Modified the View cache and updated readme

README.md

@@ -1,6 +1,7 @@
 # SproutPHP — Minimalist, Batteries-Included PHP Framework
 
 ## 🌱 Why "Sprout"?
+
 SproutPHP is a **growing and budding framework**—a tiny sprout with the ambition to become a solid tree. It starts small, fast, and minimal, but is designed to evolve and grow with the needs of its community. The name "Sprout" reflects this progressive, ever-improving philosophy. If you want to be part of something that starts simple and grows strong, you’re in the right place!
 
 ## Philosophy
@@ -40,6 +41,7 @@ SproutPHP is for developers who know PHP, HTML, and CSS, and want to build fast,
 8. **Create models in** `app/Models/` for database access.
 
 ## Included by Default
+
 - **HTMX** for modern, interactive UIs (already loaded in your base template)
 - **PicoCSS** for beautiful, minimal styling (already loaded in your base template)
 - **Twig** for templating
@@ -68,49 +70,80 @@ class HomeController {
 ```
 
 ## Why Minimal?
+
 - **Faster response times**
 - **Lower memory usage**
 - **Easier to understand and debug**
 - **No vendor lock-in**
 - **You are in control**
 
 ## What This Framework Is NOT
+
 - Not a Laravel, Symfony, CodeIgniter, or Slim clone
 - Not a full-stack SPA framework
 - Not for those who want everything done for them
 
-## What’s Included
+## What's Included
+
 - Minimal MVC structure
 - Simple routing
 - Twig templating (optional to swap for PHP)
 - Essential CLI tools (scaffolding)
 - Custom error handling
-- Basic security helpers
+- **Centralized configuration system** with `config()` helper
+- **Enhanced security** with configurable XSS and CSP protection
 - **HTMX and PicoCSS pre-installed**
 
-## What’s NOT Included
+## What's NOT Included
+
 - No asset pipeline or `node_modules`
 - No heavy ORM (use Models for direct DB access)
 - No built-in authentication (add your own as needed)
 - No complex middleware (keep it simple)
 
+## Configuration System
+
+SproutPHP now includes a powerful configuration system:
+
+```php
+// Access configuration values
+$appName = config('app.name');
+$dbHost = config('database.connections.mysql.host');
+$xssEnabled = config('security.xss.enabled');
+```
+
+### Configuration Files
+
+- `config/app.php` - Application settings and global middleware
+- `config/database.php` - Database connections
+- `config/security.php` - Security settings (CSRF, XSS, CSP)
+- `config/view.php` - View engine settings
+- `config/cache.php` - Cache configuration
+- `config/mail.php` - Mail configuration
+
+See `CONFIGURATION.md` for complete documentation.
+
 ## Using HTMX and PicoCSS
+
 You do **not** need to install or include HTMX or PicoCSS yourself—they are already downloaded and loaded in your base template:
 
 ```html
-<link rel="stylesheet" href="{{ assets('css/sprout.min.css') }}">
+<link rel="stylesheet" href="{{ assets('css/sprout.min.css') }}" />
 <script src="{{ assets('js/sprout.min.js') }}"></script>
 ```
 
 ## CLI Reference
+
 Run `php sprout` for all available commands, including:
+
 - `grow` — Start local dev server
 - `make:controller`, `make:model`, `make:view`, `make:route`, `make:component`, `make:migration`, `migrate`, etc.
 - `env` — Set environment
 - `logs` — View error logs
 - `info` — Show framework info
 
 ## 🌿 Contributing & Future Growth
+
 SproutPHP is a living, growing project—just like its name! Contributions, ideas, and feedback are welcome. Here’s how you can help this sprout grow:
 
 1. **Fork the repo and clone it locally**
@@ -121,9 +154,11 @@ SproutPHP is a living, growing project—just like its name! Contributions, idea
 
 **Star this repo** to show your support and follow future updates!
 
-**Sponsor development:** [buymeacoffee.com/yanikkumar](https://buymeacoffee.com/yanikkumar)
+**Sponsor development:** [![Sponsor](https://img.shields.io/badge/Sponsor%20Creator-%E2%9D%A4%EF%B8%8F-pink?logo=github-sponsors&style=flat-square)](https://github.com/sponsors/yanikkumar)
+
 
 > SproutPHP will continue to grow with new features, improvements, and community input. Stay tuned for updates, and help shape the future of this framework!
 
 ## License
-MIT 
+
+MIT

RELEASE_NOTES.md

@@ -0,0 +1,154 @@
+# SproutPHP v0.1.4-alpha.1 Release Notes
+
+## 🎉 New Features
+
+### Configuration System
+- **Centralized Configuration**: New `config/` directory with organized configuration files
+- **Config Helper**: New `config()` helper function for easy access to configuration values
+- **Environment-Based Settings**: Automatic configuration based on environment (local/production)
+- **Multiple Config Files**: Separate config files for app, database, security, view, cache, and mail
+
+### Enhanced Security
+- **Configurable XSS Protection**: Can be enabled/disabled and mode configured
+- **Configurable Content Security Policy**: Environment-based CSP policies
+- **Improved CSRF Protection**: Better token handling and validation
+- **Security Configuration**: All security settings now configurable via config files
+
+### Framework Improvements
+- **Database Configuration**: Support for multiple database connections
+- **View Configuration**: Configurable Twig settings
+- **Error Handling**: Environment-aware error handling
+- **Middleware System**: Global middleware configuration
+- **CLI Enhancements**: Better error handling and validation
+
+## 🔧 Technical Improvements
+
+### Configuration Files
+- `config/app.php` - Application settings, framework info, global middleware
+- `config/database.php` - Database connections (MySQL, SQLite, PostgreSQL)
+- `config/security.php` - Security settings (CSRF, XSS, CSP, CORS)
+- `config/view.php` - View engine settings (Twig configuration)
+- `config/cache.php` - Cache configuration
+- `config/mail.php` - Mail configuration
+
+### Updated Components
+- **Database Layer**: Now uses `config('database.*')` instead of direct env calls
+- **View Engine**: Twig settings from `config('view.*')`
+- **Error Handler**: Uses `config('app.debug')` and `config('app.env')`
+- **Middleware**: Global middleware loaded from `config('app.global_middleware')`
+- **Templates**: Using `config('app.name')` and `config('app.env')`
+
+### New Helper Functions
+- `config($key, $default = null)` - Access configuration values
+- Enhanced error handling and validation in middleware system
+
+## 🚀 Breaking Changes
+
+### Configuration Access
+- Replace direct `env()` calls with `config()` helper where appropriate
+- Update any hardcoded values to use configuration system
+
+### Middleware Configuration
+- Global middleware now configured in `config/app.php`
+- Middleware classes must implement `MiddlewareInterface`
+
+## 📚 Documentation
+
+### New Files
+- `CONFIGURATION.md` - Comprehensive configuration guide
+- `RELEASE_NOTES.md` - This file
+
+### Updated Documentation
+- Enhanced README with configuration examples
+- Better CLI documentation
+
+## 🧪 Testing
+
+### New Test Routes
+- `/config-test` - Shows configuration values
+- `/debug-config` - Shows debug information
+- `/security-test` - Tests security configuration
+
+## 🔒 Security Features
+
+### XSS Protection
+- Configurable XSS protection headers
+- Environment-based CSP policies
+- Development: Relaxed policy allowing inline styles and external images
+- Production: Strict policy blocking unsafe directives
+
+### CSRF Protection
+- Automatic token generation and validation
+- Configurable token settings
+- Protection for all state-changing requests
+
+## 📦 Installation
+
+```bash
+# Clone the repository
+git clone https://github.com/SproutPHP/framework.git
+
+# Install dependencies
+composer install
+
+# Start development server
+php sprout grow
+```
+
+## 🎯 Migration Guide
+
+### From v0.1.3-alpha.1
+
+1. **Update Configuration Access**:
+   ```php
+   // Old way
+   $debug = env('APP_DEBUG', true);
+
+   // New way
+   $debug = config('app.debug', true);
+   ```
+
+2. **Update Database Configuration**:
+   ```php
+   // Old way
+   $host = env('DB_HOST', 'localhost');
+
+   // New way
+   $host = config('database.connections.mysql.host');
+   ```
+
+3. **Update Security Settings**:
+   ```php
+   // Old way
+   $xssEnabled = env('XSS_PROTECTION', true);
+
+   // New way
+   $xssEnabled = config('security.xss.enabled', true);
+   ```
+
+## 🐛 Bug Fixes
+
+- Fixed middleware instantiation issues
+- Improved error handling in configuration loading
+- Better validation of middleware classes
+- Fixed CSP header conflicts in development mode
+
+## 🔮 Future Roadmap
+
+- Authentication system
+- Validation library
+- Testing framework integration
+- API response helpers
+- Asset management system
+- Deployment tools
+
+## 📄 License
+
+MIT License - see LICENSE file for details
+
+---
+
+**Release Date**: December 2024  
+**Framework Version**: v0.1.4-alpha.1  
+**PHP Version**: 8.1+  
+**Composer**: 2.0+ 

core/View/View.php

@@ -17,8 +17,19 @@ public static function init()
         $loader = new FilesystemLoader($viewsPath);
 
         $twigConfig = config('view.twig', []);
+
+        // Configure cache properly
+        $cachePath = false; // Default to no cache
+        if ($twigConfig['cache'] && $twigConfig['cache'] !== false) {
+            // If cache is enabled, use a proper cache directory
+            $cachePath = __DIR__ . '/../../storage/twig-cache';
+            if (!is_dir($cachePath)) {
+                mkdir($cachePath, 0777, true);
+            }
+        }
+
         self::$twig = new Environment($loader, [
-            'cache' => $twigConfig['cache'] ?? false,
+            'cache' => $cachePath,
             'debug' => $twigConfig['debug'] ?? true,
             'auto_reload' => $twigConfig['auto_reload'] ?? true,
             'strict_variables' => $twigConfig['strict_variables'] ?? false,