What is Ecotone Framework?

Ecotone is the PHP framework for durable workflows, event sourcing, Domain-Driven Design, reliable messaging, and asynchronous communication — one Composer package that adds sagas, orchestrators, aggregates, projections, outbox, retries, and CQRS to Laravel or Symfony through declarative PHP attributes. It runs on the database and broker you already operate; no separate workflow service, no replay-deterministic DSL, no engine-specific event log.

Do I need Temporal or a separate workflow engine to build durable workflows in PHP?

No. Ecotone delivers durable execution on the database and broker you already run. Sagas persist state per identifier, chained workflows survive crashes through the outbox plus async channel, saga timeouts use a #[Delayed] attribute, and Orchestrators (Enterprise) give declarative multi-step workflows. There is no separate cluster to operate, no RoadRunner or ext-grpc requirement, no replay-deterministic DSL — workflows are plain PHP classes with attributes. If you have already adopted Temporal, Ecotone still fits around it for CQRS, projections, distributed messaging, multi-tenant routing, and sagas that aren't full workflows.

Which message brokers does Ecotone work with?

RabbitMQ, Apache Kafka, Amazon SQS, Redis, and the database (DBAL outbox) are first-party — and Ecotone also integrates with Enqueue transports, Symfony Messenger transports, and Laravel Queue channels. Handler code is broker-agnostic: a single #[Asynchronous('channel')] attribute works the same across every transport. CombinedMessageChannel writes the message to the database for the outbox guarantee and dispatches execution on the broker, so outbox draining stays on the database and consumers scale horizontally on RabbitMQ / SQS / Kafka.

Can I use Ecotone with Laravel or Symfony?

Yes. Ecotone ships dedicated packages for both Laravel and Symfony that make integration seamless. After installation, Command, Event, and Query buses are available out of the box in the dependency container — and for any other framework, Ecotone Lite provides a standalone integration via PSR-11.

Do I need to rewrite my application to use Ecotone?

No. Ecotone works alongside your existing application — you adopt it incrementally for the parts where messaging, sagas, event sourcing, or distributed messaging make sense, without rewriting what already works. Ecotone sits above Symfony Messenger and Laravel Queues, using them as transports underneath rather than replacing them.

Why pick Ecotone over Spatie laravel-event-sourcing, EventSauce, or Patchlevel for event sourcing?

Ecotone provides a built-in event store on PostgreSQL or MySQL with #[EventSourcingAggregate], #[ProjectionV2] for read models (global, partitioned, or streaming), default-on gap detection so concurrent-transaction events aren't silently skipped, projection emission via EventStreamEmitter with rebuild auto-suppression, and end-to-end PII encryption across the event store, broker payloads, and structured logs. Compared to Spatie laravel-event-sourcing (Laravel-only, single-process rebuild, no gap detection), EventSauce (no subscription engine, shared-envelope dispatch), and Patchlevel event-sourcing (single-cursor per projection, encryption stops at the event-store boundary), Ecotone covers the operational axes that matter for high-volume event-sourced systems.

Does Ecotone support building systems following Domain-Driven Design?

Ecotone's vocabulary is DDD vocabulary: #[Aggregate], Repository abstraction, #[Saga] as process managers, bounded-context isolation via the Distributed Bus, and Domain Events as first-class plain PHP classes. Where each building block is fully decoupled from the framework using declarative configuration. Ecotone is the only framework that makes DDD build blocks easily composable in Message-Driven systems, to not only ensure clear business logic, but to make the system build on top of reliable architecture.

Credit Card Systems on Ecotone

A declined transaction is an inconvenience. A lost transaction is an audit finding. Every authorize, capture, refund, and chargeback has to be reconstructable, replayable, and indistinguishable to the regulator from the original — long after the worker that wrote it has been replaced twice.

Audit trail & state rebuild — full guide Install Ecotone

Composer package · Laravel or Symfony · PostgreSQL or MySQL · RabbitMQ, Kafka, SQS, Redis, or DBAL outbox

In production

Challenges and how Ecotone solves them

"How did we end up here? What was this transaction's state on the day of the dispute?"

Six weeks after the charge, a chargeback lands. The customer says they were charged twice; the operations team is sure they weren't. The merchant report from that day shows one capture; today's analytics dashboard shows two. A row-update model can answer "what's true now?" — it cannot answer "what was true at 14:03 on the day in question, and what changed it?". With event sourcing the question dissolves: replay the stream for the transaction id up to the disputed timestamp, and the state is reconstructed exactly as it was.

CardTransaction.php

// CardTransaction.php — an event-sourced aggregate as a plain final class

use Ecotone\Modelling\Attribute\Aggregate;
use Ecotone\Modelling\Attribute\Identifier;
use Ecotone\Modelling\Attribute\EventSourcingHandler;
use Ecotone\EventSourcing\Attribute\EventSourcingAggregate;

#[EventSourcingAggregate]
final class CardTransaction
{
    #[Identifier] public string $transactionId;
    private int $authorizedAmount;
    private int $capturedAmount;
    private TransactionStatus $status;

    #[CommandHandler]
    public static function authorize(AuthorizeTransaction $cmd): array
    {
        return [new TransactionAuthorized($cmd->transactionId, $cmd->amount)];
    }

    #[CommandHandler]
    public function capture(CaptureTransaction $cmd): array
    {
        if ($cmd->amount > $this->authorizedAmount - $this->capturedAmount) {
            throw new CaptureExceedsAuthorization();
        }
        return [new TransactionCaptured($cmd->transactionId, $cmd->amount)];
    }

    #[EventSourcingHandler]
    public function applyAuthorized(TransactionAuthorized $e): void
    {
        $this->transactionId    = $e->transactionId;
        $this->authorizedAmount = $e->amount;
        $this->status           = TransactionStatus::Authorized;
    }

    #[EventSourcingHandler]
    public function applyCaptured(TransactionCaptured $e): void
    {
        $this->capturedAmount += $e->amount;
    }
}

Chargeback inquiry: "what was the state of transaction X at 14:03 on 14 March?"→Replay the event stream for that transactionId up to the timestamp. The aggregate is reconstructed deterministically — every authorize, capture, refund, and chargeback in commit order.

A new chargeback business rule is deployed→Update the #[EventSourcingHandler]. The next time the aggregate loads, events replay through the corrected logic — no historical-data migration, no state-divergence question.

Analytics team needs a historical view of refund rates by week→A projection derives the read model from the events. The events stay the source of truth; new projections can be added without touching the transaction stream.

"Two operators captured the same transaction at the same time"

Optimistic-lock collisions are the price of concurrent writes against a versioned aggregate. The right answer is almost never "fail the second user" — it's "retry the command in the same call stack and let the second pass succeed against the now-updated state". Ecotone's #[InstantRetry] makes this declarative and bounded — no try/catch loop in the handler, no risk of the retry escaping to the broker and re-running siblings.

PaymentCommandBus.php

// PaymentCommandBus.php — instant retry on the exceptions that benefit from retry, fail-fast on the rest

#[InstantRetry(
    retryTimes: 3,
    exceptions: [
        OptimisticLockingException::class,    // version conflict — retry resolves it
        DatabaseConnectionFailure::class,     // transient — retry resolves it
    ],
)]
interface PaymentCommandBus extends CommandBus {} // Ecotone Enterprise — declared once on the bus

Two threads call capture simultaneously on the same transactionId→The first commits, the second hits OptimisticLockingException, #[InstantRetry] reloads the aggregate, the second capture validates against the now-updated capturedAmount and either succeeds or fails on the business rule — which is the correct outcome.

A transient connection drop hits the second capture→Retried in the same call stack, no broker traffic, no sibling handler is re-run.

A non-retryable exception (e.g. CaptureExceedsAuthorization) is thrown→Fails immediately, no retries — the business rule violation is surfaced to the operator without a stall.

"Two transactions committed in concurrent transactions — our projection skipped one of them"

Events committed in concurrent database transactions can be re-ordered relative to their commit timestamps — a transaction that started earlier may commit later. A projection that reads the visible event with the higher position and advances its cursor past the gap will silently skip the late-committing event forever. In a credit-card audit, "silently" is the operative word — nobody notices until the regulator does.

TransactionLedgerProjection.php

// TransactionLedgerProjection.php — gap-aware position is on by default

use Ecotone\Projecting\Attribute\Projection;
use Ecotone\Modelling\Attribute\EventHandler;

#[Projection('transaction_ledger', fromStreams: ['card_transactions'])]
final class TransactionLedgerProjection
{
    public function __construct(private LedgerWriter $ledger) {}

    #[EventHandler]
    public function onAuthorized(TransactionAuthorized $event): void
    {
        $this->ledger->recordAuthorization($event);
    }

    #[EventHandler]
    public function onCaptured(TransactionCaptured $event): void
    {
        $this->ledger->recordCapture($event);
    }
}

A long-running transaction commits its events after a faster transaction that started later→Ecotone records the gap in the position sequence and keeps advancing on the visible events. When the missing event becomes visible, the projection picks it up and applies it then — non-blocking, but the late commit is never silently dropped.

Re-deploying with a schema change to the projection→Blue-green rebuild on a new projection version; the new version backfills in parallel while the old one serves queries; atomic flip when ready.

Live projection fell behind during an outage→The projection is trigger-based; on the next run it reads from its last committed position and catches up automatically — no manual reset, no backfill script.

What Ecotone provides

Capabilities relevant to credit card systems

Event Sourcing & Projections

Store events, not state. Aggregates, projections, replay, snapshotting. Partitioned + streaming projections so rebuilds parallelize across workers and catch up in real time — no single-process bottleneck.

End-to-end PII Protection

One #[Sensitive] attribute encrypts a field in the event store, on the wire over RabbitMQ / SQS / Redis / Kafka / DBAL outbox, and in your structured logs — because all serialization flows through one shared conversion pipeline.

Resilience Defaults

Transactional outbox, DBAL dead-letter queue with replay, retries with exponential backoff, deduplication, OpenTelemetry on every handler — default behaviour, not assembly required.

Self-Healing Projections

Projections are trigger-based: on every run they read from the Event Store at their last committed position. Crash at event #42? Fix the bug, deploy, and the projection catches up automatically — no manual reset, no backfill script.

Blue-Green Projection Rebuild

Rebuild a projection on a new version in parallel — concurrent async backfill partitioned by aggregate ID scales rebuilds to millions of events across N workers. The live projection keeps serving queries until the atomic flip.

Read the Credit Card Systems guide

Frequently asked questions

Haven’t found what you’re looking for? Contact us

No. The event store is a table in your PostgreSQL or MySQL — the same database your other Ecotone modules use. No separate cluster to operate, no foreign storage to back up. Your DBA's existing playbook covers the event store.

Snapshots solve that: Ecotone supports per-aggregate snapshots so a long-lived transaction history doesn't have to replay every event from zero on each load. The snapshot cadence is configurable per aggregate.

#[Sensitive] provides field-level encryption with key management — the cryptographic primitive that PCI requires. PCI compliance is end-to-end (network, access controls, audit logging, key custody), and #[Sensitive] is the application-layer encryption piece of that picture. The key-deletion crypto-shred property is what makes data subject deletion possible without rewriting history.

Streaming projections consume from Kafka or RabbitMQ Streams instead of the database table — the storage choice is per stream, not global. Hot streams can move to a stream broker without changing the aggregate code.

Be part of the change with Ecotone

Unleash the power of Messaging in PHP
and push productivity to the higher level

Get started