Download the PHP package jschreuder/middle without Composer

Middle Framework

A micro-framework built around one simple principle: everything should be explicit, replaceable, and safe to change.

Middle takes a different approach to web application architecture. Instead of magic and conventions, it provides clear interfaces and explicit composition. You can use it to build your organization's perfect framework, not be forced to fit into someone else's choices. Instead of hidden coupling, it enforces clean boundaries. Instead of "getting started quickly," it optimizes for "maintaining confidently."

Why Middle?

🔍 No Magic, No Surprises

Every dependency is explicit. Every behavior is visible. No hidden auto-wiring, no surprise side effects, no debugging mysterious framework behavior at 3 AM.

🔧 Everything is Replaceable

Don't like how routing works? Swap the router. Need custom session handling? Implement SessionProcessorInterface. Every component is designed to be replaced without touching anything else.

🛡️ Safe to Change and Extend

The architecture prevents accidental coupling. You can modify any part of your application with confidence that you're not breaking something unexpected elsewhere.

🧪 Built for Testing

Interface-driven design means every component can be easily mocked, tested in isolation, and verified independently. No complex test setup, no framework mocking libraries needed.

How Middle Compares

Like other micro-frameworks, Middle is for composing applications. Unlike them, Middle nudges towards architectural boundaries through interfaces, making SOLID principles and domain-driven design the path of least resistance.

Choose Middle when: You want simplicity with architecture meant for SOLID and Domain Driven Development.
Choose Others when: You disagree with the philosophy or convention- or configuration-driven frameworks.

Core Philosophy

Explicitness over Convenience: Middle makes you write a bit more code upfront, but prevents the hidden complexity that accumulates in applications over time.

Objects over Arrays: Configuration, data, and behavior are represented by proper classes with clear contracts, not deeply nested arrays or magic properties.

Immutability by Default: Adding or removing middleware creates new application instances. No shared mutable state, no spooky action-at-a-distance.

Standards Compliance: Full PSR-1, PSR-2, PSR-3, PSR-4, PSR-7, PSR-15, and PSR-17 compliance. Not because we have to, but because standards represent solved problems.

Minimal Attack Surface: The framework core is tiny, reducing security vulnerabilities and update risks. Your chosen components update independently.

Security Through Architecture

🔒 Minimal Attack Surface

Middle Framework's core contains almost no security-sensitive code. The entire framework is essentially middleware orchestration—no input parsing, no template engines, no ORMs, no file handling. What can't be exploited, won't be exploited.

🛡️ Security by Delegation

Critical security functionality is handled by specialized, battle-tested libraries that you choose and control:

🔄 Future-Proof Security Updates

When security vulnerabilities are discovered, updates happen in the concrete libraries—not the framework. Your application code remains unchanged:

• Symfony Router vulnerability? → composer update symfony/routing
• Session handling issue? → composer update laminas/laminas-session
• Template engine exploit? → composer update twig/twig

No framework rewrites, no breaking changes, no security debt.

A Framework You'll Never Replace for Security

Traditional frameworks become security liabilities over time—their monolithic nature means security updates can break your application. Middle's architectural approach minimizes this problem. Security is handled by focused libraries that update independently, while your business logic remains protected behind stable interfaces.

The result: A framework with virtually no inherent security vulnerabilities and a security posture that improves over time as underlying libraries mature.

Composition Over Framework Lock-in

Middle doesn't compete with mature frameworks - it lets you compose their proven components on your terms. Instead of accepting a framework's architectural decisions, you define your own interfaces and adapt battle-tested libraries to fit your domain.

This approach delivers:

• Library Independence: Replace Doctrine with another ORM by implementing your interface
• Domain Clarity: Your interfaces reflect business needs, not library abstractions
• Future-Proof Evolution: Library updates only require adapter changes, not application rewrites
• Focused Testing: Mock exactly what your application needs, not complex library interfaces

You get mature, battle-tested components (Symfony Routing, Laminas Diactoros) with complete architectural control.

How It Works

Middle is built around the middleware pipeline pattern. Your application is a stack of middleware that processes requests in LIFO (last in, first out) order:

Each middleware gets a chance to:

• Modify the incoming request
• Pass control to the next middleware
• Modify the outgoing response

Getting Started

Check out the Middle skeleton application for a complete example setup.

Minimal Setup

Processing Requests

At its heart, Middle's ApplicationStackInterface takes a PSR-7 ServerRequestInterface and returns a ResponseInterface. Running your application follows this simple pattern:

This separation makes testing trivial and allows you to process requests from any source (CLI, queue workers, etc.).

Adding Routes

Routes are added directly to the router instance using HTTP method helpers:

Adding Functionality

Middle grows by composition. Need sessions? Add session middleware:

Need error handling? Add error middleware:

Advanced Features

Request Validation and Filtering

Controllers can implement RequestFilterInterface and RequestValidatorInterface to handle input filtering and validation automatically:

The processing order is: Filter → Validate → Execute. This ensures validation always runs on clean data.

Templating with Views

Middle provides a clean abstraction for rendering responses:

Custom Exception Handling

Middle includes HTTP-aware exceptions that map to proper response codes:

Core Components

Middle provides several key interfaces and implementations that handle common application needs:

Session Management

The SessionProcessorInterface provides a clean abstraction for session handling:

The session processor adds a SessionInterface instance to the request's 'session' attribute:

Routing

The RouterInterface abstracts routing logic and provides reverse URL generation:

You can organize routes using RoutingProviderInterface:

Request Processing Middleware

Middle includes several middleware for common request processing needs:

These middleware automatically detect when controllers implement the corresponding interfaces and apply the appropriate processing.

Dependency Injection Integration

Middle works excellently with DI containers. Here's an example with Pimple:

When to Choose Middle

Middle is ideal when you:

• Value long-term maintainability over short-term convenience
• Want to build your team's standard architecture
• Want explicit, traceable request flow
• Need confidence when refactoring or extending functionality
• Prefer composition over inheritance
• Want every component to be easily testable
• Are building applications that will be maintained by teams over time

Middle might not be for you if:

• You need to prototype very quickly
• You prefer convention over configuration
• You want a large ecosystem of plug-and-play components
• You're building simple, short-lived applications

Requirements

• PHP 8.3+
• PSR-7 implementation (like Laminas Diactoros)
• Symfony Routing component (for the included router)

Note: All examples use Laminas Diactoros, but any PSR-7 compatible library will work.

Middle Framework: Explicit. Replaceable. Safe.