PHPackages                             dandoetech/laravel-bff - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. dandoetech/laravel-bff

ActiveLibrary

dandoetech/laravel-bff
======================

Laravel bridge for DanDoeTech BFF metadata: metadata endpoints, policy &amp; visibility decorators.

v0.2.0(1mo ago)10MITPHPPHP ^8.2CI passing

Since Mar 15Pushed 1mo agoCompare

[ Source](https://github.com/dandoetech/laravel-bff)[ Packagist](https://packagist.org/packages/dandoetech/laravel-bff)[ Docs](https://github.com/dandoetech/laravel-bff)[ RSS](/packages/dandoetech-laravel-bff/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (13)Versions (3)Used By (0)

Laravel BFF
===========

[](#laravel-bff)

> **Pre-release** — Architecture by senior tech lead, implementation largely AI-assisted with human review. Not fully reviewed. Architecture may change before v1.0.0.

Serves frontend-ready UI metadata from the Resource Registry via REST endpoints. Applies policy-based capabilities and visibility rules so the frontend knows what the current user can see and do.

Installation
------------

[](#installation)

```
composer require dandoetech/laravel-bff
```

The service provider is auto-discovered. Publish the config:

```
php artisan vendor:publish --tag=ddt-bff-config
```

Requires [`dandoetech/laravel-resource-registry`](https://github.com/dandoetech/laravel-resource-registry).

Quick Start
-----------

[](#quick-start)

With resources defined and registered, the metadata endpoints are available immediately:

```
GET /api/bff/metadata              → list all resources
GET /api/bff/metadata/{resource}   → full metadata for one resource

```

### List Response

[](#list-response)

```
{
  "data": [
    { "key": "product", "label": "Product", "href": "/api/bff/metadata/product" },
    { "key": "category", "label": "Category", "href": "/api/bff/metadata/category" }
  ]
}
```

### Single Resource Response

[](#single-resource-response)

```
{
  "data": {
    "key": "product",
    "label": "Product",
    "fields": {
      "name": { "name": "name", "widget": "text", "required": true },
      "price": { "name": "price", "widget": "number", "required": true, "props": { "step": 0.01 } },
      "category_name": { "name": "category_name", "widget": "text", "readOnly": true }
    },
    "table": {
      "columns": ["name", "price", "category_name"],
      "defaultSort": "-created_at",
      "density": "comfortable"
    },
    "create": { "layout": [["name", "price"], ["category"]] },
    "update": { "layout": [["name", "price"], ["category"]] },
    "actions": [
      { "name": "create", "kind": "primary" },
      { "name": "update", "kind": "default" },
      { "name": "delete", "kind": "danger", "confirm": true }
    ],
    "extensions": {
      "endpoints": {
        "apiBase": "/api",
        "resource": {
          "list": "/api/product",
          "show": "/api/product/{id}",
          "create": "/api/product",
          "update": "/api/product/{id}",
          "delete": "/api/product/{id}",
          "action": "/api/product/actions/{action}"
        }
      },
      "capabilities": {
        "resource": { "create": true, "update": true, "delete": false, "view": true },
        "fields": { "price": { "edit": false, "view": true } }
      }
    }
  }
}
```

Computed fields (like `category_name`) appear as read-only table columns, excluded from forms.

Decorator Chain
---------------

[](#decorator-chain)

Metadata flows through a decorator chain before reaching the frontend:

```
DefaultMetadataBuilder → VisibilityDecorator → PolicyDecorator → Response

```

1. **DefaultMetadataBuilder** — derives widgets, table, forms, actions from the resource definition
2. **VisibilityDecorator** — applies visibility rules (e.g., hide audit fields from non-admins)
3. **PolicyDecorator** — evaluates user permissions, adds `capabilities`, marks/removes fields

### Visibility Rules

[](#visibility-rules)

Implement `VisibilityRuleInterface` to filter metadata based on runtime context:

```
use DanDoeTech\LaravelBff\Contracts\VisibilityRuleInterface;
use DanDoeTech\BffMetadata\Metadata\ResourceUiMetadata;

class HideInternalFields implements VisibilityRuleInterface
{
    public function apply(ResourceUiMetadata $meta): ResourceUiMetadata
    {
        unset($meta->fields['internal_notes']);
        return $meta;
    }
}
```

Register in config:

```
'visibility_rules' => [
    HideInternalFields::class,
],
```

### Policy Evaluator

[](#policy-evaluator)

The default `GatePolicyEvaluator` uses Laravel Gates to check permissions:

- **Resource level:** `create`, `update`, `delete`, `viewAny`
- **Field level:** `editField`, `viewField`

Results are injected into `extensions.capabilities`. Fields with `edit: false` are marked read-only; fields with `view: false` are removed entirely.

Swap the evaluator by implementing `PolicyEvaluatorInterface`:

```
use DanDoeTech\LaravelBff\Contracts\PolicyEvaluatorInterface;

class CustomEvaluator implements PolicyEvaluatorInterface
{
    public function evaluate(string $resourceKey, ResourceUiMetadata $meta): array
    {
        return [
            'resource' => ['create' => true, 'update' => true, 'delete' => false],
            'fields' => ['secret' => ['edit' => false, 'view' => false]],
        ];
    }
}
```

Configuration
-------------

[](#configuration)

`config/ddt_bff.php`:

```
return [
    // Route prefix for metadata endpoints
    'prefix' => env('BFF_PREFIX', 'api/bff'),

    // Visibility rules applied in order
    'visibility_rules' => [
        \DanDoeTech\LaravelBff\Visibility\HideAuditFields::class,
    ],

    // Policy evaluator (must implement PolicyEvaluatorInterface)
    'policy_evaluator' => \DanDoeTech\LaravelBff\Laravel\GatePolicyEvaluator::class,
];
```

To scope metadata to authenticated users, add auth middleware to the route group in your app.

API Overview
------------

[](#api-overview)

ClassPurpose`BffServiceProvider`Binds decorated `MetadataProviderInterface`, registers routes`MetadataController``index()` lists resources, `show()` returns full metadata`PolicyDecorator`Adds capabilities from policy evaluator, enforces field-level access`VisibilityDecorator`Applies visibility rules in sequence`GatePolicyEvaluator`Default evaluator using Laravel Gates`PolicyEvaluatorInterface`Contract for custom auth adapters`VisibilityRuleInterface`Contract for custom visibility rulesTesting
-------

[](#testing)

```
composer install
composer test        # PHPUnit (Orchestra Testbench)
composer qa          # cs:check + phpstan + test
```

License
-------

[](#license)

MIT

###  Health Score

35

—

LowBetter than 80% of packages

Maintenance90

Actively maintained with recent releases

Popularity2

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity37

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~4 days

Total

2

Last Release

51d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/7db403e7ef98a1eb428f771172dfa0edbd6f7c72d217fad0571992bee2cc089d?d=identicon)[dandoetech](/maintainers/dandoetech)

---

Top Contributors

[![dandoetech](https://avatars.githubusercontent.com/u/5097406?v=4)](https://github.com/dandoetech "dandoetech (35 commits)")

---

Tags

phplaraveluimetadataSPAbff

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/dandoetech-laravel-bff/health.svg)

```
[![Health](https://phpackages.com/badges/dandoetech-laravel-bff/health.svg)](https://phpackages.com/packages/dandoetech-laravel-bff)
```

###  Alternatives

[laravel/pulse

Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application.

1.7k12.1M99](/packages/laravel-pulse)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9682.1M97](/packages/roots-acorn)[larastan/larastan

Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel

6.4k43.5M5.2k](/packages/larastan-larastan)[laravel/cashier

Laravel Cashier provides an expressive, fluent interface to Stripe's subscription billing services.

2.5k25.9M107](/packages/laravel-cashier)[omniphx/forrest

A Laravel library for Salesforce

2724.4M8](/packages/omniphx-forrest)[yadahan/laravel-authentication-log

Laravel Authentication Log provides authentication logger and notification for Laravel.

416632.8k5](/packages/yadahan-laravel-authentication-log)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)