Freek.dev

Mattias open sourced a small Caddy module that caches get_certificate HTTP lookups, avoiding a backend fetch on every TLS handshake. A nice write-up on the problem, the design, and the trade-offs.

Read more [ma.ttias.be]

A good write-up on the ghost domain problem in DNS: domains removed from a registry can still appear healthy to uptime checkers because recursive resolvers keep stale delegations warm. The Oh Dear team explains the edge case and how they're tightening their resolver setup to reduce that blind spot.

Read more [ohdear.app]

A practical take on multi-agent setups in Laravel: another agent only earns its place when it needs its own model, tools, or instructions. Good piece on delegation tradeoffs, context handoff, and how to test routing before it becomes an expensive latency tax.

Read more [mujahidabbas.dev]

Michael Dyrynda explains a subtle Laravel gotcha: #[RouteParameter] only reads the current route parameter value, it does not perform implicit model binding. Good reminder that the controller signature still matters when you expect a bound model inside a form request.

Read more [dyrynda.com.au]

You can't out-prompt an attacker — to the model, your system instructions and a malicious support ticket are the same text. So stop defending the prompt and lock down the boundaries you actually control: tools scoped to the authenticated user server-side, middleware that screens and logs, output handled as untrusted input, a human in front of anything irreversible, and a fake-free test that fails CI the moment someone drops the auth scope.

Read more [mujahidabbas.dev]

Matthias writes that AI has shifted more of software development from typing to thinking, reviewing, and iterating. Nice reflection on how agentic coding, parallel worktrees, and voice dictation can slow individual features down while still increasing overall output.

Read more [ma.ttias.be]

Flare now supports log collection for Laravel and PHP apps, with real-time filtering and search in the same polished interface. A nice overview of what logging adds and how to get started with the new SDK release.

Read more [flareapp.io]

Your Agent::fake() tests prove your Laravel AI feature runs — not that its output is any good. This evals a real ticket classifier with the AI SDK: a golden dataset for the fields you can check, an LLM-as-judge for the free text you can't, and a regression gate that catches a bad prompt before your customers do.

Read more [mujahidabbas.dev]

We built deep Livewire support into Flare, making component hierarchies, lifecycle phases, method calls, and related queries visible inside traces. It looks like a solid step forward for understanding where Livewire apps spend time and where things go wrong.

Read more [flareapp.io]

We shipped a Svelte 5 integration for Flare with an error boundary, component hierarchy reporting, and lifecycle-aware context. Looks especially useful for seeing which component broke, and where the error came from.

Read more [flareapp.io]

We shipped dedicated webpack and Next.js plugins for Flare that upload sourcemaps after each production build. Nice update, especially the Next.js wrapper that handles source map generation and cleanup for you.

Read more [flareapp.io]

Steve King explains why Tempest feels so nice for API work: typed request objects, declarative validation, route discovery, and a low-ceremony action flow. It is a good look at how the framework removes boilerplate without giving up clarity.

Read more [www.juststeveking.com]

Daniel Petrica tells the story of how an unpatched Livewire vulnerability on a forgotten side project exposed Mailcoach API keys and led to 50,000 spam emails being sent. It is a useful reminder to keep dormant apps updated, and a good real-world example of how Docker can limit the blast radius when something goes wrong.

Read more [danielpetrica.com]

Michael Dyrynda shows how PHP 8.4 property hooks can replace simple computed getter methods with virtual properties. He makes the case for using them when you want a clean, property-based API for derived values.

Read more [dyrynda.com.au]

Michael Dyrynda shows how Laravel's distinct validation rule can protect nested request payloads from duplicate reference values before they corrupt relationship mapping. He also highlights the strict and ignore_case options for cases where loose comparison is not enough.

Read more [dyrynda.com.au]

Every shares how its team uses AI agents in a compounding loop of planning, working, assessing, and feeding lessons back into the system. The big idea: each feature should make the next one easier to build because the agents keep learning the codebase.

Read more [every.to]

An inside look at the stack powering There There: Laravel, Inertia, React, TypeScript, Horizon, Reverb, and a bunch of Spatie packages and services. A nice overview of the pragmatic tooling choices behind the product.

Read more [there-there.app]

Yoeri shows how to automatically open a pull request when a new PHP security advisory appears. Nice little workflow that combines Laravel Health, Oh Dear, and GitHub Actions to keep apps patched quickly.

Read more [yoeri.me]

A fun look at making coding assistants talk less, and what that actually saves in practice. The main takeaway is that shorter replies help, but most token cost still comes from the actual work: reading, reasoning, coding, and checking.

Read more [spatie.be]

Composer and Packagist share a solid overview of the supply chain security work already in place, what is shipping now, and what is coming next. Worth reading if you maintain PHP packages or care about how the ecosystem is hardening against package compromise.

Read more [blog.packagist.com]