Release Notes

Version history for the Melodic PHP Framework. Each release is tagged in the melodic-php repository.

v1.7.2 latest

March 15, 2026

Include Claude Code assets in Composer distribution

  • The .claude/ directory (agents and skills) is now included in the Composer dist package, so claude:install works immediately after composer require

v1.7.1

March 15, 2026

Update documentation for Claude Code integration

  • Updated framework docs to cover the claude:install command, agents, and skills

v1.7.0

March 15, 2026

Add Claude Code agents, skills, and claude:install command

  • New claude:install CLI command installs Melodic-specific Claude Code agents and skills into your project
  • Includes melodic-expert agent for framework architecture, patterns, and debugging assistance
  • Includes three skills: /melodic:scaffold-app, /melodic:scaffold-resource, and /melodic:add-middleware
  • Generates a CLAUDE.md project template with framework conventions, naming patterns, and architecture overview
  • Run vendor/bin/melodic claude:install in any Melodic project to get started

v1.6.0

March 15, 2026

Add toPascalArray() and toUpdateArray() to Model

  • toPascalArray() returns all initialized public properties with their original PascalCase names and converts booleans to integers for PDO compatibility — ideal for INSERT parameter arrays
  • toUpdateArray() returns only non-null initialized properties with PascalCase keys and boolean-to-int conversion — ideal for partial UPDATE parameter arrays where null means “not provided”

v1.5.1

March 11, 2026

Fix DbContext hydration and documentation improvements

  • Fix DbContext::hydrate() to correctly handle stdClass result rows
  • Add route registration examples to model binding documentation

v1.5.0

March 10, 2026

Add automatic request model binding with validation

  • Controller action parameters typed as a Model subclass are now automatically hydrated from the request body and validated by the RoutingMiddleware
  • If validation fails, a 400 JSON response with field-keyed errors is returned before the controller action is called
  • Route parameters (e.g. $id from /users/{id}) and model parameters work together — route params are matched by name first
  • Uses ReflectionMethod to inspect action parameters, Model::fromArray() for hydration, and the DI-resolved Validator for validation
  • Expanded test coverage with 20+ new test classes covering controllers, middleware, routing, security, data, views, logging, and more

v1.4.0

March 1, 2026

Add refresh token support with rotation and reuse detection

  • RefreshToken model with family-based token chains and generation tracking
  • RefreshTokenService for creating, validating, and rotating tokens — automatically revokes the entire token family on reuse detection
  • RefreshTokenRepositoryInterface that consuming apps implement for storage (find, store, revoke by family/user, delete expired)
  • RefreshTokenMiddleware reads the token from an HTTP-only cookie, validates it, and sets refreshToken and refreshTokenUserId request attributes
  • RefreshTokenCookieHelper for setting and clearing the secure, HTTP-only refresh token cookie
  • RefreshTokenConfig with configurable lifetime (default 7 days), cookie name, domain, path, secure flag, and SameSite policy
  • SecurityServiceProvider auto-registers all refresh token services when security.refreshToken config is present

v1.3.2

February 28, 2026

Serialize Model properties as camelCase JSON

  • Model now implements JsonSerializable and converts PascalCase PHP properties to camelCase in toArray() and json_encode() output
  • fromArray() accepts both PascalCase (DB) and camelCase (frontend) input

v1.3.1

February 28, 2026

Fix Response with*() methods breaking subclasses

  • Use clone instead of new self() so with*() methods preserve the actual subclass type (e.g. JsonResponse)
  • Remove readonly from constructor properties to allow mutation on cloned instances
  • Return static instead of self

v1.3.0

February 28, 2026

Add environment configuration support

  • Layered config loading: config.jsonconfig.{APP_ENV}.jsonconfig.dev.json
  • New loadEnvironmentConfig() method on Application replaces manual loadConfig() + file_exists pattern
  • New make:config CLI command for generating config files
  • Updated project scaffolding with QA/PD config stubs

v1.2.0

February 27, 2026

Add full project type as default with MVC + API routing

  • Default make:project type is now “full”, generating both MVC views with a HomeController and API route scaffolding
  • Use --type=api or --type=mvc for single-purpose projects

v1.1.1

February 27, 2026

Centralized version tracking

  • Add Framework::VERSION as single source of truth for the package version
  • Console class now reads the version automatically instead of a hardcoded default
  • Updated PUBLISHING.md with the new release workflow

v1.1.0

February 27, 2026

Add project and entity scaffolding CLI

  • New bin/melodic CLI with make:project and make:entity commands
  • make:project creates API or MVC project with composer.json, config, public entry point, service provider, and directory scaffolding
  • make:entity generates 8 files per entity: DTO model, 2 queries, 3 commands, service, and API controller
  • Add Stub utility for template rendering and case conversion
  • 38 tests covering all new functionality

v1.0.1

February 18, 2026

Security fix: upgrade firebase/php-jwt

  • Upgrade firebase/php-jwt to ^7.0 to resolve Packagist security advisory (PKSA-y2cr-5h3j-g3ys)
  • The entire v6.x line was flagged, causing Composer to block installation
  • Fix phpstan.neon exclude path for removed example directory
Security advisory: If you are on v1.0.0, upgrade to v1.0.1 or later to resolve the firebase/php-jwt vulnerability.

v1.0.0

February 18, 2026

Initial public release

  • Published as melodicdev/framework on Packagist
  • CQRS data access with Query and Command objects via DbContext
  • Auto-wiring dependency injection container with interface bindings and service providers
  • PSR-15-style middleware pipeline (CORS, authentication, body parsing)
  • JWT authentication with OIDC, OAuth2, and local providers
  • MVC views with layouts, sections, and ViewBag
  • Attribute-based DTO validation
  • Centralized exception handling with JSON/HTML detection
  • PHP 8.2+ with modern language features throughout

Stay up to date

Follow the repository for new releases, or get started with the latest version today.

Get Started GitHub
Built with Melodic PHP Frameworkmelodic.dev