What is Ecotone Framework?

Ecotone is the PHP framework for durable workflows, event sourcing, Domain-Driven Design, reliable messaging, and asynchronous communication — one Composer package that adds sagas, orchestrators, aggregates, projections, outbox, retries, and CQRS to Laravel or Symfony through declarative PHP attributes. It runs on the database and broker you already operate; no separate workflow service, no replay-deterministic DSL, no engine-specific event log.

Do I need Temporal or a separate workflow engine to build durable workflows in PHP?

No. Ecotone delivers durable execution on the database and broker you already run. Sagas persist state per identifier, chained workflows survive crashes through the outbox plus async channel, saga timeouts use a #[Delayed] attribute, and Orchestrators (Enterprise) give declarative multi-step workflows. There is no separate cluster to operate, no RoadRunner or ext-grpc requirement, no replay-deterministic DSL — workflows are plain PHP classes with attributes. If you have already adopted Temporal, Ecotone still fits around it for CQRS, projections, distributed messaging, multi-tenant routing, and sagas that aren't full workflows.

Which message brokers does Ecotone work with?

RabbitMQ, Apache Kafka, Amazon SQS, Redis, and the database (DBAL outbox) are first-party — and Ecotone also integrates with Enqueue transports, Symfony Messenger transports, and Laravel Queue channels. Handler code is broker-agnostic: a single #[Asynchronous('channel')] attribute works the same across every transport. CombinedMessageChannel writes the message to the database for the outbox guarantee and dispatches execution on the broker, so outbox draining stays on the database and consumers scale horizontally on RabbitMQ / SQS / Kafka.

Can I use Ecotone with Laravel or Symfony?

Yes. Ecotone ships dedicated packages for both Laravel and Symfony that make integration seamless. After installation, Command, Event, and Query buses are available out of the box in the dependency container — and for any other framework, Ecotone Lite provides a standalone integration via PSR-11.

Do I need to rewrite my application to use Ecotone?

No. Ecotone works alongside your existing application — you adopt it incrementally for the parts where messaging, sagas, event sourcing, or distributed messaging make sense, without rewriting what already works. Ecotone sits above Symfony Messenger and Laravel Queues, using them as transports underneath rather than replacing them.

Why pick Ecotone over Spatie laravel-event-sourcing, EventSauce, or Patchlevel for event sourcing?

Ecotone provides a built-in event store on PostgreSQL or MySQL with #[EventSourcingAggregate], #[ProjectionV2] for read models (global, partitioned, or streaming), default-on gap detection so concurrent-transaction events aren't silently skipped, projection emission via EventStreamEmitter with rebuild auto-suppression, and end-to-end PII encryption across the event store, broker payloads, and structured logs. Compared to Spatie laravel-event-sourcing (Laravel-only, single-process rebuild, no gap detection), EventSauce (no subscription engine, shared-envelope dispatch), and Patchlevel event-sourcing (single-cursor per projection, encryption stops at the event-store boundary), Ecotone covers the operational axes that matter for high-volume event-sourced systems.

Does Ecotone support building systems following Domain-Driven Design?

Ecotone's vocabulary is DDD vocabulary: #[Aggregate], Repository abstraction, #[Saga] as process managers, bounded-context isolation via the Distributed Bus, and Domain Events as first-class plain PHP classes. Where each building block is fully decoupled from the framework using declarative configuration. Ecotone is the only framework that makes DDD build blocks easily composable in Message-Driven systems, to not only ensure clear business logic, but to make the system build on top of reliable architecture.

Certification Authorities on Ecotone

Your product is a chain of trust that has to hold up for twenty years. An auditor wants to know which certificate was valid on which Tuesday and which committee approved which revocation — and the answer cannot depend on a database UPDATE that one of your engineers got right.

Event Sourcing — full guide Install Ecotone

Composer package · Laravel or Symfony · PostgreSQL or MySQL · RabbitMQ, Kafka, SQS, Redis, or DBAL outbox

In production

Challenges and how Ecotone solves them

"The regulator wants the full lifecycle of certificate X, with timestamps"

A row-based "current state" table cannot answer the question "what was certificate X's state at 09:00 on 14 March 2023, and what changed it on that day". Reconstructable lifecycle is what the regulator is testing — not the current status column.

Certificate.php

// Certificate.php — every lifecycle decision is an event committed atomically

use Ecotone\EventSourcing\Attribute\EventSourcingAggregate;
use Ecotone\Modelling\Attribute\EventSourcingHandler;
use Ecotone\Modelling\Attribute\Identifier;

#[EventSourcingAggregate]
final class Certificate
{
    #[Identifier] public string $serialNumber;
    private CertificateStatus $status;
    private ?\DateTimeImmutable $revokedAt = null;

    #[CommandHandler]
    public static function issue(IssueCertificate $cmd): array
    {
        return [new CertificateIssued(
            $cmd->serialNumber, $cmd->subject, $cmd->validFrom, $cmd->validTo
        )];
    }

    #[CommandHandler]
    public function revoke(RevokeCertificate $cmd): array
    {
        if ($this->status === CertificateStatus::Revoked) {
            return []; // idempotent revoke — no duplicate event
        }
        return [new CertificateRevoked($this->serialNumber, $cmd->reason, $cmd->at)];
    }

    #[EventSourcingHandler] public function onIssued(CertificateIssued $e): void { /* ... */ }
    #[EventSourcingHandler] public function onRevoked(CertificateRevoked $e): void { /* ... */ }
}

Regulator asks for the lifecycle of serialNumber: 0xABC...→Replay the stream for that aggregate. The events are the audit trail, in commit order, with timestamps.

A bug is found in the lifecycle policy→Fix the command handler and redeploy. History remains untouched; future commands behave correctly. Past events do not need migration.

Cross-team analytics need a current-state view→A #[Projection] derives the read model from the events. The events remain the source of truth.

"We revoked a certificate yesterday, but the CRL feed still says it's valid"

Two operators committed nearly simultaneously — one issuing a fresh certificate, one revoking an existing one. The revocation transaction started first but committed a few milliseconds later, because writing to the audit table took longer than the simpler issuance. A naive projection reads the visible event with the higher position, advances its cursor past the missing one, and never goes back. The revoked certificate stays "valid" in every downstream consumer that trusts the projection — the CRL feed, the OCSP responder, the internal dashboard. The revocation reached the audit table, but the world never found out.

CertificateStatusProjection.php

// CertificateStatusProjection.php — gap-aware position is the default for #[Projection]

use Ecotone\Projecting\Attribute\Projection;

#[Projection('certificate_status', fromStreams: ['certificates'])]
final class CertificateStatusProjection
{
    public function __construct(private CertificateReadModel $readModel) {}

    #[EventHandler]
    public function onIssued(CertificateIssued $e): void
    {
        $this->readModel->upsert($e->serialNumber, CertificateStatus::Valid, $e->validFrom);
    }

    #[EventHandler]
    public function onRevoked(CertificateRevoked $e): void
    {
        $this->readModel->setRevoked($e->serialNumber, $e->reason, $e->at);
    }
}

The slower revoke commit lands seconds after the projection has already advanced→Ecotone records the gap and keeps the projection moving on the events it can see. The moment the revocation becomes visible, the projection picks it up and applies it — the CRL flips to revoked, no manual reset needed.

Schema change to the read model→Blue-green rebuild — the new projection version backfills in parallel; an atomic flip cuts over with no downtime; the old projection keeps serving until then.

Projection downtime during a power outage→On restart, the projection reads its last committed position and replays from there. No manual catch-up.

"Subject DN contains PII we need to crypto-shred on subject erasure request"

Subject distinguished names (DNs) and contact attributes inside certificate metadata are PII. GDPR Article 17 grants the subject a right to erasure. Erasing rows from an event-sourced store would break the audit trail (and is the wrong shape architecturally). Crypto-shred — delete the encryption key, the ciphertext becomes unreadable — preserves the audit (the event still exists, in its place in the chain) while satisfying the erasure obligation.

CertificateIssued.php

// CertificateIssued.php — PII fields are sensitive; the rest of the event stays auditable

use Ecotone\DataProtection\Attribute\Sensitive;
use Ecotone\DataProtection\Attribute\WithEncryptionKey;

#[WithEncryptionKey(expression: "headers['subjectId']")]
final readonly class CertificateIssued
{
    public function __construct(
        public string $serialNumber,
        #[Sensitive] public string $subjectDistinguishedName,
        #[Sensitive] public string $subjectEmail,
        public \DateTimeImmutable $validFrom,
        public \DateTimeImmutable $validTo,
    ) {}
}

Subject exercises right to erasure→Delete the subject's encryption key. The subjectDistinguishedName and subjectEmail fields on every event referencing the subject become unreadable in the event store, in the broker payloads, and in the structured logs — because all three serialize through the same conversion pipeline.

Regulator asks for the chain→The certificate's serial number, validity window, and revocation status remain readable. The PII fields are ciphertext — present in the chain, redacted in content.

Key rotation→Re-encrypt with the new key on the next event; old events use the previous key. #[WithEncryptionKey(expression: …)] resolves the key from the subject id at write time.

What Ecotone provides

Capabilities relevant to certification authorities

Event Sourcing & Projections

Store events, not state. Aggregates, projections, replay, snapshotting. Partitioned + streaming projections so rebuilds parallelize across workers and catch up in real time — no single-process bottleneck.

Self-Healing Projections

Projections are trigger-based: on every run they read from the Event Store at their last committed position. Crash at event #42? Fix the bug, deploy, and the projection catches up automatically — no manual reset, no backfill script.

Projections That Emit Events

A projection can emit a downstream event the moment it applies a change — sagas, event handlers, and other projections subscribe via the normal #[EventHandler]. Rebuild a projection? Emission is automatically suppressed, so downstream consumers aren't flooded with duplicate historical events while the read model catches up.

End-to-end PII Protection

One #[Sensitive] attribute encrypts a field in the event store, on the wire over RabbitMQ / SQS / Redis / Kafka / DBAL outbox, and in your structured logs — because all serialization flows through one shared conversion pipeline.

Compose Patterns Without Glue

Aggregate publishes event. Saga subscribes by attribute. Projection subscribes by attribute. Async handler subscribes by attribute. The attribute is the wiring.

Read the Certification Authorities guide

Frequently asked questions

Haven’t found what you’re looking for? Contact us

Every state-changing command on a certificate aggregate produces one or more events committed atomically with the aggregate version bump. The store is append-only by design; there is no UPDATE path that can erase the history. The regulator's question and the engineer's question are answered by the same query against the same table.

Yes. The event store is your PostgreSQL or MySQL — the same database your operations team already backs up. No vendor cluster lock-in, no foreign storage format to read back in a decade. Snapshots help loading speed; the events themselves stay.

Add the new #[CommandHandler] and #[EventSourcingHandler]. Replay the affected aggregates against the new rules — Ecotone supports event versioning and upcasting so a renamed field or restructured payload remains readable.

Yes. EventStreamEmitter inside a projection handler publishes a downstream event onto the event bus; sagas and event handlers subscribe via the normal #[EventHandler]. Critically, emission is auto-suppressed during a projection rebuild — downstream consumers are not flooded with historical duplicates on backfill.

Be part of the change with Ecotone

Unleash the power of Messaging in PHP
and push productivity to the higher level

Get started