webonyx · shmax · Jul 11, 2025 · Jul 11, 2025 · Jul 11, 2025 · Jul 11, 2025
diff --git a/composer.json b/composer.json
@@ -28,9 +28,11 @@
     "phpstan/phpstan-strict-rules": "2.0.4",
     "phpunit/phpunit": "^9.5 || ^10.5.21 || ^11",
     "psr/http-message": "^1 || ^2",
+    "psr/simple-cache": "^1.0",
     "react/http": "^1.6",
     "react/promise": "^2.0 || ^3.0",
     "rector/rector": "^2.0",
+    "symfony/cache": "^5.4",
     "symfony/polyfill-php81": "^1.23",
     "symfony/var-exporter": "^5 || ^6 || ^7",
     "thecodingmachine/safe": "^1.3 || ^2 || ^3"

diff --git a/docs/class-reference.md b/docs/class-reference.md
@@ -70,7 +70,8 @@ static function executeQuery(
     ?array $variableValues = null,
     ?string $operationName = null,
     ?callable $fieldResolver = null,
-    ?array $validationRules = null
+    ?array $validationRules = null,
+    ?GraphQL\Validator\ValidationCache $cache = null
 ): GraphQL\Executor\ExecutionResult
 ```
 
@@ -98,7 +99,8 @@ static function promiseToExecute(
     ?array $variableValues = null,
     ?string $operationName = null,
     ?callable $fieldResolver = null,
-    ?array $validationRules = null
+    ?array $validationRules = null,
+    ?GraphQL\Validator\ValidationCache $cache = null
 ): GraphQL\Executor\Promise\Promise
 ```
 
@@ -1811,7 +1813,8 @@ static function validate(
     GraphQL\Type\Schema $schema,
     GraphQL\Language\AST\DocumentNode $ast,
     ?array $rules = null,
-    ?GraphQL\Utils\TypeInfo $typeInfo = null
+    ?GraphQL\Utils\TypeInfo $typeInfo = null,
+    ?GraphQL\Validator\ValidationCache $cache = null
 ): array
 ```
 

diff --git a/docs/executing-queries.md b/docs/executing-queries.md
@@ -210,3 +210,135 @@ $server = new StandardServer([
     'validationRules' => $myValidationRules
 ]);
 ```
+
+## Validation Caching
+
+Validation is a required step in GraphQL execution, but it can become a performance bottleneck.
+In production environments, queries are often static or pre-generated (e.g. persisted queries or queries emitted by client libraries).
+This means that many queries will be identical and their validation results can be reused.
+
+To optimize for this, `graphql-php` allows skipping validation for known valid queries.
+Leverage pluggable validation caching by passing an implementation of the `GraphQL\Validator\ValidationCache` interface to `GraphQL::executeQuery()`:
+
+```php
+use GraphQL\Validator\ValidationCache;
+use GraphQL\GraphQL;
+
+$validationCache = new MyPsrValidationCacheAdapter();
+
+$result = GraphQL::executeQuery(
+    $schema,
+    $queryString,
+    $rootValue,
+    $context,
+    $variableValues,
+    $operationName,
+    $fieldResolver,
+    $validationRules,
+    $validationCache
+);
+```
+
+### Key Generation Tips
+
+You are responsible for generating cache keys that are unique and dependent on the following inputs:
+
+- the client-given query
+- the current schema
+- the passed validation rules and their implementation
+- the implementation of `graphql-php`
+
+Here are some tips:
+
+- Using `serialize()` directly on the schema object may error due to closures or circular references.
+  Instead, use `GraphQL\Utils\SchemaPrinter::doPrint($schema)` to get a stable string representation of the schema.
+- If using custom validation rules, be sure to account for them in your key (e.g., by serializing or listing their class names and versioning them).
+- Include the version number of the `webonyx/graphql-php` package to account for implementation changes in the library.
+- Use a stable hash function like `md5()` or `sha256()` to generate the key from the schema, AST, and rules.
+- Improve performance even further by hashing inputs known before deploying such as the schema or the installed package version.
+  You may store the hash in an environment variable or a constant to avoid recalculating it on every request.
+
+### Sample Implementation
+
+```php
+use GraphQL\Validator\ValidationCache;
+use GraphQL\Language\AST\DocumentNode;
+use GraphQL\Type\Schema;
+use GraphQL\Utils\SchemaPrinter;
+use Psr\SimpleCache\CacheInterface;
+use Composer\InstalledVersions;
+
+/**
+ * Reference implementation of ValidationCache using PSR-16 cache.
+ *
+ * @see GraphQl\Tests\PsrValidationCacheAdapter
+ */
+class MyPsrValidationCacheAdapter implements ValidationCache
+{
+    private CacheInterface $cache;
+
+    private int $ttlSeconds;
+
+    public function __construct(
+        CacheInterface $cache,
+        int $ttlSeconds = 300
+    ) {
+        $this->cache = $cache;
+        $this->ttlSeconds = $ttlSeconds;
+    }
+
+    public function isValidated(Schema $schema, DocumentNode $ast, ?array $rules = null): bool
+    {
+        $key = $this->buildKey($schema, $ast);
+        return $this->cache->has($key);
+    }
+
+    public function markValidated(Schema $schema, DocumentNode $ast, ?array $rules = null): void
+    {
+        $key = $this->buildKey($schema, $ast);
+        $this->cache->set($key, true, $this->ttlSeconds);
+    }
+
+    private function buildKey(Schema $schema, DocumentNode $ast, ?array $rules = null): string
+    {
+        // Include package version to account for implementation changes
+        $libraryVersion = \Composer\InstalledVersions::getVersion('webonyx/graphql-php')
+            ?? throw new \RuntimeException('webonyx/graphql-php version not found. Ensure the package is installed.');
+
+        // Use a stable hash for the schema
+        $schemaHash = md5(SchemaPrinter::doPrint($schema));
+
+        // Serialize AST and rules — both are predictable and safe in this context
+        $astHash = md5(serialize($ast));
+        $rulesHash = md5(serialize($rules));
+
+        return "graphql_validation_{$libraryVersion}_{$schemaHash}_{$astHash}_{$rulesHash}";
+    }
+}
+```
+
+An optimized version of `buildKey` might leverage a key prefix for inputs known before deployment.
+For example, you may run the following once during deployment and save the output in an environment variable `GRAPHQL_VALIDATION_KEY_PREFIX`:
+
+```php
+$libraryVersion = \Composer\InstalledVersions::getVersion('webonyx/graphql-php')
+    ?? throw new \RuntimeException('webonyx/graphql-php version not found. Ensure the package is installed.');
+
+$schemaHash = md5(SchemaPrinter::doPrint($schema));
+
+echo "{$libraryVersion}_{$schemaHash}";
+```
+
+Then use the environment variable in your key generation:
+
+```php
+    private function buildKey(Schema $schema, DocumentNode $ast, ?array $rules = null): string
+    {
+        $keyPrefix = getenv('GRAPHQL_VALIDATION_KEY_PREFIX')
+            ?? throw new \RuntimeException('Environment variable GRAPHQL_VALIDATION_KEY_PREFIX is not set.');
+        $astHash = md5(serialize($ast));
+        $rulesHash = md5(serialize($rules));
+
+        return "graphql_validation_{$keyPrefix}_{$astHash}_{$rulesHash}";
+    }
+```
diff --git a/src/GraphQL.php b/src/GraphQL.php
@@ -19,6 +19,7 @@
 use GraphQL\Validator\DocumentValidator;
 use GraphQL\Validator\Rules\QueryComplexity;
 use GraphQL\Validator\Rules\ValidationRule;
+use GraphQL\Validator\ValidationCache;
 
 /**
  * This is the primary facade for fulfilling GraphQL operations.
@@ -90,7 +91,8 @@ public static function executeQuery(
         ?array $variableValues = null,
         ?string $operationName = null,
         ?callable $fieldResolver = null,
-        ?array $validationRules = null
+        ?array $validationRules = null,
+        ?ValidationCache $cache = null
     ): ExecutionResult {
         $promiseAdapter = new SyncPromiseAdapter();
 
@@ -103,7 +105,8 @@ public static function executeQuery(
             $variableValues,
             $operationName,
             $fieldResolver,
-            $validationRules
+            $validationRules,
+            $cache
         );
 
         return $promiseAdapter->wait($promise);
@@ -132,7 +135,8 @@ public static function promiseToExecute(
         ?array $variableValues = null,
         ?string $operationName = null,
         ?callable $fieldResolver = null,
-        ?array $validationRules = null
+        ?array $validationRules = null,
+        ?ValidationCache $cache = null
     ): Promise {
         try {
             $documentNode = $source instanceof DocumentNode
@@ -152,7 +156,7 @@ public static function promiseToExecute(
                 }
             }
 
-            $validationErrors = DocumentValidator::validate($schema, $documentNode, $validationRules);
+            $validationErrors = DocumentValidator::validate($schema, $documentNode, $validationRules, null, $cache);
 
             if ($validationErrors !== []) {
                 return $promiseAdapter->createFulfilled(

diff --git a/src/Server/ServerConfig.php b/src/Server/ServerConfig.php
@@ -124,7 +124,7 @@ public static function create(array $config = []): self
     private bool $queryBatching = false;
 
     /**
-     * @var array<ValidationRule>|callable|null
+     * @var array|callable|null
      *
      * @phpstan-var ValidationRulesOption
      */
@@ -315,7 +315,7 @@ public function getPromiseAdapter(): ?PromiseAdapter
     }
 
     /**
-     * @return array<ValidationRule>|callable|null
+     * @return array|callable|null
      *
      * @phpstan-return ValidationRulesOption
      */

diff --git a/src/Validator/DocumentValidator.php b/src/Validator/DocumentValidator.php
@@ -99,20 +99,25 @@ public static function validate(
         Schema $schema,
         DocumentNode $ast,
         ?array $rules = null,
-        ?TypeInfo $typeInfo = null
+        ?TypeInfo $typeInfo = null,
+        ?ValidationCache $cache = null
     ): array {
-        $rules ??= static::allRules();
+        if (isset($cache)) {
+            if ($cache->isValidated($schema, $ast, $rules)) {
+                return [];
+            }
+        }
 
-        if ($rules === []) {
+        $finalRules = $rules ?? static::allRules();
+        if ($finalRules === []) {
             return [];
         }
 
         $typeInfo ??= new TypeInfo($schema);
-
         $context = new QueryValidationContext($schema, $ast, $typeInfo);
 
         $visitors = [];
-        foreach ($rules as $rule) {
+        foreach ($finalRules as $rule) {
             $visitors[] = $rule->getVisitor($context);
         }
 
@@ -124,7 +129,13 @@ public static function validate(
             )
         );
 
-        return $context->getErrors();
+        $errors = $context->getErrors();
+
+        if (isset($cache) && $errors === []) {
+            $cache->markValidated($schema, $ast, $rules);
+        }
+
+        return $errors;
     }
 
     /**
@@ -273,7 +284,6 @@ public static function validateSDL(
         ?array $rules = null
     ): array {
         $rules ??= self::sdlRules();
-
         if ($rules === []) {
             return [];
         }

diff --git a/src/Validator/ValidationCache.php b/src/Validator/ValidationCache.php
@@ -0,0 +1,46 @@
+<?php declare(strict_types=1);
+
+namespace GraphQL\Validator;
+
+use GraphQL\Language\AST\DocumentNode;
+use GraphQL\Type\Schema;
+use GraphQL\Validator\Rules\ValidationRule;
+
+/**
+ * Implement this interface and pass an instance to GraphQL::executeQuery to enable caching of successful query validations.
+ *
+ * This can improve performance by skipping validation for known-good combinations of query, schema, and rules.
+ * You are responsible for defining how cache keys are computed.
+ *
+ * Some things to keep in mind when generating keys:
+ * - PHP's `serialize()` function is fast, but can't handle certain structures such as closures.
+ * - If your `$schema` includes closures or is too large or complex to serialize,
+ *   consider using a build-time version number or environment-based fingerprint instead.
+ * - Keep in mind that there are internal `$rules` that are applied in addition to any you pass in,
+ *   and it's possible these may shift or expand as the library evolves,
+ *   so it might make sense to include the library version number in your keys.
+ */
+interface ValidationCache
+{
+    /**
+     * Determine whether the given schema/AST/rules set has already been successfully validated.
+     *
+     * This method should return true if the query has previously passed validation for the provided schema.
+     * Only successful validations should be considered "cached" — failed validations are not cached.
+     *
+     * @param array<ValidationRule>|null $rules
+     *
+     * @return bool true if validation for the given schema + AST + rules is already known to be valid; false otherwise
+     */
+    public function isValidated(Schema $schema, DocumentNode $ast, ?array $rules = null): bool;
+
+    /**
+     * @param array<ValidationRule>|null $rules
+     *
+     * Mark the given schema/AST/rules set as successfully validated.
+     *
+     * This is typically called after a query passes validation.
+     * You should store enough information to recognize this combination on future requests.
+     */
+    public function markValidated(Schema $schema, DocumentNode $ast, ?array $rules = null): void;
+}
diff --git a/tests/Executor/TestClasses/SpyValidationCacheAdapter.php b/tests/Executor/TestClasses/SpyValidationCacheAdapter.php
@@ -0,0 +1,28 @@
+<?php declare(strict_types=1);
+
+namespace GraphQL\Tests\Executor\TestClasses;
+
+use GraphQL\Language\AST\DocumentNode;
+use GraphQL\Tests\PsrValidationCacheAdapter;
+use GraphQL\Type\Schema;
+
+final class SpyValidationCacheAdapter extends PsrValidationCacheAdapter
+{
+    public int $isValidatedCalls = 0;
+
+    public int $markValidatedCalls = 0;
+
+    public function isValidated(Schema $schema, DocumentNode $ast, ?array $rules = null): bool
+    {
+        ++$this->isValidatedCalls;
+
+        return parent::isValidated($schema, $ast);
+    }
+
+    public function markValidated(Schema $schema, DocumentNode $ast, ?array $rules = null): void
+    {
+        ++$this->markValidatedCalls;
+
+        parent::markValidated($schema, $ast);
+    }
+}