freek.dev - all blogposts

How PHP Attributes Changed the Way I Write Livewire

2026-06-17T12:30:28+02:00

Bert De Swaef shows how PHP attributes made his Livewire components easier to read by attaching validation, URL sync, and event listeners directly to the properties and methods they belong to. Nice piece on how attributes reduce mental overhead, improve IDE support, and make components feel more self-documenting.

Rust Tutorial For PHP and JavaScript Developers

2026-06-16T14:55:29+02:00

Caching get_certificate lookups in Caddy

2026-06-15T14:30:29+02:00

Mattias open sourced a small Caddy module that caches get_certificate HTTP lookups, avoiding a backend fetch on every TLS handshake. A nice write-up on the problem, the design, and the trade-offs.

The ghost domain problem in DNS, and what we're doing about it

2026-06-14T14:30:34+02:00

A good write-up on the ghost domain problem in DNS: domains removed from a registry can still appear healthy to uptime checkers because recursive resolvers keep stale delegations warm. The Oh Dear team explains the edge case and how they're tightening their resolver setup to reduce that blind spot.

Multi-Agent Orchestration in Laravel: When You Actually Need It

2026-06-13T14:30:26+02:00

A practical take on multi-agent setups in Laravel: another agent only earns its place when it needs its own model, tools, or instructions. Good piece on delegation tradeoffs, context handoff, and how to test routing before it becomes an expensive latency tax.

#[RouteParameter] Does Not Bind Your Model

2026-06-12T14:30:26+02:00

Michael Dyrynda explains a subtle Laravel gotcha: #[RouteParameter] only reads the current route parameter value, it does not perform implicit model binding. Good reminder that the controller signature still matters when you expect a bound model inside a form request.

Prompt-Injection Guardrails in Laravel: Defend the Tools, Not the Prompt

2026-06-11T14:10:30+02:00

You can't out-prompt an attacker — to the model, your system instructions and a malicious support ticket are the same text. So stop defending the prompt and lock down the boundaries you actually control: tools scoped to the authenticated user server-side, middleware that screens and logs, output handled as untrusted input, a human in front of anything irreversible, and a fake-free test that fails CI the moment someone drops the auth scope.

More time to think

2026-06-10T14:30:29+02:00

Matthias writes that AI has shifted more of software development from typing to thinking, reviewing, and iterating. Nice reflection on how agentic coding, parallel worktrees, and voice dictation can slow individual features down while still increasing overall output.

Logging is here!

2026-06-09T14:30:28+02:00

Flare now supports log collection for Laravel and PHP apps, with real-time filtering and search in the same polished interface. A nice overview of what logging adds and how to get started with the new SDK release.

Evals in Laravel: How to Prove Your AI Output Is Actually Good

2026-06-08T14:26:26+02:00

Your Agent::fake() tests prove your Laravel AI feature runs — not that its output is any good. This evals a real ticket classifier with the AI SDK: a golden dataset for the fields you can check, an LLM-as-judge for the free text you can't, and a regression gate that catches a bad prompt before your customers do.

Flare ❤️ Livewire

2026-06-06T14:30:04+02:00

We built deep Livewire support into Flare, making component hierarchies, lifecycle phases, method calls, and related queries visible inside traces. It looks like a solid step forward for understanding where Livewire apps spend time and where things go wrong.

Svelte support for Flare is here!

2026-06-05T14:30:05+02:00

We shipped a Svelte 5 integration for Flare with an error boundary, component hierarchy reporting, and lifecycle-aware context. Looks especially useful for seeing which component broke, and where the error came from.

New Webpack and Next.js plugins for Flare

2026-06-04T14:30:04+02:00

We shipped dedicated webpack and Next.js plugins for Flare that upload sourcemaps after each production build. Nice update, especially the Next.js wrapper that handles source map generation and cleanup for you.

The Reason I Love Tempest for APIs

2026-06-03T14:30:27+02:00

Steve King explains why Tempest feels so nice for API work: typed request objects, declarative validation, route discovery, and a low-ceremony action flow. It is a good look at how the framework removes boilerplate without giving up clarity.

Forgot to Update Livewire. Got Hacked

2026-06-02T14:30:29+02:00

Daniel Petrica tells the story of how an unpatched Livewire vulnerability on a forgotten side project exposed Mailcoach API keys and led to 50,000 spam emails being sent. It is a useful reminder to keep dormant apps updated, and a good real-world example of how Docker can limit the blast radius when something goes wrong.

Using property hooks in PHP

2026-06-01T14:30:31+02:00

Michael Dyrynda shows how PHP 8.4 property hooks can replace simple computed getter methods with virtual properties. He makes the case for using them when you want a clean, property-based API for derived values.

Validating distinct data in requests

2026-05-31T14:30:37+02:00

Michael Dyrynda shows how Laravel's distinct validation rule can protect nested request payloads from duplicate reference values before they corrupt relationship mapping. He also highlights the strict and ignore_case options for cases where loose comparison is not enough.

Compound Engineering: How Every Codes With Agents

2026-05-30T10:15:04+02:00

Every shares how its team uses AI agents in a compounding loop of planning, working, assessing, and feeding lessons back into the system. The big idea: each feature should make the next one easier to build because the agents keep learning the codebase.

The stack behind There There

2026-05-30T10:13:56+02:00

An inside look at the stack powering There There: Laravel, Inertia, React, TypeScript, Horizon, Reverb, and a bunch of Spatie packages and services. A nice overview of the pragmatic tooling choices behind the product.

Automate your PHP security updates

2026-05-29T14:30:30+02:00

Yoeri shows how to automatically open a pull request when a new PHP security advisory appears. Nice little workflow that combines Laravel Health, Oh Dear, and GitHub Actions to keep apps patched quickly.