PHPackages ariedeha/xctx - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. ariedeha/xctx ActiveLibrary[HTTP & Networking](/categories/http) ariedeha/xctx ============= Cross Context - Encrypted, signed, typed context propagation over a single HTTP header. 0.3.2(6mo ago)01Apache-2.0GoPHP >=8.2 Since Oct 24Pushed 6mo agoCompare [ Source](https://github.com/ArieDeha/xctx)[ Packagist](https://packagist.org/packages/ariedeha/xctx)[ RSS](/packages/ariedeha-xctx/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (3)Versions (3)Used By (0) xctx - Cross Context ==================== [](#xctx---cross-context) Encrypted, signed, **typed** context propagation over a single HTTP header (`X-Context`) with **Go** and **PHP** reference implementations. - **Single header** transport (`v1.`) - **AEAD (AES‑256‑GCM)** with per‑message nonce, versioning, and key IDs (KID) for rotation - **Claims** (`iss`, `aud`, `iat`, `nbf`, `exp`, `jti`) validated on the callee - **Typed payload** `T` (Go generics) / associative array (PHP) — the library is schema‑agnostic - **AAD binding** for tenant/env binding (non‑secret but must match on both sides) - **Cross‑language** interop (Go ↔ PHP) proven in examples > License: Apache‑2.0 (see `LICENSE-APACHE-2.0.txt`). Composer package declares `Apache-2.0`. Why --- [](#why) Passing many fields across services via body/query/headers is brittle and leaky (and sometimes plain-text). `xctx` gives you a single, encrypted, signed envelope carrying exactly the **system-defined** context you want — no more, no less — without the library knowing your field schema. File Structure -------------- [](#file-structure) ``` xctx ├── LICENSE-APACHE-2.0.txt ├── README.md ├── clover.xml ├── composer.json ├── composer.lock ├── coverage.out ├── example │ ├── callee │ │ ├── go.mod │ │ ├── main.go │ │ └── main.php │ └── caller │ ├── go.mod │ ├── main.go │ └── main.php ├── go.mod ├── phpunit.xml.dist ├── src │ └── Xctx │ ├── Codec.php │ ├── Config.php │ ├── Exception │ │ ├── CryptoException.php │ │ ├── ValidationException.php │ │ └── XctxException.php │ ├── Keyring.php │ └── Util │ └── Base64Url.php ├── test │ ├── CodecExceptionBranchesTest.php │ ├── CodecTest.php │ ├── ConfigTest.php │ └── overrides │ └── crypto_overrides.php ├── xctx.go ├── xctx_blackbox_test.go ├── xctx_config.go ├── xctx_config_blackbox_test.go ├── xctx_config_whitebox_test.go └── xctx_whitebox_test.go ``` Quick Start ----------- [](#quick-start) See **[USAGE.md](USAGE.md)** for comprehensive instructions. TL;DR: ### Go [](#go) ``` type PassingContext struct { UserID int32 `json:"user_id"` UserName string `json:"user_name"` Role string `json:"role,omitempty"` } user := xctx.Config{ /* header, issuer, audience, TTL, keys... */ } aad := func() []byte { return []byte("TENANT=blue|ENV=dev") } codec, typedKey, err := xctx.BuildCodecFromEnvWithKey[PassingContext](user, nil, aad) if err != nil { /* handle */ } // Caller: inject typed payload into context and seal ctx := xctx.DefaultInjector[PassingContext](typedKey)(context.Background(), PassingContext{UserID:7, UserName:"arie"}) name, value, _ := codec.EmbedHeaderCtx(ctx) // ("X-Context", "v1.") // Callee: parse from *http.Request newCtx, payload, err := codec.ParseCtx(r) ``` ### PHP [](#php) ``` use ArieDeha\Xctx\{Config, Codec}; $user = new Config(headerName: 'X-Context', issuer: 'svc-caller', audience: 'svc-callee', ttlSeconds: 120, currentKid: 'kid-demo', currentKey: '0123456789abcdef0123456789abcdef'); $aad = fn() => 'TENANT=blue|ENV=dev'; $codec = Codec::buildFromEnv($user, $aad); // Caller: seal [$name, $value] = $codec->embedHeader(['user_id'=>7,'user_name'=>'arie']); // Callee: parse [$payload, $claims] = $codec->parseHeaderValue($value); ``` Examples -------- [](#examples) - **Go callee** at `:8081` and **PHP callee** at `:8082` with mutual relays/mutations. - **Go** and **PHP** callers demonstrate cross‑language portability and chained updates. Run order: ``` # Terminal A go run ./example/callee # Terminal B php -S 127.0.0.1:8082 -t example/callee example/callee/router.php # or: php -S 127.0.0.1:8082 example/callee/main.php # Terminal C go run ./example/caller # Terminal D php example/caller/main.php ``` Envelope -------- [](#envelope) `X-Context: v1.` where `json` has lowercase keys: ``` { "v":1, "alg":"AES256-GCM", "kid":"kid-demo", "n":"...", "ct":"..." } ``` Both implementations accept `AES256-GCM`/`AES-256-GCM` and lowercase/uppercase keys on parse. Emit is canonicalized to **lowercase keys** for interop with Go. Configuration ------------- [](#configuration) See **[USAGE.md](USAGE.md)** for environment variables, key formats (raw/hex/base64), and AAD binding guidance. Development ----------- [](#development) - See **[DEVELOPERS.md](DEVELOPERS.md)** for building, testing, and coverage (Go & PHP). - Security notes: short TTLs, rotation with `OtherKeys`, replay mitigation with `jti`, strict claim checks. ### Health Score 29 — LowBetter than 59% of packages Maintenance66 Regular maintenance activity Popularity1 Limited adoption so far Community6 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~3 days Total 2 Last Release 202d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/5f67576385209ff890f6b119d94c0ed3d75da62a8f6ce8460bb01f0ced856322?d=identicon)[ariedeha](/maintainers/ariedeha) --- Top Contributors [![ArieDeha](https://avatars.githubusercontent.com/u/9045281?v=4)](https://github.com/ArieDeha "ArieDeha (15 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/ariedeha-xctx/health.svg) ``` [![Health](https://phpackages.com/badges/ariedeha-xctx/health.svg)](https://phpackages.com/packages/ariedeha-xctx) ``` ### Alternatives [league/uri-interfaces Common tools for parsing and resolving RFC3987/RFC3986 URI 536204.9M23](/packages/league-uri-interfaces)[shopify/shopify-api Shopify API Library for PHP 4634.8M16](/packages/shopify-shopify-api)[laudis/neo4j-php-client Neo4j-PHP-Client is the most advanced PHP Client for Neo4j 184616.9k31](/packages/laudis-neo4j-php-client)[http-interop/response-sender A function to convert PSR-7 Response to HTTP output 46711.5k40](/packages/http-interop-response-sender)[phpro/http-tools HTTP tools for developing more consistent HTTP implementations. 28137.8k](/packages/phpro-http-tools)[mezzio/mezzio-authentication-oauth2 OAuth2 (server) authentication middleware for Mezzio and PSR-7 applications. 28483.0k2](/packages/mezzio-mezzio-authentication-oauth2) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)