First steps
Structure
Requests
Database
Forms
Widgets
Security
Date
SEO
Money
Image
Misc

Krystal Framework

Modern. Lightweight. Developer-first PHP framework.

Krystal Framework is designed for developers who want a clean, efficient, and productive environment without unnecessary complexity.

Why Krystal?

Extremely simple and intuitive API

Predictable naming, minimal boilerplate, and clear conventions let you focus on building features instead of fighting the framework.

Clean MVC architecture β€” done right

Straightforward controllers, views, and dynamic routing. No heavy ORM or ActiveRecord. Lightweight Data Mappers + Service objects encourage clean separation of concerns, testability, and maintainable code.

All essential tools included out of the box

  • Logging, caching, validation, form handling, pagination, flash messages, data mappers, SEO helpers.
  • Image processing (resize, crop, thumbnails, AVIF/WebP conversion, batch optimization)
  • And many other common tools β€” no need for dozens of third-party packages.

Built-in code generator

Quickly scaffold controllers, services, forms, migrations, admin CRUD interfaces, and more.

Minimal footprint

Small core size (~2 MB), fast boot time, very few dependencies. Performs well even in resource-constrained environments.

Clear and concise documentation

Straightforward examples, no overwhelming walls of text β€” easy to get started and productive quickly.

Who is Krystal for?

  • Developers who value simplicity and speed of development
  • Small to medium-sized projects, MVPs, internal tools, admin panels, and APIs
  • Teams that prefer explicit, maintainable code over heavy abstractions
  • Anyone building modern PHP applications (PHP 8.2+) without framework fatigue

License

Licensed under the BSD-3-Clause License.

Contributing

Fork the repo, create a feature branch, make your changes, push the branch, and open a pull request.

Security vulnerabilities

If you believe you have discovered a security vulnerability in Krystal Framework, please help us keep our users safe by following responsible disclosure practices.

Do not report security issues via public GitHub issues, pull requests, discussions, or any other public channels β€” this could expose users before a fix is available.

How to report a vulnerability

Please send a detailed report privately to the project maintainer:

Email: contact@krystal-framework.dev

Include the following in your report (the more details, the faster we can respond and verify):

  • A clear description of the vulnerability
  • Steps to reproduce (PoC code / script is extremely helpful)
  • Affected versions / components
  • Potential impact (e.g. XSS, SQL injection, RCE, privilege escalation, data leak…)
  • Any suggested mitigation or fix (optional but very appreciated)
  • Your name/handle and contact info (if you want credit / acknowledgment)

Table of Contents