|
Hi there!
Welcome to the 204th freek.dev newsletter!
Two weeks ago, we opened up the closed beta of There There, the helpdesk we're building at Spatie. The folks who got early access are actively helping me shape the product. Almost every day someone sends in a feature request or points out a rough edge that needs polish.
What's been fun is how quickly a lot of that feedback turns into shipped code. Someone asks for something in the morning, and there's a decent chance it's live that same day. Here's a glimpse of how many PRs we've merged to make that happen:
A big part of why I can move this fast is Conductor. It lets me run a bunch of coding agents in parallel, each in its own isolated workspace, so I can tackle several feature requests at once instead of one at a time. When I find the time, I'll write a post about this.
There's one more thing. We've quietly flipped the beta from closed to open. You no longer need an invite. If you want to give it a spin, head over to there-there.app and create an account. I'd love to hear what you think.
That being said, here are a couple of links I hope you'll enjoy as much as I did.
⭐ Logging is here!
Flare now supports log collection for Laravel and PHP apps, with real-time filtering and search in the same polished interface. A nice overview of what logging adds and how to get started with the new SDK release.
#[RouteParameter] Does Not Bind Your Model
Michael Dyrynda explains a subtle Laravel gotcha: #[RouteParameter] only reads the current route parameter value, it does not perform implicit model binding. Good reminder that the controller signature still matters when you expect a bound model inside a form request.
Dex: An AI talent agent for ambitious software engineers (sponsored link)
The best career moves have always come from a warm intro—someone who gets your work, knows the right people, and makes the call at the right moment. That's Dex. An AI talent agent for ambitious software engineers who matches you to a short and sweet list of roles at companies genuinely worth your time: Linear, Lovable, Synthesia, Granola, Fyxer. Low lift, high fit. Brief your agent now at meetdex.ai.
Prompt-Injection Guardrails in Laravel: Defend the Tools, Not the Prompt
You can't out-prompt an attacker — to the model, your system instructions and a malicious support ticket are the same text. So stop defending the prompt and lock down the boundaries you actually control: tools scoped to the authenticated user server-side, middleware that screens and logs, output handled as untrusted input, a human in front of anything irreversible, and a fake-free test that fails CI the moment someone drops the auth scope.
The Reason I Love Tempest for APIs
Steve King explains why Tempest feels so nice for API work: typed request objects, declarative validation, route discovery, and a low-ceremony action flow. It is a good look at how the framework removes boilerplate without giving up clarity.
Using property hooks in PHP
Michael Dyrynda shows how PHP 8.4 property hooks can replace simple computed getter methods with virtual properties. He makes the case for using them when you want a clean, property-based API for derived values.
Forgot to Update Livewire. Got Hacked
Daniel Petrica tells the story of how an unpatched Livewire vulnerability on a forgotten side project exposed Mailcoach API keys and led to 50,000 spam emails being sent. It is a useful reminder to keep dormant apps updated, and a good real-world example of how Docker can limit the blast radius when something goes wrong.
Evals in Laravel: How to Prove Your AI Output Is Actually Good
Your Agent::fake() tests prove your Laravel AI feature runs — not that its output is any good. This evals a real ticket classifier with the AI SDK: a golden dataset for the fields you can check, an LLM-as-judge for the free text you can't, and a regression gate that catches a bad prompt before your customers do.
Caching get_certificate lookups in Caddy
Mattias open sourced a small Caddy module that caches get_certificate HTTP lookups, avoiding a backend fetch on every TLS handshake. A nice write-up on the problem, the design, and the trade-offs.
The ghost domain problem in DNS, and what we're doing about it
A good write-up on the ghost domain problem in DNS: domains removed from a registry can still appear healthy to uptime checkers because recursive resolvers keep stale delegations warm. The Oh Dear team explains the edge case and how they're tightening their resolver setup to reduce that blind spot.
More time to think
Matthias writes that AI has shifted more of software development from typing to thinking, reviewing, and iterating. Nice reflection on how agentic coding, parallel worktrees, and voice dictation can slow individual features down while still increasing overall output.
Multi-Agent Orchestration in Laravel: When You Actually Need It
A practical take on multi-agent setups in Laravel: another agent only earns its place when it needs its own model, tools, or instructions. Good piece on delegation tradeoffs, context handoff, and how to test routing before it becomes an expensive latency tax.
Flare ❤️ Livewire
We built deep Livewire support into Flare, making component hierarchies, lifecycle phases, method calls, and related queries visible inside traces. It looks like a solid step forward for understanding where Livewire apps spend time and where things go wrong.
Svelte support for Flare is here!
We shipped a Svelte 5 integration for Flare with an error boundary, component hierarchy reporting, and lifecycle-aware context. Looks especially useful for seeing which component broke, and where the error came from.
Community links
In this section you'll find links submitted by others. Let me know if you wrote or stumbled across a blog post, tutorial or video that might be interesting to appear in this section.
Wiring Tools to a Laravel AI Agent Is the Easy Part (submitted by Muhammad Mujahid Abbas)
How to Replace Raw S3 URLs with a Laravel Image Proxy (and Keep Your CDN Cache) (submitted by Andrei-Daniel Petrica)
Old posts
Here are a couple of links from a while ago!
How to Build an Agent
Improve user experience while keeping an eye on performance
React, visualized
Your System Isn’t Slow – Your Bottleneck is not Optimized
How to use Enum Cases in Laravel | How to | Tutorial | Quick Win Wednesday #QWW
How to use one-time passwords in Laravel
What sets Tempest apart as a framework for modern PHP development
PHP 8.4's new Dom\HTMLDocument in Diffs
15 Lesser known Spatie Laravel Packages and Projects
Enjoy this newsletter? Help it grow!
If you found this edition useful, here are two quick ways to support the newsletter:
👉 Write a short recommendation. Approved recommendations appear on the newsletter page for others to see.
👉 Forward this email to a colleague or friend who might be interested.
Alternatively, you could consider picking up one of the paid products my team and I have worked on:
If you have any questions, remarks or thoughts about this newsletter, simply hit reply!
Thank you so much for reading!
Freek
P.S. Know someone who'd enjoy this newsletter? Send them here to subscribe.
You are receiving this newsletter because you subscribed at freek.dev
Unsubscribe from this newsletter
This mail was sent using Mailcoach
|
