Freek.dev

You can't out-prompt an attacker — to the model, your system instructions and a malicious support ticket are the same text. So stop defending the prompt and lock down the boundaries you actually control: tools scoped to the authenticated user server-side, middleware that screens and logs, output handled as untrusted input, a human in front of anything irreversible, and a fake-free test that fails CI the moment someone drops the auth scope.

Read more [mujahidabbas.dev]

Flare now supports log collection for Laravel and PHP apps, with real-time filtering and search in the same polished interface. A nice overview of what logging adds and how to get started with the new SDK release.

Read more [flareapp.io]

Steve King explains why Tempest feels so nice for API work: typed request objects, declarative validation, route discovery, and a low-ceremony action flow. It is a good look at how the framework removes boilerplate without giving up clarity.

Read more [www.juststeveking.com]

Michael Dyrynda shows how PHP 8.4 property hooks can replace simple computed getter methods with virtual properties. He makes the case for using them when you want a clean, property-based API for derived values.

Read more [dyrynda.com.au]

Michael Dyrynda shows how Laravel's distinct validation rule can protect nested request payloads from duplicate reference values before they corrupt relationship mapping. He also highlights the strict and ignore_case options for cases where loose comparison is not enough.

Read more [dyrynda.com.au]

An inside look at the stack powering There There: Laravel, Inertia, React, TypeScript, Horizon, Reverb, and a bunch of Spatie packages and services. A nice overview of the pragmatic tooling choices behind the product.

Read more [there-there.app]

Composer and Packagist share a solid overview of the supply chain security work already in place, what is shipping now, and what is coming next. Worth reading if you maintain PHP packages or care about how the ecosystem is hardening against package compromise.

Read more [blog.packagist.com]

Learn what the ADR (Action/Domain/Responder) pattern is and how to apply it in Laravel with a simple, practical example.

Read more [wendelladriel.com]

Pest v4.5.0 adds first-class support for flaky tests with retries and a dedicated CLI filter. The release also brings a useful casing assertion for catching namespace and file path mismatches, plus a coverage option that hides uncovered files.

Read more [laravel-news.com]

A deep dive into idempotency, from the theory behind safe retries to a practical Laravel implementation using the Laravel Idempotency package.

Read more [wendelladriel.com]

A deep dive into Role-Based Access Control, from the theory behind roles and permissions to a practical, team-aware Laravel implementation without external packages.

Read more [wendelladriel.com]

Validate nested array inputs in Laravel form requests without the N+1. Prefetch lookup data in prepareForValidation and check items in memory.

Read more [daryllegion.com]

A clear walkthrough of how PHP closures implicitly capture $this, even when they don't use it, and how that can prevent objects from being garbage collected. Also covers what PHP 8.6 will change with automatic static inference.

Read more [f2r.github.io]

A static, free, and open-source Laravel playground that runs entirely in the browser! Comes with a sqlite db, artisan commands, two-way file syncing, github imports, and more.

Read more [liminal.aschmelyun.com]

Chris Mellor wrote a practical guide on setting up Zed as a Laravel IDE, covering PHP extensions, Pint formatting, Blade support, and how it compares to PHPStorm.

Read more [x.com]

A thorough walkthrough of building a RAG system in Laravel using the new AI SDK, Postgres for vector storage, and Livewire 4 for a streaming chat UI. Covers everything from what RAG is and how semantic search works to embedding documents and querying them.

Read more [tighten.com]

Daniel Coulbourne walks through building an MCP server with the official laravel/mcp package. He built one for his blog in about 20 minutes, then used it to write and publish the post you're reading.

Read more [thunk.dev]