynamic Application Security Testing (DAST)
Helping to deliver high quality software by reducing security flaws on software with basic penetration testing and patch the flaws before it hits on production.
php xz -a dast
Test
Helping to ensure deliver high quality software while reducing time to develop with Auto generate baseline placeholder Unit/Function test, and can be added if needed for more complex or more precise tests.
php xz -a test
Count Test
Counting tests for each function test.
php xz -a test -b count
Snapshot Test
Helping to ensure deliver high quality software while editing/refactor, add feature and so on, while reducing time to develop with Auto generate Snapshot test.
php xz -a test -b snap
Smoke Test
Helping to ensure deliver high quality software while reducing time to develop with Auto generate Smoke testing routes.
php xz -a test -b smoke
Property-Based Testing (PBT)
Helping to ensure deliver high quality software while reducing time to develop with Auto generate Property-Based Testing (PBT).
php xz -a test -b pbt
End to End Testing (E2E)
Helping to ensure deliver high quality software while reducing time to develop with Auto generate End to End Testing (E2E).
php xz -a test -b e2e
Mutation Testing
Helping to ensure deliver high quality software while reducing time to develop with Auto generate Mutation Testing.
php xz -a test -b mutant -c [gen/scan]
Server Stress
Running simple server Stress
php xz -a test -b stress
Policy Test
Helping to ensure compliance, since every region laws is different so it can't be auto generated aka manual.
php xz -a test -b policy
Software Documentation
Helping to reduce time to make basic software documentation with Auto generate Software Documentation.
php xz -a doc
Application Security verification Standard (ASVS)
Auto generate the page, but it's a self assert for a re-implemantation of OWASP ASVS 5.0.0 pre-release.
php xz -a asvs
Software Assurance Maturity Model (SAMM)
Auto generate the page, but it's a self assert for a re-implemantation of OWASP SAMM.
php xz -a samm
Lines of Code (LoC) Estimate
Estimate project Lines of Code (LoC)
php xz -a loc
Carbon Estimate
Estimate project Carbon usage console
php xz -a co2
Cocomo Estimate
Estimate project cost with Cocomo console
php xz -a cocomo
Technical Debt Estimate
Estimate project technical debt console
php xz -a tdebt