CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

Real-Time Communication Made Simple with CakePHP Broadcasting

Written by Yevgeny on December 01, 2025
374 VIEWS

This article is part of the CakeDC Advent Calendar 2025 (December 4th 2025)

When you're building modern web applications, users expect things to happen instantly. They want to see notifications pop up without refreshing the page, watch live updates flow in, and get immediate feedback when something changes. This is where real-time communication comes into play, and honestly, it used to be a pain to implement.

Getting started with the Broadcasting plugin (crustum/broadcasting) is straightforward. Install it via Composer and load it in your application, and you'll have everything you need for real-time communication integrated smoothly with CakePHP 5.x.

I remember the old days when we'd write endless JavaScript code to poll the server every few seconds, hoping for new data. It was inefficient, clunky, and made our servers cry under the load. WebSockets changed everything, but they brought their own complexity. You needed separate WebSocket servers, complex connection management, and a whole new way of thinking about client-server communication.

That's exactly why I built the CakePHP Broadcasting plugin. I wanted something that felt natural to CakePHP developers, something that didn't require a deep knowledge in WebSocket protocols to understand. The idea was simple: dispatch events on the server, receive them on the client, and let the plugin handle all the messy bits in between.

The Core Idea

Broadcasting in CakePHP works on a beautifully simple concept. You have events happening in your application all the time. A user places an order, someone posts a comment, a file finishes processing. These are just regular events in your CakePHP application. Broadcasting takes these same events and pushes them out to connected clients in real-time.

Think about it like a radio station. The station broadcasts a signal, and anyone with a radio tuned to that frequency can hear it. In our case, your CakePHP application broadcasts events, and any client connected to the right channel receives them instantly. No polling, no delays, just pure real-time communication.

The plugin supports different broadcast drivers. You can use Pusher Channels if you want a hosted solution that just works. Redis is there for when you want to keep everything on your own infrastructure. You can create your own broadcast driver by implementing the BroadcastDriverInterface.

A Real Example

Let me show you how this works with a practical example. Imagine you're building an e-commerce site, and you want to notify users when their order status changes. They're sitting on the order details page, and boom, a notification appears saying their package has shipped. No page refresh needed.

First, you create an event class that implements the BroadcastableInterface. This tells CakePHP that this event should be broadcast to clients.

namespace App\Event;

use Crustum\Broadcasting\Channel\PrivateChannel;
use Crustum\Broadcasting\Event\BroadcastableInterface;

class OrderShipped implements BroadcastableInterface
{
    public function __construct(
        public $order
    ) {}

    public function broadcastChannel()
    {
        return new PrivateChannel('orders.' . $this->order->id);
    }

    public function broadcastEvent(): string
    {
        return 'OrderShipped';
    }

    public function broadcastData(): ?array
    {
        return [
            'order_id' => $this->order->id,
            'tracking_number' => $this->order->tracking_number,
            'carrier' => $this->order->carrier,
        ];
    }

    public function broadcastSocket(): ?string
    {
        return null;
    }
}

Notice how we're broadcasting to a private channel. Private channels are important when you're dealing with user-specific data. You don't want user A seeing user B's order updates. The channel name includes the order ID, making it unique for each order.

Now when something happens in your application, you just broadcast the event.

use function Crustum\Broadcasting\broadcast;

public function ship($orderId)
{
    $order = $this->Orders->get($orderId);
    $order->status = 'shipped';
    $order->shipped_at = new DateTime();
    $this->Orders->save($order);

    broadcast(new OrderShipped($order));

    return $this->redirect(['action' => 'view', $orderId]);
}

That's it on the server side. The broadcast function takes your event and pushes it out to all connected clients. Behind the scenes, the plugin serializes the data, sends it through your configured broadcast driver, and makes sure it reaches the right channels.

How Data Flows Through Broadcasting

Understanding how your events travel from server to client helps you make better architectural decisions. When you call the broadcast function, your event starts a journey through several layers.

Your CakePHP application creates the event object and passes it to the Broadcasting system. The system extracts the channel names, event name, and payload data by calling the methods you defined on your event class. It then hands this data to the configured broadcast driver.

If you're using the Pusher driver, the plugin makes an HTTP request to Pusher's API with your event data. Pusher receives this, stores it temporarily, and immediately pushes it to all connected clients who are subscribed to that channel. The clients receive the event through their WebSocket connection and trigger your JavaScript callback.

With the Redis driver, the flow is different. Your CakePHP application publishes the event to a Redis pub/sub channel. You need a separate WebSocket server running that subscribes to these Redis channels. When it receives an event from Redis, it broadcasts it to connected WebSocket clients. This gives you full control over your infrastructure but requires running your own WebSocket server.

The queue system plays an important role too. By default, broadcasts are queued and processed asynchronously. This means your web request doesn't wait for the broadcast to complete. The broadcast job gets picked up by a queue worker and sent in the background. This keeps your application responsive even when broadcasting to many channels or when the broadcast service has a temporary slowdown.

The Client Side

On the client side, you use Laravel Echo. Yes, it says Laravel in the name, but don't let that fool you. It's just a JavaScript library that knows how to talk to various broadcasting services. It works perfectly with our CakePHP plugin.

Setting up Echo is straightforward. You include the library, configure it with your broadcasting service details, and start listening for events.

import Echo from 'laravel-echo';
import Pusher from 'pusher-js';
window.Pusher = Pusher;

window.Echo = new Echo({
    broadcaster: 'pusher',
    key: 'your-pusher-key',
    cluster: 'your-cluster',
    forceTLS: true
});

Then you subscribe to your private channel and listen for the OrderShipped event.

Echo.private(`orders.${orderId}`)
    .listen('OrderShipped', (e) => {
        showNotification('Your order has shipped!');
        updateTrackingInfo(e.tracking_number, e.carrier);
    });

The beauty here is how clean it all is. You're not managing WebSocket connections, handling reconnections, or dealing with message formats. You just say what you want to listen to, and what you want to do when you hear it.

Understanding the Pusher Protocol

The Pusher protocol has become a de facto standard for WebSocket communication. It's not just about Pusher the company anymore. The protocol defines how clients authenticate, subscribe to channels, and receive events in a standardized way. This standardization is actually great news because it means you have options.

When a client first connects, it establishes a WebSocket connection and receives a socket ID. This ID uniquely identifies that particular connection. When subscribing to private or presence channels, the client sends this socket ID along with the channel name to your CakePHP application's authorization endpoint.

Your server checks if the user can access that channel and returns a signed authentication string. The client then uses this signed string to complete the subscription. The WebSocket server verifies the signature and allows the subscription. This flow ensures that only authorized users can subscribe to private channels, and it all happens transparently through Laravel Echo.

The protocol also handles things like connection state, automatic reconnection, and channel member tracking for presence channels. These are complex problems that the protocol solves in a standard way, which is why adopting it makes sense even if you're not using Pusher's hosted service.

Beyond Pusher: Your Own Infrastructure

Here's where things get interesting. You don't have to use Pusher's hosted service. Several open-source projects implement the Pusher protocol, giving you the freedom to run your own WebSocket infrastructure.

Soketi is one such project. It's a fast, lightweight WebSocket server written in Node.js that speaks the Pusher protocol. You can run it on your own servers, point your Laravel Echo configuration at it, and everything works exactly the same. Your CakePHP Broadcasting configuration changes slightly to point to your Soketi instance instead of Pusher's servers.

'default' => [
    'className' => 'Crustum/Broadcasting.Pusher',
    'key' => 'your-app-key',
    'secret' => 'your-app-secret',
    'app_id' => 'your-app-id',
    'options' => [
        'host' => '127.0.0.1',
        'port' => 6001,
        'scheme' => 'http',
        'useTLS' => false,
    ],
],

On the client side, you configure Echo similarly.

window.Echo = new Echo({
    broadcaster: 'pusher',
    key: 'your-app-key',
    wsHost: '127.0.0.1',
    wsPort: 6001,
    forceTLS: false,
    disableStats: true,
});

Soketi integrates with Redis, so you get the benefits of the Redis driver with the simplicity of the Pusher protocol. Your CakePHP app publishes to Redis, Soketi reads from Redis and broadcasts to WebSocket clients. It's a solid architecture that scales well.

I'm also working on BlazeCast, a native PHP WebSocket server that implements the Pusher protocol specifically for CakePHP applications. It's designed to feel natural in a CakePHP environment, using familiar concepts and configuration patterns. BlazeCast will integrate deeply with CakePHP. It's currently in development, with plans for an initial release soon. The goal is to provide a zero-configuration WebSocket server that just works with your CakePHP Broadcasting setup.

Redis as a Broadcasting Solution

The Redis driver deserves special attention because it's the most flexible option for self-hosted solutions. When you broadcast an event using the Redis driver, the plugin publishes a message to a Redis pub/sub channel. The message contains all the event data serialized as JSON.

'redis' => [
    'className' => 'Crustum/Broadcasting.Redis',
    'connection' => 'default',
    'redis' => [
        'host' => '127.0.0.1',
        'port' => 6379,
        'password' => null,
        'database' => 0,
    ],
],

The key advantage of Redis is that it decouples your CakePHP application from the WebSocket server. Your app doesn't need to know or care what's handling the WebSocket connections. It just publishes to Redis and moves on. This separation of concerns makes your architecture more resilient and easier to scale.

You can run multiple WebSocket servers all subscribing to the same Redis channels. This gives you horizontal scalability for your WebSocket infrastructure. As your user base grows, you add more WebSocket servers. Your CakePHP application doesn't change at all.

Redis pub/sub is also incredibly fast. Publishing a message takes microseconds, so there's virtually no overhead on your application. The WebSocket servers handle all the heavy lifting of maintaining connections and broadcasting to clients.

While WebSockets are the most popular approach for real-time communication, it's worth noting that you can implement server-sent events (SSE) as a broadcasting solution as well. An SSE plugin for CakePHP Broadcasting could leverage Redis pub/sub in exactly the same way as WebSocket-based drivers. In this model, your application would publish event data to Redis channels, and a separate PHP process (or worker) would stream those events to connected clients over HTTP using SSE. This approach is ideal for applications where you only need one-way communication from server to client, doesn't require extra JavaScript libraries, and works natively in all modern browsers. By utilizing Redis as the backbone for message distribution, CakePHP could offer an SSE broadcasting driver that's simple, reliable, and well-suited for many real-time dashboard and notification use cases. This is an exciting possibility for future plugin development.

The downside is you need to run a WebSocket server. Soketi works well for this, as does Laravel's Echo Server or the upcoming BlazeCast. You're trading the simplicity of a hosted solution for complete control over your infrastructure.

Authorization and Security

Private channels need authorization. When a user tries to subscribe to a private channel, Echo makes a request to your CakePHP application asking "can this user listen to this channel?" You define that logic in your channels configuration file.

use Crustum\Broadcasting\Broadcasting;
use Cake\ORM\TableRegistry;

Broadcasting::channel('private-orders.{orderId}', function ($user, $orderId) {
    $ordersTable = TableRegistry::getTableLocator()->get('Orders');
    $order = $ordersTable->get($orderId);

    return $user->id === $order->user_id;
});

This simple function checks if the authenticated user owns the order they're trying to listen to. If they do, authorization succeeds and they can receive updates. If not, the subscription is rejected. Security sorted.

The authorization flow is interesting when you understand what's actually happening. When Echo calls your authorization endpoint, it sends the socket ID, channel name, and your application's authentication cookies or tokens. Your CakePHP application verifies the user is logged in using your normal authentication system.

If the user is authorized, your application generates a signature using your broadcast secret key, the channel name, and the socket ID. This signature proves that your server authorized this specific socket to subscribe to this specific channel. The client sends this signature to the WebSocket server, which verifies it using the same secret key.

This is important for the Pusher protocol. Whether you're using hosted Pusher, Soketi, or BlazeCast, they all work the same way. Your CakePHP application is the source of truth for who can access what. The WebSocket server just enforces the authorizations your application provides. This keeps your security logic centralized and makes it easy to update authorization rules without touching the WebSocket infrastructure.

sequenceDiagram
    participant Client
    participant WebSocket Server
    participant CakePHP (HTTP Server)

    Client->>WebSocket Server: WebSocket Connection (wss://)
    WebSocket Server->>Client: HTTP 101 Switching Protocols

    Note over Client,CakePHP: For private/presence channels:
    Client->>CakePHP: POST /broadcasting/auth (with auth headers)
    CakePHP->>CakePHP: Verify session/channel permissions
    alt Authenticated
        CakePHP->>Client: 200 OK (with auth token)
        Client->>WebSocket Server: Subscribe with auth token
        WebSocket Server->>CakePHP: Verify token validity
        CakePHP->>WebSocket Server: Auth confirmation
        WebSocket Server->>Client: "pusher:subscription_succeeded"
    else Not Authenticated
        CakePHP->>Client: 403 Forbidden
        Client->>WebSocket Server: (No subscription attempt)
    end

Presence Channels

Here's where things get really interesting. Presence channels not only broadcast events but also keep track of who's subscribed to them. This is perfect for features like "who's online" lists, real-time collaboration indicators, or live chat systems.

When someone joins a presence channel, everyone else already subscribed gets notified. When they leave, same thing. You even get a list of all currently subscribed users when you first join.

Echo.join(`chat.${roomId}`)
    .here((users) => {
        console.log('Currently in the room:', users);
    })
    .joining((user) => {
        console.log(user.name + ' just joined');
    })
    .leaving((user) => {
        console.log(user.name + ' just left');
    });

The server-side authorization for presence channels returns user data instead of just true or false.

Broadcasting::channel('presence-chat.{roomId}', function ($user, $roomId) {
    if ($user->canJoinRoom($roomId)) {
        return [
            'id' => $user->id,
            'name' => $user->name,
            'avatar' => $user->avatar_url
        ];
    }
});

This data gets shared with all participants, so they know who they're chatting with. It's incredibly useful for building social features.

Testing Your Broadcasts

Testing real-time features used to be a nightmare. How do you verify something was broadcast? How do you check the right data was sent to the right channels? The plugin includes a testing trait that makes this straightforward.

use Crustum\Broadcasting\TestSuite\BroadcastingTrait;

class OrderTest extends TestCase
{
    use BroadcastingTrait;

    public function testOrderShippedBroadcast()
    {
        $order = $this->Orders->get(1);
        $order->status = 'shipped';
        $this->Orders->save($order);

        $this->assertBroadcastSent('OrderShipped');
        $this->assertBroadcastSentToChannel('orders.1', 'OrderShipped');
        $this->assertBroadcastPayloadContains('OrderShipped', 'tracking_number', 'ABC123');
    }
}

The trait captures all broadcasts during your test instead of actually sending them. Then you can make assertions about what would have been broadcast. It's fast, reliable, and lets you test your broadcasting logic without needing actual WebSocket connections or external services.

There are many diferent assertions you can use to test your broadcasts. You can assert that the right broadcasts were sent to the right channels. You can even inspect the broadcast data to verify it contains the correct information.

Wrapping Up

Building real-time features doesn't have to be complicated. The CakePHP Broadcasting plugin takes all the complexity of WebSocket management, connection handling, and message routing, and hides it behind a simple, CakePHP-friendly interface.

You dispatch events like you always do. The plugin broadcasts them. Clients receive them. Everything just works, and you can focus on building features instead of fighting with infrastructure.

Whether you're building a notification system, a live dashboard, a chat application, or anything else that needs real-time updates, broadcasting has you covered. It's the missing piece that makes modern, responsive web applications feel natural in CakePHP.

Try it out in your next project. I think you'll find that once you start broadcasting events, you'll wonder how you ever built real-time features without it.

This article is part of the CakeDC Advent Calendar 2025 (December 4th 2025)

Latest articles

200 Views

Goodbye to 2025!

Well bakers… another advent calendar is coming to an end. I hope you enjoyed all of the topics covered each day. We are also closing the year with so much gratitude.    2025 was the 20th year of CakePHP, can you believe it? We had an amazing year with our team, the community and the CakePHP core. It was great connecting with those who attended CakeFest in Madrid, and we hope to have the opportunity to see more of you in 2026.    I cannot let the year end without getting a little sentimental. There is no better way to say it… THANK YOU. Thank you to the team who worked so hard, the core team that keeps pumping out releases, and most of all … thank you to our clients that trust us with their projects. CakeDC is successful because of the strong relationships we build with our network, and we hope to continue working with all of you for many years.    There are a lot of great things still to come in year 21! Could 2026 will be bringing us CakePHP 6?! Considering 21 is the legal drinking age in the US, maybe CakePHP 6 should be beer cake? Delicious. Stay tuned to find out.    Before I go, I am leaving you with something special. A note from Larry!   As we close out this year, I just want to say thank you from the bottom of my heart. Twenty years ago, CakePHP started as a simple idea shared by a few of us who wanted to make building on the web easier and more enjoyable. Seeing how far it has come, and more importantly, seeing how many lives and careers it has impacted, is something I never take for granted. I am deeply grateful for our team, the core contributors, the community, and our clients who continue to believe in what we do. You are the reason CakePHP and CakeDC are still here, still growing, and still relevant after two decades. Here is to what we have built together, and to what is still ahead. Thank you for being part of this journey. Larry

Written by Amanda on December 24, 2025

243 Views

Pagination of multiple queries in CakePHP

Pagination of multiple queries in CakePHP

A less typical use case for pagination in an appication is the need to paginate multiples queries. In CakePHP you can achieve this with pagination scopes.

Users list

Lest use as an example a simple users list. // src/Controller/UsersController.php class UsersController extends AppController { protected array $paginate = [ 'limit' => 25, ]; public function index() { // Default model pagination $this->set('users', $this->paginate($this->Users)); } } // templates/Users/index.php <h2><?= __('Users list') ?>/h2> <table> <thead> <tr> <th><?= $this->Paginator->sort('name', __('Name')) ?></th> <th><?= $this->Paginator->sort('email', __('Email')) ?></th> <th><?= $this->Paginator->sort('active', __('Active')) ?></th> </tr> </thead> <tbody> <?php foreach ($users as $user): ?> <tr> <td><?= h($user->name) ?></td> <td><?= h($user->email) ?></td> <td><?= $user->active ? 'Yes' : 'No' ?></td> </tr> <?php endforeach; ?> </tbody> </table> <?= $this->Paginator->counter() ?> <?= $this->Paginator->prev('« Previous') ?> <?= $this->Paginator->numbers() ?> <?= $this->Paginator->next('Next »') ?>

Pagination of multiple queries

Now, we want to display two paginated tables, one with the active users and the other with the inactive ones. // src/Controller/UsersController.php class UsersController extends AppController { protected array $paginate = [ 'Users' => [ 'scope' => 'active_users', 'limit' => 25, ], 'InactiveUsers' => [ 'scope' => 'inactive_users', 'limit' => 10, ], ]; public function index() { $activeUsers = $this->paginate( $this->Users->find()->where(['active' => true]), [scope: 'active_users'] ); // Load an additional table object with the custom alias set in the paginate property $inactiveUsersTable = $this->fetchTable('InactiveUsers', [ 'className' => \App\Model\Table\UsersTable::class, 'table' => 'users', 'entityClass' => 'App\Model\Entity\User', ]); $inactiveUsers = $this->paginate( $inactiveUsersTable->find()->where(['active' => false]), [scope: 'inactive_users'] ); $this->set(compact('users', 'inactiveUsers')); } } // templates/Users/index.php <?php // call `setPaginated` first with the results to be displayed next, so the paginator use the correct scope for the links $this->Paginator->setPaginated($users); ?> <h2><?= __('Active Users') ?>/h2> <table> <thead> <tr> <th><?= $this->Paginator->sort('name', __('Name')) ?></th> <th><?= $this->Paginator->sort('email', __('Email')) ?></th> <th><?= $this->Paginator->sort('active', __('Active')) ?></th> </tr> </thead> <tbody> <?php foreach ($users as $user): ?> <tr> <td><?= h($user->name) ?></td> <td><?= h($user->email) ?></td> <td><?= $user->active ? 'Yes' : 'No' ?></td> </tr> <?php endforeach; ?> </tbody> </table> <?= $this->Paginator->counter() ?> <?= $this->Paginator->prev('« Previous') ?> <?= $this->Paginator->numbers() ?> <?= $this->Paginator->next('Next »') ?> <?php // call `setPaginated` first with the results to be displayed next, so the paginator use the correct scope for the links $this->Paginator->setPaginated($inactiveUsers); ?> <h2><?= __('Inactive Users') ?>/h2> <table> <thead> <tr> <th><?= $this->Paginator->sort('name', __('Name')) ?></th> <th><?= $this->Paginator->sort('email', __('Email')) ?></th> <th><?= $this->Paginator->sort('active', __('Active')) ?></th> </tr> </thead> <tbody> <?php foreach ($inactiveUsers as $inactiveUser): ?> <tr> <td><?= h($inactiveUser->name) ?></td> <td><?= h($inactiveUser->email) ?></td> <td><?= $inactiveUser->active ? 'Yes' : 'No' ?></td> </tr> <?php endforeach; ?> </tbody> </table> <?= $this->Paginator->counter() ?> <?= $this->Paginator->prev('« Previous') ?> <?= $this->Paginator->numbers() ?> <?= $this->Paginator->next('Next »') ?> And with this you have two paginated tables in the same request.

Written by Rperez on December 23, 2025

422 Views

Clean DI in CakePHP 5.3: Say Goodbye to fetchTable()

This article is part of the CakeDC Advent Calendar 2025 (December 23rd, 2025)

Introduction: The Death of the "Hidden" Dependency

For years, accessing data in CakePHP meant "grabbing" it from the global state. Whether using TableRegistry::getTableLocator()->get() or the LocatorAwareTrait’s $this->fetchTable(), your classes reached out to a locator to find what they needed. While convenient, this created hidden dependencies. A class constructor might look empty, despite the class being secretly reliant on multiple database tables. This made unit testing cumbersome, forcing you to stub the global TableLocator just to inject a mock. CakePHP 5.3 changes the game with Inversion of Control. With the framework currently in its Release Candidate (RC) stage and a stable release expected soon, now is the perfect time to explore these architectural improvements. By using the new TableContainer as a delegate for your PSR-11 container, tables can now be automatically injected directly into your constructors. This shift to explicit dependencies makes your code cleaner, fully type-hinted, and ready for modern testing standards. The Old Way (Hidden Dependency): public function execute() { $users = $this->fetchTable('Users'); // Where did this come from? } The 5.3 Way (Explicit Dependency): public function __construct(protected UsersTable $users) {} public function execute() { $this->users->find(); // Explicit and testable. }

Enabling the Delegate

Open src/Application.php and update the services() method by delegating table resolution to the TableContainer. // src/Application.php use Cake\ORM\TableContainer; public function services(ContainerInterface $container): void { // Register the TableContainer as a delegate $container->delegate(new TableContainer()); }

How it works under the hood

When you type-hint a class ending in Table (e.g., UsersTable), the main PSR-11 container doesn't initially know how to instantiate it. Because you've registered a delegate, it passes the request to the TableContainer, which then:
  1. Validates: It verifies the class name and ensures it is a subclass of \Cake\ORM\Table.
  2. Locates: It uses the TableLocator to fetch the correct instance (handling all the usual CakePHP ORM configuration behind the scenes).
  3. Resolves: It returns the fully configured Table object back to the main container to be injected.
Note: The naming convention is strict. The TableContainer specifically looks for the Table suffix. If you have a custom class that extends the base Table class but is named UsersRepository, the delegate will skip it, and the container will fail to resolve the dependency.

Practical Example: Cleaner Services

Now, your domain services no longer need to know about the LocatorAwareTrait. They simply ask for what they need. namespace App\Service; use App\Model\Table\UsersTable; class UserManagerService { // No more TableRegistry::get() or $this->fetchTable() public function __construct( protected UsersTable $users ) {} public function activateUser(int $id): void { $user = $this->users->get($id); // ... logic } } Next, open src/Application.php and update the services() method by delegating table resolution to the TableContainer. // src/Application.php use App\Model\Table\UsersTable; use App\Service\UserManagerService; use Cake\ORM\TableContainer; public function services(ContainerInterface $container): void { // Register the TableContainer as a delegate $container->delegate(new TableContainer()); // Register your service with the table as constructor argument $container ->add(UserManagerService::class) ->addArgument(UsersTable::class); }

Why this is a game changer for Testing

Because the table is injected via the constructor, you can now swap it for a mock effortlessly in your test suite without touching the global state of the application. $mockUsers = $this->createMock(UsersTable::class); $service = new UserManagerService($mockUsers); // Pure injection!

Conclusion: Small Change, Big Impact

At first glance, adding a single line to your Application::services() method might seem like a minor update. However, TableContainer represents a significant shift in how we approach CakePHP architecture. By delegating table resolution to the container, we gain:
  • True Type-Safety: Your IDE and static analysis tools now recognize the exact Table class being used. This is a massive win for PHPStan users—no more "Call to an undefined method" errors or messy @var docblock workarounds just to prove to your CI that a method exists.
  • Zero-Effort Mocking: Testing a service no longer requires manipulating the global TableRegistry state. Simply pass a mock object into the constructor and move on.
  • Standardization: Your CakePHP code now aligns with modern PHP practices found in any PSR-compliant ecosystem, making your application more maintainable and easier for new developers to understand.
If you plan to upgrade to CakePHP 5.3 upon its release, this is one of the easiest wins for your codebase. It’s time to stop fetching your tables and start receiving them. This article is part of the CakeDC Advent Calendar 2025 (December 23rd, 2025)

Written by Arusinowski on December 23, 2025

We Bake with CakePHP