Schedule

With coding agents moving from the IDE to the terminal, TUIs are having a renaissance. This session introduces the new Symfony Terminal Component, a TUI toolkit built from the ground up in PHP. We'll explore its architecture, the primitives it exposes, and how it makes building rich, interactive terminal interfaces possible in Symfony applications. Don't miss the pull request opening on stage!

AI coding assistants have a blind spot. They can read your codebase, but they cannot run your application or open the Symfony Profiler. As a result, they often reconstruct your project file by file on every task, with all the latency and inaccuracy that implies.

Symfony Mate solves this. It is an MCP server that exposes a curated, deterministic view of your running Symfony application (container, services, profiler, logs) to any MCP-aware client like Claude Code, Codex, or Cursor.

In this talk, we'll see Mate find a textbook N+1 Doctrine bug in seconds, where the agent would have taken several minutes. We'll then cover the architecture: the isolated DI container that keeps working when the target app's container is broken, the Composer-plugin extension model, redaction of secrets, and the Codex wrapper for clients with stubborn config.

The principle behind Mate: don't give AI more context, give it better context.

AI is everywhere, but how do we bring it into PHP in a realistic, maintainable way? The Symfony AI initiative is the framework community's answer. Adopted by Symfony Core in mid-2025, it now ships three components, around 35 model bridges, and 24 vector store integrations.

In this talk, we'll tour the Platform component and its uniform `invoke()` API across providers like OpenAI, Anthropic, Gemini, and Ollama, with streaming, multimodal input, and structured output mapped to typed PHP classes. We'll then look at the Agent component: `#[AsTool]` attributes, Validator constraints on tool arguments, multi-agent orchestration, and human-in-the-loop. Finally, we'll explore the Store component for RAG, with vector queries visible directly in the Symfony Profiler.

Live demos will include a Wikipedia tool that fixes a hallucinating LLM, a vision model called from a webcam frame, and a glimpse at the v1 roadmap.

AI assistants speed up coding, but their output is non-deterministic and needs hard guardrails. The most reliable enforcement layer is the one your tooling applies on every run: custom PHPStan rules.

In this talk, we'll start with a coding workflow built around plan mode, voice input, and self-correcting test loops. We'll then reframe the testing pyramid for the AI era: deterministic checks first, AI-driven review with `AGENTS.md` and skills second, human review last.

The bulk of the session covers PHPStan internals: how `nikic/php-parser` turns code into an AST, how to inspect nodes with the Rector playground, and how to implement the `Rule` interface. Two worked examples anchor the talk: banning `extends ServiceEntityRepository`, and enforcing kebab-case in `#[Route]` paths whether the argument is positional or named.

By the end, you'll be ready to write your own rules and turn one-off AI corrections into team-wide invariants.

Your users don't want another form to fill out, they want to speak with your agent, the way they already talk to their friends.

In this talk we'll take an agent and give it a voice, the Symfony AI way: one agent, the code you already have, and a thin wrapper that lets it listen and speak. Along the way we confront the awkward parts: latency, cost per minute, debugging, failover, and the moment your error messages become spoken, all of it without leaving Symfony.

You'll walk away with the mental model, the code and a checklist to ship voice to real users without friction.

Hackers are already using Large Language Models to map your attack surface, it’s time you used them to defend it.

While we’ve spent years trying to write the perfect regex or rule-set to catch bugs, LLMs have unlocked a terrifyingly effective ability to understand the intent and context of our Symfony and PHP code.

This session dives into the practical reality of using AI as an autonomous security researcher to uncover deep-seated vulnerabilities in Symfony applications that traditional tools simply cannot see.

We will explore how to architect a high-speed security pipeline that feeds your codebase to an LLM to detect broken access control, complex injection paths, and logic flaws in real-time.

You’ll walk away with a battle-tested strategy to weaponize AI against your own technical debt, turning the most unpredictable technology of our time into your most meticulous security auditor.

Large language models are frozen at training time. They don't know your users, your inventory, or anything that happened last week. The Model Context Protocol (MCP) is the open specification that lets AI clients like Claude, ChatGPT, or JetBrains AI discover and call your application's tools, resources, and prompts to fill in the missing context.

In this talk, we'll introduce MCP from the wire up: JSON-RPC 2.0, the `initialize` handshake, the stdio and HTTP transports, and the three primitives (prompts, resources, tools). We'll then walk through the new official PHP `mcp-sdk`, co-built by the Symfony AI initiative, Anthropic, and the PHP Foundation. A `ServerBuilder` plus a `#[McpTool]` attribute on a plain class is enough to expose a tool.

For Symfony users, the bundle integration is the payoff: secure your MCP route with `security.yaml`, inject `Security` to read the authenticated user from inside a tool, and skip OAuth 2.1 when you control the client. A live debug session with Anthropic's MCP Inspector closes the loop.

State-based persistence keeps the current row and forgets the history that produced it. Event streaming inverts that: append immutable, past-tense events, and let any number of consumers replay or react to them. Symfony Messenger provides most of the plumbing out of the box, if you wire it the right way.

In this talk, we'll build a working event-driven order pipeline on Messenger and RabbitMQ. We'll cover the fundamentals: immutability, ordering, snapshots, idempotency, and compensating events for refunds. We'll then dive into Symfony specifics: per-consumer routing with `#[AsMessageHandler(fromTransport: '...')]`, one exchange shared by publishers and consumers with `auto_setup: false`, and the Envelope mechanism that prevents an infinite re-dispatch loop on the worker side.

Production lessons close the session: dead letters, retry strategies, Supervisor process counts, and why you should drop the PHP serializer from day one.

Tired of fighting with Git? Jujutsu (`jj`) is a next-generation version control system that fixes many of Git’s pain points, all without forcing your team to switch tools. You can use it right inside any existing Git repository.

This session will introduce you to `jj` and show how it makes everyday version control tasks dramatically simpler; from changing commits to resolving conflicts and undoing mistakes.

If you’ve ever wished Git were easier, more intuitive, and just a little more human, this talk will show you the future of version control — and how to start using it today.

What if your Symfony application could power both the web and native mobile apps, without rewriting everything in Swift, Kotlin, or React Native?
In this talk, we’ll see how Symfony, combined with Hotwire Native, enables a write-once, ship-everywhere approach. Starting from a classic Symfony web application, we’ll show how to reuse the same backend, views, and business logic to deliver native iOS and Android apps that are performant and maintainable.
We’ll cover in particular:
• The architecture of Hotwire Native and its integration with Symfony
• Sharing code between web and mobile
• Concrete use cases (QR code, NFC, document scanning)
• Trade-offs compared to 100% native or React Native approaches
This talk is aimed at Symfony developers, CTOs, and tech leads who want to launch mobile applications faster, reduce maintenance costs, and keep a simple stack without sacrificing user experience.
A small note since you’ll be presenting in English: “write once, ship everywhere” is already an English idiom in the original — you can keep it as-is. Want me to also help you adapt this into a punchier opening line or speaker intro?

Storing your users email addresses, dates of birth, or Social Security numbers in plain text poses a major risk in the event of a database breach. With robust application-side encryption, you can make the data unreadable by the database. However, this makes it impossible to run a query like `WHERE email = :value`. How can you secure your sensitive data without sacrificing essential business functionality?

We’ll explore how to implement client-side field-level encryption with Doctrine and a key management system. The algorithms to use, key management, and key rotation: learn how to turn your database into a vault without losing your ability to query it.

Structuring an application around its domain rather than its framework is an old idea. Making it practical has sometimes felt like swimming against the current.

Thanks to the way Symfony 8 leverages modern PHP, this drastically changes. Recent evolutions in both the language and the framework align naturally with hexagonal thinking and tactical DDD patterns — no workarounds, no fighting the tools.

Join me as I wear both my Core Team member and DDD practitioner hats to give a pragmatic look at putting your business logic first, building applications that scale with your domain's complexity and remain maintainable as they grow, with Symfony's blessing.

PHP was long designed as a strictly stateless language: one request, one process, and then everything starts over.

FrankenPHP fundamentally changes this model by allowing long-running PHP workers to run directly within a Symfony application. Not to turn Symfony into a Node-style server, but to give it capabilities it has never had before.

In this talk, I introduce a new pattern: application sidekicks. These are specialized PHP workers, outside the HTTP lifecycle, that listen to their environment and reconfigure the application in real time; without polling, without approximate TTLs, and without redeployments.

Through concrete use cases (Redis Sentinel discovery, dynamic feature flags, etc.), we’ll see how to evolve an existing Symfony application while staying true to its principles.

The goal: to show that PHP can listen, react, and adapt in real time, without sacrificing its simplicity nor its traditional robustness.