PHPackages                             cerbos/cerbos-sdk-php - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. cerbos/cerbos-sdk-php

ActiveLibrary

cerbos/cerbos-sdk-php
=====================

PHP SDK for interacting with the Cerbos PDP

v1.11.0(2mo ago)44.5k↓35.7%2[1 PRs](https://github.com/cerbos/cerbos-sdk-php/pulls)2Apache-2.0PHPPHP ^8.4

Since Jun 29Pushed 1mo ago5 watchersCompare

[ Source](https://github.com/cerbos/cerbos-sdk-php)[ Packagist](https://packagist.org/packages/cerbos/cerbos-sdk-php)[ Docs](https://github.com/cerbos/cerbos-sdk-php)[ RSS](/packages/cerbos-cerbos-sdk-php/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (16)Versions (40)Used By (2)

Cerbos PHP SDK
==============

[](#cerbos-php-sdk)

[![Latest Stable Version](https://camo.githubusercontent.com/353402e3e5242774c24029386d2f9e3e6c72568967adb35dd9272cd55cfc7f62/687474703a2f2f706f7365722e707567782e6f72672f636572626f732f636572626f732d73646b2d7068702f76)](https://packagist.org/packages/cerbos/cerbos-sdk-php)[![Total Downloads](https://camo.githubusercontent.com/0141728dd47de04d981e990dd3ad885757adc5b90d975080b293a3ca87cfe61c/687474703a2f2f706f7365722e707567782e6f72672f636572626f732f636572626f732d73646b2d7068702f646f776e6c6f616473)](https://packagist.org/packages/cerbos/cerbos-sdk-php)[![License](https://camo.githubusercontent.com/8c6a0f32f267b32c8a1f79564cff5483b39c628a43d6ae1684950642e93941c3/687474703a2f2f706f7365722e707567782e6f72672f636572626f732f636572626f732d73646b2d7068702f6c6963656e7365)](https://packagist.org/packages/cerbos/cerbos-sdk-php)

PHP client library for the [Cerbos](https://github.com/cerbos/cerbos) open source access control solution. This library includes gRPC client for accessing the Cerbos PDP.

Find out more about Cerbos at  and read the documentation at .

Installation
============

[](#installation)

You can install the SDK via [Composer](https://getcomposer.org/). Run the following command:

```
composer require cerbos/cerbos-sdk-php
```

Examples
========

[](#examples)

Cerbos
------

[](#cerbos)

### Creating a gRPC client

[](#creating-a-grpc-client)

```
$client = CerbosClientBuilder::newInstance($this->host)
    ->withPlaintext(true)
    ->build();
```

### Check a single principal and resource

[](#check-a-single-principal-and-resource)

```
$request = CheckResourcesRequest::newInstance()
    ->withRequestId(RequestId::generate())
    ->withPrincipal(
        Principal::newInstance("john")
            ->withRole("employee")
            ->withPolicyVersion("20210210")
            ->withAttribute("department", AttributeValue::stringValue("marketing"))
            ->withAttribute("geography", AttributeValue::stringValue("GB"))
    )
    ->withResourceEntry(
        ResourceEntry::newInstance("leave_request", "xx125")
            ->withActions(["view:public", "approve"])
            ->withPolicyVersion("20210210")
            ->withAttribute("department", AttributeValue::stringValue("marketing"))
            ->withAttribute("geography", AttributeValue::stringValue("GB"))
            ->withAttribute("owner", AttributeValue::stringValue("john"))
    )

$checkResourcesResponse = $client->checkResources($request);
$resultEntry = $checkResourcesResponse->find("xx125");

if ($resultEntry->isAllowed("view:public")) { // returns true if `view:public` action is allowed
    // ...
}

if ($resultEntry->isAllowed("approve")) { // returns true if `approve` action is allowed
    // ...
}
```

### Check a single principal and multiple resource &amp; action pairs

[](#check-a-single-principal-and-multiple-resource--action-pairs)

```
$request = CheckResourcesRequest::newInstance()
    ->withRequestId(RequestId::generate())
    ->withPrincipal(
        Principal::newInstance("john")
            ->withRole("employee")
            ->withPolicyVersion("20210210")
            ->withAttribute("department", "marketing")
            ->withAttribute("geography", "GB")
    )
    ->withResourceEntries(
        array(
            ResourceEntry::newInstance("leave_request", "xx125")
                ->withAction("approve")
                ->withPolicyVersion("20210210")
                ->withAttribute("department", AttributeValue::stringValue("marketing"))
                ->withAttribute("geography", AttributeValue::stringValue("GB"))
                ->withAttribute("owner", AttributeValue::stringValue("john")),

            ResourceEntry::newInstance("leave_request", "xx225")
                ->withAction("defer")
                ->withPolicyVersion("20210210")
                ->withAttribute("department", AttributeValue::stringValue("marketing"))
                ->withAttribute("owner", AttributeValue::stringValue("john"))
        )
    )

$checkResourcesResponse = $client->checkResources($request);

$resultEntry = $checkResourcesResponse->find("xx125");
if ($resultEntry->isAllowed("approve")) { // returns true if `approve` action is allowed
    // ...
}

$resultEntry = $checkResourcesResponse->find("xx225");
if ($resultEntry->isAllowed("defer")) { // returns true if `defer` action is allowed
    // ...
}
```

### Plan Resources API

[](#plan-resources-api)

```
$request = PlanResourcesRequest::newInstance()
    ->withRequestId(RequestId::generate())
    ->withAction("approve")
    ->withPrincipal(
        Principal::newInstance("maggie")
            ->withRole("manager")
            ->withAttribute("department", AttributeValue::stringValue("marketing"))
            ->withAttribute("geography", AttributeValue::stringValue("GB"))
            ->withAttribute("team", AttributeValue::stringValue("design"))
    )
    ->withResource(
        Resource::newInstance("leave_request", "xx125")
            ->withPolicyVersion("20210210")
    );

$planResourcesResponse = $this->client->planResources($request);
if ($planResourcesResponse->isAlwaysAllowed()) {
    // ...
}
else if ($planResourcesResponse->isAlwaysDenied()) {
    // ...
}
else {
    // ...
}
```

Note

Cerbos PDP v0.44.0 and onwards support specifying multiple actions with the following syntax:

```
->withActions(array("create", "delete"))
```

Cerbos Hub
----------

[](#cerbos-hub)

### Creating a gRPC client

[](#creating-a-grpc-client-1)

```
use Cerbos\Sdk\Cloud\HubClientBuilder;

$hubClient = HubClientBuilder::fromEnv() // Gets clientId and clientSecret from environment variables CERBOS_HUB_CLIENT_ID and CERBOS_HUB_CLIENT_SECRET.
    ->build();

$storeClient = $hubClient->storeClient();
```

### GetFiles API

[](#getfiles-api)

```
use Cerbos\Sdk\Cloud\Store\V1\GetFilesRequest;

$request = GetFilesRequest::newInstance(
    $storeId,
    "resource_policies/leave_request.yaml",
    "resource_policies/purchase_order.yaml"
);

$response = $storeClient->getFiles($request);
```

### ListFiles API

[](#listfiles-api)

```
use Cerbos\Sdk\Cloud\Store\V1\FileFilter;
use Cerbos\Sdk\Cloud\Store\V1\ListFilesRequest;

$request = ListFilesRequest::newInstance($storeId);

$requestWithFilter = ListFilesRequest::withFilter(
    $storeId,
    FileFilter::pathContains(self::something)
);

$response = $storeClient->listFiles($request);
$filteredResponse = $storeClient->listFiles($requestWithFilter);
```

### ModifyFiles API

[](#modifyfiles-api)

```
use Cerbos\Sdk\Cloud\Store\V1\ChangeDetails;
use Cerbos\Sdk\Cloud\Store\V1\ChangeDetails\Internal;
use Cerbos\Sdk\Cloud\Store\V1\ChangeDetails\Uploader;
use Cerbos\Sdk\Cloud\Store\V1\FileOp;
use Cerbos\Sdk\Cloud\Store\V1\ModifyFilesRequest;

$path = __DIR__ . "./cerbos/policies/leave_request.yaml";
$realPath = realpath($path);
$fileContents = file_get_contents($realPath);

$requestAddOrUpdate = ModifyFilesRequest::withChangeDetails(
    $storeId,
    ChangeDetails::internal(
        'myApp/ModifyFiles/Op=AddOrUpdate',
        Uploader::newInstance('myApp'),
        Internal::newInstance('sdk')
    ),
    FileOp::addOrUpdate('policies/leave_request.yaml', $fileContents)
);

$requestDelete = ModifyFilesRequest::withChangeDetails(
    $storeId,
    ChangeDetails::internal(
        'myApp/ModifyFiles/Op=Delete',
        Uploader::newInstance('myApp'),
        Internal::newInstance('sdk')
    ),
    FileOp::delete('policies/leave_request.yaml')
);

$responseAddOrUpdate = $storeClient->modifyFiles($requestAddOrUpdate);
$responseDelete = $storeClient->modifyFiles($requestDelete);
```

### ReplaceFiles API

[](#replacefiles-api)

```
use Cerbos\Sdk\Cloud\Store\V1\ChangeDetails;
use Cerbos\Sdk\Cloud\Store\V1\ChangeDetails\Internal;
use Cerbos\Sdk\Cloud\Store\V1\ChangeDetails\Uploader;
use Cerbos\Sdk\Cloud\Store\V1\ReplaceFilesRequest;

$path = __DIR__ . "./cerbos/policies.zip";
$realPath = realpath($path);
$fileContents = file_get_contents($realPath);

$request = ReplaceFilesRequest::withZippedContents(
    $storeId,
    $fileContents,
    null,
    ChangeDetails::internal(
        'myApp/ReplaceFiles/With=policies.zip',
        Uploader::newInstance('myApp'),
        Internal::newInstance('sdk')
    )
);

$response = $storeClient->replaceFiles($request);
```

###  Health Score

56

—

FairBetter than 98% of packages

Maintenance87

Actively maintained with recent releases

Popularity28

Limited adoption so far

Community19

Small or concentrated contributor base

Maturity77

Established project with proven stability

 Bus Factor1

Top contributor holds 62.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~38 days

Recently: every ~25 days

Total

36

Last Release

78d ago

Major Versions

v0.1.x-dev → v1.0.02023-06-19

PHP version history (5 changes)v0.0.1-alphaPHP ^7.4 || ^8.0

v1.0.0PHP ^8.1 || ^8.2

v1.2.0PHP ^8.2 || ^8.3

v1.7.0PHP ^8.3 || ^8.4

v1.10.3PHP ^8.4

### Community

Maintainers

![](https://www.gravatar.com/avatar/e6645634c11a574ee58a38de2f9f75dde9d471b6ab13b61097b6da6e8dc42205?d=identicon)[cerbos\_oguzhand95](/maintainers/cerbos_oguzhand95)

---

Top Contributors

[![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (95 commits)")[![oguzhand95](https://avatars.githubusercontent.com/u/3899719?v=4)](https://github.com/oguzhand95 "oguzhand95 (54 commits)")[![haines](https://avatars.githubusercontent.com/u/785641?v=4)](https://github.com/haines "haines (2 commits)")[![andythorne](https://avatars.githubusercontent.com/u/1301181?v=4)](https://github.com/andythorne "andythorne (1 commits)")

---

Tags

cerbosclientpdpphpsdkcerbospdp

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan, Psalm

Type Coverage Yes

### Embed Badge

![Health badge](/badges/cerbos-cerbos-sdk-php/health.svg)

```
[![Health](https://phpackages.com/badges/cerbos-cerbos-sdk-php/health.svg)](https://phpackages.com/packages/cerbos-cerbos-sdk-php)
```

###  Alternatives

[google/gax

Google API Core for PHP

265103.1M454](/packages/google-gax)[temporal/sdk

Temporal SDK

4002.2M18](/packages/temporal-sdk)[google/cloud

Google Cloud Client Library

1.2k16.2M53](/packages/google-cloud)[google/grpc-gcp

gRPC GCP library for channel management

18497.8M3](/packages/google-grpc-gcp)[googleads/google-ads-php

Google Ads API client for PHP

3497.6M9](/packages/googleads-google-ads-php)[spiral/grpc-client

gRPC client

41140.3k2](/packages/spiral-grpc-client)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)