A modern, production-ready API standard for PHP that combines the best of REST and GraphQL.

• 🚀 Hybrid API Standard - Combines REST's HTTP fidelity with GraphQL's relational flexibility
• 🔒 Built-in Security - Complexity analysis, depth limiting, field authorization
• 🗄️ Multi-ORM Support - Works with Eloquent and Doctrine via adapter pattern
• ⚡ N+1 Prevention - Automatic query batching and data loading
• 🎯 Framework Agnostic - Core library works standalone or with Laravel/Symfony
• 📝 Type Safe - 13 built-in scalar types with comprehensive validation
• 🔧 Developer Friendly - CLI tools, schema export, query validation

composer require qsd/qsd

// config/app.php 'providers' => [ QSD\Integrations\Laravel\QSDServiceProvider::class, ], // Publish configuration php artisan vendor:publish --tag=qsd-config

// config/bundles.php return [ QSD\Integrations\Symfony\QSDBundle::class => ['all' => true], ];

use QSD\Core\Resource\Resource; use QSD\Core\Resource\Field; $userResource = new Resource('User', [ new Field('id', 'ID'), new Field('name', 'String'), new Field('email', 'Email'), new Field('posts', 'Post', isRelation: true, isList: true), ]); $postResource = new Resource('Post', [ new Field('id', 'ID'), new Field('title', 'String'), new Field('content', 'String'), new Field('author', 'User', isRelation: true), ]);

use QSD\Core\Parser\Parser; use QSD\Core\Tokenizer\Tokenizer; use QSD\Core\Execution\QueryExecutor; // Parse query $tokenizer = new Tokenizer('get user { id: 1 }'); $tokens = $tokenizer->tokenize(); $parser = new Parser($tokens); $ast = $parser->parse(); // Execute $executor = new QueryExecutor($registry, $dataFetcher); $result = $executor->execute($ast, $context);

// Automatic route registration at /qsd POST /qsd { "query": "get user { id: 1, fields: [name, email] }" }

get user { id: 1 } 

list user { fields: [id, name, email], limit: 10, offset: 0 } 

create post { title: "Hello World", content: "My first post" } 

update user { id: 1, name: "John Doe" } 

delete post { id: 1 } 

get user { id: 1, fields: [name, email], with posts { fields: [title, content] } } 

list user { aggregate { total: count(id), avgAge: avg(age) } } 

┌─────────────────────────────────────────────────────┐ │ HTTP Layer │ │ Request → Middleware → Handler → Response │ └─────────────────────────────────────────────────────┘ ↓ ┌─────────────────────────────────────────────────────┐ │ Security & Validation │ │ Complexity → Depth → Authorization → Validation │ └─────────────────────────────────────────────────────┘ ↓ ┌─────────────────────────────────────────────────────┐ │ Query Processing │ │ Tokenizer → Parser → AST → Executor │ └─────────────────────────────────────────────────────┘ ↓ ┌─────────────────────────────────────────────────────┐ │ Data Layer │ │ ORM Adapter → DataLoader → Cache │ └─────────────────────────────────────────────────────┘ 

• Tokenizer - Lexical analysis
• Parser - Syntax analysis and AST generation
• Executor - Query execution engine

• 13 scalar types (ID, String, Int, Float, Boolean, Email, URL, Date, DateTime, Time, JSON, UUID, Enum)
• Custom validation rules
• Type coercion

• Resource definitions
• Field configuration
• CRUD capabilities
• Relation management

• Complexity analysis
• Depth limiting
• Cost calculation
• Role-based authorization
• Field-level permissions

• Eloquent adapter (Laravel)
• Doctrine adapter (Symfony)
• DataLoader (N+1 prevention)
• Relation resolvers
• Query batching

• Request/Response handling
• Middleware system
• CORS support
• Content negotiation
• Error formatting

# Laravel php artisan qsd:schema:export --format=json php artisan qsd:schema:export --format=markdown --output=schema.md # Standalone $exporter = new SchemaExporter($registry); echo $exporter->toMarkdown();

# Laravel php artisan qsd:validate "get user { id: 1 }" php artisan qsd:validate --file=query.qsd # Standalone $validator = new QueryValidator($parser, $registry); $result = $validator->validate('get user { id: 1 }');

return [ 'debug' => env('QSD_DEBUG', false), 'resources' => [ // Register resources ], 'models' => [ 'User' => \App\Models\User::class, ], 'security' => [ 'enabled' => true, 'max_complexity' => 1000, 'max_depth' => 10, ], 'route' => [ 'enabled' => true, 'path' => '/qsd', 'middleware' => ['api'], ], ];

qsd: debug: '%kernel.debug%' security: enabled: true max_complexity: 1000 max_depth: 10 route: enabled: true path: /qsd

composer test

All 336 tests passing with 954 assertions.

• Query Batching - Automatic N+1 prevention
• DataLoader - Request-scoped caching
• Query Caching - Configurable result caching
• Complexity Limits - Prevents expensive queries

• Depth Limiting - Prevents deeply nested queries
• Complexity Analysis - Resource usage estimation
• Cost Calculation - Rate limiting support
• Field Authorization - Role-based access control
• Input Validation - Type-safe with validation rules

• PHP 8.2 or higher
• Composer

• Laravel 10+ (for Laravel integration)
• Symfony 6+ (for Symfony integration)
• Doctrine ORM (for Doctrine adapter)

MIT License - see LICENSE file for details

Contributions are welcome! Please see CONTRIBUTING.md for details.

Built with Claude Code