mirror/coolify
1
0
Fork 1
mirror of https://github.com/coollabsio/coolify.git synced 2026-06-19 07:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/next' into openid-auth-support

Browse Source
This commit is contained in:
Andras Bacsai
2026-06-15 11:54:54 +02:00
parent e354840e5a 52739141ee
commit c7c239aa18
203 changed files with 5392 additions and 1096 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.agents/skills/configure-nightwatch/SKILL.md
+404
View File
@@ -0,0 +1,404 @@
---
name: configure-nightwatch
description: Configures Laravel Nightwatch data collection, sampling rates, filtering rules, and redaction policies. Use when setting up Nightwatch, managing data volume, protecting sensitive data (PII), or optimizing event collection for production workloads.
license: MIT
metadata:
author: laravel
---
# Nightwatch Configuration Guide
This skill helps configure Laravel Nightwatch data collection to balance observability, performance, and privacy. Covers sampling strategies, filtering rules, and redaction methods across all event types.
## Documentation Reference
The [Nightwatch Documentation](https://nightwatch.laravel.com/docs) is the definitive and up-to-date source of information for all Nightwatch configuration options. This skill provides practical guidance and common patterns, but always consult the official documentation as the primary source of truth for specific details, environment variables, and API behavior. The documentation includes comprehensive coverage of:
- [Filtering and Configuration](https://nightwatch.laravel.com/docs/filtering) - Core concepts for sampling, filtering, and redaction
- Individual event type pages with specific configuration options:
- [Requests](https://nightwatch.laravel.com/docs/requests) - Request sampling, header handling, payload capture
- [Commands](https://nightwatch.laravel.com/docs/commands) - Command sampling and redaction
- [Queries](https://nightwatch.laravel.com/docs/queries) - Query filtering and redaction
- [Cache](https://nightwatch.laravel.com/docs/cache) - Cache event filtering by key or pattern
- [Jobs](https://nightwatch.laravel.com/docs/jobs) - Job filtering and sampling decoupling
- [Mail](https://nightwatch.laravel.com/docs/mail) - Mail event filtering
- [Notifications](https://nightwatch.laravel.com/docs/notifications) - Notification filtering by channel
- [Exceptions](https://nightwatch.laravel.com/docs/exceptions) - Exception sampling and throttling
- [Outgoing Requests](https://nightwatch.laravel.com/docs/outgoing-requests) - HTTP request filtering
- [reference.md](reference.md) - Quick lookup table by event type, production presets, and verification checklist
## Data Collection Flow
Nightwatch processes events through three stages:
1. **Sampling** - Controls which entry points are captured (requests, commands, scheduled tasks)
2. **Filtering** - Excludes specific events after sampling (queries, cache, mail, etc.)
3. **Redaction** - Modifies captured data to remove/obfuscate sensitive information
```
Request/Command/Scheduled Task
|
v
[Sampling?] ----NO----> Drop entire trace
| YES
v
Events generated
|
v
[Filtering?] ----YES---> Drop specific event
| NO
v
[Redaction] ----------> Store modified data
```
---
## Sampling Configuration
Sampling determines which entry points (requests, commands, scheduled tasks) trigger full trace collection. When an entry point is sampled, all related events are captured.
### Global Sample Rates
Configure via environment variables:
```bash
# Default: 100% sampling (all requests/commands captured)
NIGHTWATCH_REQUEST_SAMPLE_RATE=0.1 # Recommended: 10% of requests
NIGHTWATCH_COMMAND_SAMPLE_RATE=1.0 # Capture all commands
NIGHTWATCH_EXCEPTION_SAMPLE_RATE=1.0 # Always capture exceptions
```
**Recommendation**: Start with `0.1` (10%) for requests in production, adjust based on volume and needs.
### Route-Based Sampling
Apply different rates to specific routes using the `Sample` middleware:
```php routes/web.php
use Illuminate\Support\Facades\Route;
use Laravel\Nightwatch\Http\Middleware\Sample;
// Sample admin routes at 100%
Route::middleware(Sample::rate(1.0))->prefix('admin')->group(function () {
// All admin routes sampled fully
});
// Sample API routes at 5%
Route::middleware(Sample::rate(0.05))->prefix('api')->group(function () {
// API routes sampled sparingly
});
// Always sample critical endpoints
Route::post('/checkout', [CheckoutController::class, 'process'])
->middleware(Sample::always());
// Never sample health checks
Route::get('/health', [HealthController::class, 'check'])
->middleware(Sample::never());
```
### Unmatched Route Sampling
Handle 404/bot traffic with reduced sampling:
```php routes/web.php
Route::fallback(fn () => abort(404))
->middleware(Sample::rate(0.01)); // 1% sampling for unmatched routes
```
### Dynamic Sampling
Sample based on runtime conditions (user role, request attributes):
```php app/Http/Middleware/SampleAdminRequests.php
use Closure;
use Illuminate\Http\Request;
use Laravel\Nightwatch\Facades\Nightwatch;
class SampleAdminRequests
{
public function handle(Request $request, Closure $next)
{
if ($request->user()?->isAdmin()) {
Nightwatch::sample(); // Always sample admin requests
}
return $next($request);
}
}
```
### Command Sampling
Exclude specific commands from sampling:
```php AppServiceProvider.php
use Illuminate\Console\Events\CommandStarting;
use Illuminate\Support\Facades\Event;
use Laravel\Nightwatch\Facades\Nightwatch;
public function boot(): void
{
Event::listen(function (CommandStarting $event) {
if (in_array($event->command, ['schedule:finish', 'horizon:snapshot'])) {
Nightwatch::dontSample();
}
});
}
```
### Vendor Commands
Nightwatch automatically ignores framework/internal commands. Opt-in to capture them:
```php
Nightwatch::captureDefaultVendorCommands();
```
---
## Filtering Configuration
Filtering excludes specific events from collection after sampling. Use filtering to reduce noise and quota usage.
### Database Queries
**Filter all queries** (disable query collection):
```bash
NIGHTWATCH_IGNORE_QUERIES=true
```
**Filter specific queries** by SQL pattern:
```php AppServiceProvider.php
use Laravel\Nightwatch\Facades\Nightwatch;
use Laravel\Nightwatch\Records\Query;
public function boot(): void
{
// Filter job table queries (PostgreSQL)
Nightwatch::rejectQueries(function (Query $query) {
return str_contains($query->sql, 'into "jobs"');
});
// Filter cache table queries (MySQL)
Nightwatch::rejectQueries(function (Query $query) {
return str_contains($query->sql, 'from `cache`')
|| str_contains($query->sql, 'into `cache`');
});
}
```
### Cache Events
**Filter all cache events**:
```bash
NIGHTWATCH_IGNORE_CACHE_EVENTS=true
```
**Filter by cache key patterns**:
```php
Nightwatch::rejectCacheKeys([
'my-app:users', // Exact match
'/^my-app:posts:/', // Regex: starts with my-app:posts:
'/^[a-zA-Z0-9]{40}$/', // Regex: session IDs
]);
```
**Filter with callback**:
```php
use Laravel\Nightwatch\Records\CacheEvent;
Nightwatch::rejectCacheEvents(function (CacheEvent $cacheEvent) {
return str_starts_with($cacheEvent->key, 'temp:');
});
```
### Mail Events
**Filter all mail**:
```bash
NIGHTWATCH_IGNORE_MAIL=true
```
**Filter specific mail**:
```php
use Laravel\Nightwatch\Records\Mail;
Nightwatch::rejectMail(function (Mail $mail) {
return str_contains($mail->subject, 'Newsletter');
});
```
### Notification Events
**Filter all notifications**:
```bash
NIGHTWATCH_IGNORE_NOTIFICATIONS=true
```
**Filter by channel**:
```php
use Laravel\Nightwatch\Records\Notification;
Nightwatch::rejectNotifications(function (Notification $notification) {
return $notification->channel === 'database';
});
```
### Outgoing HTTP Requests
**Filter all outgoing requests**:
```bash
NIGHTWATCH_IGNORE_OUTGOING_REQUESTS=true
```
**Filter by URL**:
```php
use Laravel\Nightwatch\Records\OutgoingRequest;
Nightwatch::rejectOutgoingRequests(function (OutgoingRequest $request) {
return str_contains($request->url, 'analytics.example.com');
});
```
### Queued Jobs
**Filter specific jobs**:
```php
use Laravel\Nightwatch\Records\QueuedJob;
Nightwatch::rejectQueuedJobs(function (QueuedJob $job) {
return $job->name === 'App\Jobs\LowPriorityJob';
});
```
### Decoupling Job Sampling
Sample jobs independently from parent contexts:
```php
use Illuminate\Support\Facades\Queue;
public function boot(): void
{
Queue::before(fn () => Nightwatch::sample(rate: 0.5));
}
```
---
## Redaction Configuration
Redaction modifies captured data to remove or obfuscate sensitive information. Unlike filtering, redaction keeps the event but sanitizes its content.
### Request Redaction
**Redact sensitive headers** (automatically redacts: Authorization, Cookie, X-XSRF-TOKEN):
```bash
# Customize redacted headers
NIGHTWATCH_REDACT_HEADERS=Authorization,Cookie,Proxy-Authorization,X-API-Key
```
**Redact request payloads** (disabled by default):
```bash
# Enable payload capture
NIGHTWATCH_CAPTURE_REQUEST_PAYLOAD=true
# Customize redacted fields
NIGHTWATCH_REDACT_PAYLOAD_FIELDS=password,password_confirmation,ssn,credit_card
```
**Programmatic redaction**:
```php
use Laravel\Nightwatch\Facades\Nightwatch;
use Laravel\Nightwatch\Records\Request;
Nightwatch::redactRequests(function (Request $request) {
$request->url = str_replace('secret', '***', $request->url);
$request->ip = preg_replace('/\d+$/', '***', $request->ip);
});
```
### Query Redaction
```php
use Laravel\Nightwatch\Records\Query;
Nightwatch::redactQueries(function (Query $query) {
$query->sql = str_replace('secret_token', '***', $query->sql);
});
```
### Cache Redaction
```php
use Laravel\Nightwatch\Records\CacheEvent;
Nightwatch::redactCacheEvents(function (CacheEvent $cacheEvent) {
$cacheEvent->key = str_replace('user:', 'user:***:', $cacheEvent->key);
});
```
### Command Redaction
```php
use Laravel\Nightwatch\Records\Command;
Nightwatch::redactCommands(function (Command $command) {
$command->command = preg_replace('/--password=\S+/', '--password=***', $command->command);
});
```
### Exception Redaction
```php
use Laravel\Nightwatch\Records\Exception;
Nightwatch::redactExceptions(function (Exception $exception) {
$exception->message = str_replace('secret', '***', $exception->message);
});
```
### Mail Redaction
```php
use Laravel\Nightwatch\Records\Mail;
Nightwatch::redactMail(function (Mail $mail) {
$mail->subject = str_replace('Invoice #', 'Invoice ***', $mail->subject);
});
```
### Outgoing Request Redaction
```php
use Laravel\Nightwatch\Records\OutgoingRequest;
Nightwatch::redactOutgoingRequests(function (OutgoingRequest $outgoingRequest) {
$outgoingRequest->url = preg_replace('/api_key=\w+/', 'api_key=***', $outgoingRequest->url);
});
```
.agents/skills/configure-nightwatch/reference.md
+108
View File
@@ -0,0 +1,108 @@
# Nightwatch Configuration Reference
## Configuration Summary by Event Type
| Event Type | Sampling | Filtering | Redaction |
| --------------------- | -------------------------------------------------- | ---------------------------------------------------------------------------- | ------------------------- |
| **Requests** | `NIGHTWATCH_REQUEST_SAMPLE_RATE`, Route middleware | Not applicable | Headers, payload, URL, IP |
| **Commands** | `NIGHTWATCH_COMMAND_SAMPLE_RATE`, Event listener | Not applicable | Command arguments |
| **Queries** | Parent context | `rejectQueries()`, `NIGHTWATCH_IGNORE_QUERIES` | SQL statement |
| **Cache** | Parent context | `rejectCacheKeys()`, `rejectCacheEvents()`, `NIGHTWATCH_IGNORE_CACHE_EVENTS` | Cache key |
| **Jobs** | Parent context, Queue::before | `rejectQueuedJobs()` | Not applicable |
| **Mail** | Parent context | `rejectMail()`, `NIGHTWATCH_IGNORE_MAIL` | Subject |
| **Notifications** | Parent context | `rejectNotifications()`, `NIGHTWATCH_IGNORE_NOTIFICATIONS` | Not applicable |
| **Outgoing Requests** | Parent context | `rejectOutgoingRequests()`, `NIGHTWATCH_IGNORE_OUTGOING_REQUESTS` | URL |
| **Exceptions** | `NIGHTWATCH_EXCEPTION_SAMPLE_RATE` | Not applicable | Exception message |
---
## Production Recommendations
### High-Traffic Applications
```bash
# Conservative sampling
NIGHTWATCH_REQUEST_SAMPLE_RATE=0.01 # 1% of requests
NIGHTWATCH_COMMAND_SAMPLE_RATE=0.1 # 10% of commands
NIGHTWATCH_EXCEPTION_SAMPLE_RATE=1.0 # Always capture exceptions
# Filter noisy events
NIGHTWATCH_IGNORE_CACHE_EVENTS=true
NIGHTWATCH_IGNORE_QUERIES=true # Or filter specific queries programmatically
```
### Privacy-Conscious Applications
```bash
# Disable sensitive data collection
NIGHTWATCH_CAPTURE_REQUEST_PAYLOAD=false
NIGHTWATCH_REDACT_HEADERS=Authorization,Cookie,Proxy-Authorization,X-XSRF-TOKEN
# Or use redaction in AppServiceProvider
```
### Balanced Configuration (Recommended Start)
```bash
# Sample rates
NIGHTWATCH_REQUEST_SAMPLE_RATE=0.1
NIGHTWATCH_COMMAND_SAMPLE_RATE=1.0
NIGHTWATCH_EXCEPTION_SAMPLE_RATE=1.0
# Filter obvious noise programmatically
# Redact PII as needed
```
---
## Verification Checklist
After configuration:
- [ ] Sampling rates appropriate for traffic volume
- [ ] Noisy events filtered (cache, certain queries)
- [ ] Sensitive data redacted (PII, tokens, credentials)
- [ ] Exceptions always captured for debugging
- [ ] Test in development with `NIGHTWATCH_REQUEST_SAMPLE_RATE=1.0`
- [ ] Monitor event quota usage in Nightwatch dashboard
---
## Common Patterns
### Filter Health Checks + Reduce Sampling
```php
Route::get('/health', fn() => ['status' => 'ok'])
->middleware(Sample::never());
```
### Exclude Internal/Vendor Queries
```php
Nightwatch::rejectQueries(fn($q) =>
str_contains($q->sql, 'telescope') ||
str_contains($q->sql, 'pulse')
);
```
### Protect User Data in Cache Keys
```php
Nightwatch::redactCacheEvents(fn($e) =>
$e->key = preg_replace('/user:\d+/', 'user:***', $e->key)
);
```
.agents/skills/configuring-horizon/SKILL.md
+1 -1
View File
@@ -82,4 +82,4 @@ protected function gate(): void
- The `environments` array overrides only the keys you specify. It merges into `defaults` and does not replace it.
- The timeout chain must be ordered: job `timeout` less than supervisor `timeout` less than `retry_after`. The wrong order can cause jobs to be retried before Horizon finishes timing them out.
- The metrics dashboard stays blank until `horizon:snapshot` is scheduled. Running `php artisan horizon` alone does not populate metrics.
- Always use `search-docs` for the latest Horizon documentation rather than relying on this skill alone.
- Always use `search-docs` for the latest Horizon documentation rather than relying on this skill alone.
.agents/skills/configuring-horizon/references/metrics.md
+1 -1
View File
@@ -18,4 +18,4 @@ A single manual run populates the dashboard momentarily but will not keep it upd
### `metrics.trim_snapshots` is a snapshot count, not a time duration
The `trim_snapshots.job` and `trim_snapshots.queue` values in `config/horizon.php` are counts of snapshots to keep, not minutes or hours. With the default of 24 snapshots at 5-minute intervals, that provides 2 hours of history. Increase the value to retain more history at the cost of Redis memory usage.
The `trim_snapshots.job` and `trim_snapshots.queue` values in `config/horizon.php` are counts of snapshots to keep, not minutes or hours. With the default of 24 snapshots at 5-minute intervals, that provides 2 hours of history. Increase the value to retain more history at the cost of Redis memory usage.
.agents/skills/configuring-horizon/references/notifications.md
+1 -1
View File
@@ -18,4 +18,4 @@ Configure notifications in the `boot()` method of `App\Providers\HorizonServiceP
### Failed job alerts are separate from Horizon's documented notification routing
Horizon's 12.x documentation covers built-in long-wait notifications. Do not assume the docs provide a `JobFailed` listener example in `HorizonServiceProvider`. If a user needs failed job alerts, treat that as custom queue event handling and consult the queue documentation instead of Horizon's notification-routing API.
Horizon's 12.x documentation covers built-in long-wait notifications. Do not assume the docs provide a `JobFailed` listener example in `HorizonServiceProvider`. If a user needs failed job alerts, treat that as custom queue event handling and consult the queue documentation instead of Horizon's notification-routing API.
.agents/skills/configuring-horizon/references/supervisors.md
+1 -1
View File
@@ -24,4 +24,4 @@ Auto-balancing suits variable load, but if a queue should always have exactly N
### Set `balanceCooldown` to prevent rapid worker scaling under bursty load
When using `balance: auto`, the supervisor can scale up and down rapidly under bursty load. Set `balanceCooldown` to the number of seconds between scaling decisions, typically 3 to 5, to smooth this out. `balanceMaxShift` limits how many processes are added or removed per cycle.
When using `balance: auto`, the supervisor can scale up and down rapidly under bursty load. Set `balanceCooldown` to the number of seconds between scaling decisions, typically 3 to 5, to smooth this out. `balanceMaxShift` limits how many processes are added or removed per cycle.
.agents/skills/configuring-horizon/references/tags.md
+1 -1
View File
@@ -18,4 +18,4 @@ Adding a job class to the `silenced` array in `config/horizon.php` removes it fr
### `silenced_tags` hides all jobs carrying a matching tag from the completed list
Any job carrying a matching tag string is hidden from the completed jobs view. This is useful for silencing a category of jobs such as all jobs tagged `notifications`, rather than silencing specific classes.
Any job carrying a matching tag string is hidden from the completed jobs view. This is useful for silencing a category of jobs such as all jobs tagged `notifications`, rather than silencing specific classes.
.agents/skills/debugging-output-and-previewing-html-using-ray/SKILL.md
+1 -1
View File
@@ -411,4 +411,4 @@ curl -X POST http://localhost:23517/ \
| `remove` | (empty) | Remove entry |
| `confetti` | (empty) | Confetti animation |
| `show_app` | (empty) | Show Ray window |
| `hide_app` | (empty) | Hide Ray window |
| `hide_app` | (empty) | Hide Ray window |
.agents/skills/fortify-development/SKILL.md
+22 -2
View File
@@ -1,6 +1,6 @@
---
name: fortify-development
description: 'ACTIVATE when the user works on authentication in Laravel. This includes login, registration, password reset, email verification, two-factor authentication (2FA/TOTP/QR codes/recovery codes), profile updates, password confirmation, or any auth-related routes and controllers. Activate when the user mentions Fortify, auth, authentication, login, register, signup, forgot password, verify email, 2FA, or references app/Actions/Fortify/, CreateNewUser, UpdateUserProfileInformation, FortifyServiceProvider, config/fortify.php, or auth guards. Fortify is the frontend-agnostic authentication backend for Laravel that registers all auth routes and controllers. Also activate when building SPA or headless authentication, customizing login redirects, overriding response contracts like LoginResponse, or configuring login throttling. Do NOT activate for Laravel Passport (OAuth2 API tokens), Socialite (OAuth social login), or non-auth Laravel features.'
description: 'ACTIVATE when the user works on authentication in Laravel. This includes login, registration, password reset, email verification, two-factor authentication (2FA/TOTP/QR codes/recovery codes), passkeys, profile updates, password confirmation, or any auth-related routes and controllers. Activate when the user mentions Fortify, auth, authentication, login, register, signup, forgot password, verify email, 2FA, passkeys, WebAuthn, or references app/Actions/Fortify/, CreateNewUser, UpdateUserProfileInformation, FortifyServiceProvider, config/fortify.php, or auth guards. Fortify is the frontend-agnostic authentication backend for Laravel that registers all auth routes and controllers. Also activate when building SPA or headless authentication, customizing login redirects, overriding response contracts like LoginResponse, or configuring login throttling. Do NOT activate for Laravel Passport (OAuth2 API tokens), Socialite (OAuth social login), or non-auth Laravel features.'
license: MIT
metadata:
author: laravel
@@ -32,6 +32,7 @@ Enable in `config/fortify.php` features array:
- `Features::updateProfileInformation()` - Profile updates
- `Features::updatePasswords()` - Password changes
- `Features::twoFactorAuthentication()` - 2FA with QR codes and recovery codes
- `Features::passkeys()` - Passwordless authentication with WebAuthn passkeys
> Use `search-docs` for feature configuration options and customization patterns.
@@ -50,6 +51,18 @@ Enable in `config/fortify.php` features array:
> Use `search-docs` for TOTP implementation and recovery code handling patterns.
### Passkeys Setup
```
- [ ] Add PasskeyAuthenticatable trait to User model and implement PasskeyUser
- [ ] Enable passkeys feature in config/fortify.php
- [ ] If the passkeys table migration is missing, publish via `php artisan vendor:publish --tag=fortify-migrations` and migrate
- [ ] Configure passkeys relying_party_id, allowed_origins, user_handle_secret, and timeout if defaults are not suitable
- [ ] Build UI with @laravel/passkeys for registration, login, confirmation, and deletion
```
> Use `search-docs` for passkey configuration options. For `@laravel/passkeys` frontend usage, refer to the package's README on npm.
### Email Verification Setup
```
@@ -128,4 +141,11 @@ Configure via `fortify.limiters.login` in config. Default configuration throttle
| Confirm 2FA | POST | `/user/confirmed-two-factor-authentication` |
| 2FA Challenge | POST | `/two-factor-challenge` |
| Get QR Code | GET | `/user/two-factor-qr-code` |
| Recovery Codes | GET/POST | `/user/two-factor-recovery-codes` |
| Recovery Codes | GET/POST | `/user/two-factor-recovery-codes` |
| Passkey Login Options | GET | `/passkeys/login/options` |
| Passkey Login | POST | `/passkeys/login` |
| Passkey Confirm Options| GET | `/passkeys/confirm/options` |
| Passkey Confirm | POST | `/passkeys/confirm` |
| Passkey Options | GET | `/user/passkeys/options` |
| Register Passkey | POST | `/user/passkeys` |
| Delete Passkey | DELETE | `/user/passkeys/{passkey}` |
.agents/skills/laravel-actions/SKILL.md
+1 -1
View File
@@ -299,4 +299,4 @@ Use these references for deep dives by entrypoint/topic. Keep `SKILL.md` focused
- Command entrypoint: `references/command.md`
- With attributes: `references/with-attributes.md`
- Testing and fakes: `references/testing-fakes.md`
- Troubleshooting: `references/troubleshooting.md`
- Troubleshooting: `references/troubleshooting.md`
.agents/skills/laravel-actions/references/command.md
+1 -1
View File
@@ -157,4 +157,4 @@ $this->artisan('users:update-role 1 admin')
## References
- https://www.laravelactions.com/2.x/as-command.html
- https://www.laravelactions.com/2.x/as-command.html
.agents/skills/laravel-actions/references/controller.md
+1 -1
View File
@@ -336,4 +336,4 @@ public function getAuthorizationFailure(): void
## References
- https://www.laravelactions.com/2.x/as-controller.html
- https://www.laravelactions.com/2.x/as-controller.html
.agents/skills/laravel-actions/references/job.md
+1 -1
View File
@@ -422,4 +422,4 @@ public function jobFailed(?Throwable $e, ...$parameters): void
## References
- https://www.laravelactions.com/2.x/as-job.html
- https://www.laravelactions.com/2.x/as-job.html
.agents/skills/laravel-actions/references/listener.md
+1 -1
View File
@@ -78,4 +78,4 @@ Event::assertDispatched(TaxiRequested::class);
## References
- https://www.laravelactions.com/2.x/as-listener.html
- https://www.laravelactions.com/2.x/as-listener.html
.agents/skills/laravel-actions/references/object.md
+1 -1
View File
@@ -115,4 +115,4 @@ final class ArticleService
return $this->publishArticle->handle($articleId);
}
}
```
```
.agents/skills/laravel-actions/references/testing-fakes.md
+1 -1
View File
@@ -157,4 +157,4 @@ it('does not run sync when integration is disabled', function () {
## References
- https://www.laravelactions.com/2.x/as-fake.html
- https://www.laravelactions.com/2.x/as-fake.html
.agents/skills/laravel-actions/references/troubleshooting.md
+1 -1
View File
@@ -30,4 +30,4 @@ Use this reference when action wiring behaves unexpectedly.
- Reproduce with a focused failing test.
- Validate wiring layer first, then domain behavior.
- Isolate dependencies with fakes/spies where appropriate.
- Isolate dependencies with fakes/spies where appropriate.
.agents/skills/laravel-actions/references/with-attributes.md
+1 -1
View File
@@ -186,4 +186,4 @@ $article = $action->handle($validated);
## References
- https://www.laravelactions.com/2.x/with-attributes.html
- https://www.laravelactions.com/2.x/with-attributes.html
.agents/skills/laravel-best-practices/SKILL.md
+2 -2
View File
@@ -94,7 +94,7 @@ Check sibling files, related controllers, models, or tests for established patte
### 9. Queue & Job Patterns → `rules/queue-jobs.md`
- `retry_after` must exceed job `timeout`; use exponential backoff `[1, 5, 10]`
- `ShouldBeUnique` to prevent duplicates; `WithoutOverlapping::untilProcessing()` for concurrency
- `ShouldBeUnique` to prevent duplicates; `ShouldBeUniqueUntilProcessing` for early lock release
- Always implement `failed()`; with `retryUntil()`, set `$tries = 0`
- `RateLimited` middleware for external API calls; `Bus::batch()` for related jobs
- Horizon for complex multi-queue scenarios
@@ -187,4 +187,4 @@ Always use a sub-agent to read rule files and explore this skill's content.
1. Identify the file type and select relevant sections (e.g., migration → §16, controller → §1, §3, §5, §6, §10)
2. Check sibling files for existing patterns — follow those first per Consistency First
3. Verify API syntax with `search-docs` for the installed Laravel version
3. Verify API syntax with `search-docs` for the installed Laravel version
.agents/skills/laravel-best-practices/rules/advanced-queries.md
+1 -1
View File
@@ -103,4 +103,4 @@ public function scopeOrderByLastLogin($query): void
->take(1)
);
}
```
```
.agents/skills/laravel-best-practices/rules/architecture.md
+2 -2
View File
@@ -82,7 +82,7 @@ $this->app->bind(PaymentGateway::class, StripeGateway::class);
## Default Sort by Descending
When no explicit order is specified, sort by `id` or `created_at` descending. Explicit ordering prevents cross-database inconsistencies between MySQL and Postgres.
When no explicit order is specified, sort by `id` or `created_at` descending. Without an explicit `ORDER BY`, row order is undefined.
Incorrect:
```php
@@ -199,4 +199,4 @@ class Customer extends Model
return $this->belongsToMany(Role::class);
}
}
```
```
.agents/skills/laravel-best-practices/rules/blade-views.md
+1 -1
View File
@@ -33,4 +33,4 @@ return view('dashboard', compact('users'))
## Use `@aware` for Deeply Nested Component Props
Avoids re-passing parent props through every level of nested components.
Avoids re-passing parent props through every level of nested components.
.agents/skills/laravel-best-practices/rules/caching.md
+2 -2
View File
@@ -2,7 +2,7 @@
## Use `Cache::remember()` Instead of Manual Get/Put
Atomic pattern prevents race conditions and removes boilerplate.
Cleaner cache-aside pattern that removes boilerplate. use `Cache::lock()` for race conditions.
Incorrect:
```php
@@ -67,4 +67,4 @@ If Redis goes down, the app falls back to a secondary store automatically.
```php
'failover' => ['driver' => 'failover', 'stores' => ['redis', 'database']],
```
```
.agents/skills/laravel-best-practices/rules/collections.md
+1 -1
View File
@@ -41,4 +41,4 @@ More declarative than overriding `newCollection()`.
```php
#[CollectedBy(UserCollection::class)]
class User extends Model {}
```
```
.agents/skills/laravel-best-practices/rules/config.md
+2 -2
View File
@@ -2,7 +2,7 @@
## `env()` Only in Config Files
Direct `env()` calls return `null` when config is cached.
Direct `env()` calls may return `null` when config is cached.
Incorrect:
```php
@@ -70,4 +70,4 @@ If the application already uses language files for localization, use `__()` for
```php
// Only when lang files already exist in the project
return back()->with('message', __('app.article_added'));
```
```
.agents/skills/laravel-best-practices/rules/db-performance.md
+1 -1
View File
@@ -189,4 +189,4 @@ return view('users.index', compact('users'));
@foreach ($users as $user)
{{ $user->profile->name }}
@endforeach
```
```
.agents/skills/laravel-best-practices/rules/eloquent.md
+1 -1
View File
@@ -145,4 +145,4 @@ Order::where('status', 'pending')->get();
Prefer Eloquent queries and relationships over `DB::table()` whenever possible — they already reference the model's table. When `DB::table()` or raw joins are unavoidable, always use `(new Model)->getTable()` to keep the reference traceable.
**Exception — migrations:** In migrations, hardcoded table names via `DB::table('settings')` are acceptable and preferred. Models change over time but migrations are frozen snapshots — referencing a model that is later renamed or deleted would break the migration.
**Exception — migrations:** In migrations, hardcoded table names via `DB::table('settings')` are acceptable and preferred. Models change over time but migrations are frozen snapshots — referencing a model that is later renamed or deleted would break the migration.
.agents/skills/laravel-best-practices/rules/error-handling.md
+1 -1
View File
@@ -69,4 +69,4 @@ class InvalidOrderException extends Exception
return ['order_id' => $this->orderId];
}
}
```
```
.agents/skills/laravel-best-practices/rules/events-notifications.md
+6 -2
View File
@@ -29,7 +29,11 @@ class InvoicePaid extends Notification implements ShouldQueue
## Use `afterCommit()` on Notifications in Transactions
Same race condition as events — the queued notification job may run before the transaction commits.
Same race condition as events — call `afterCommit()` to delay dispatch until the transaction commits.
```php
$user->notify((new InvoicePaid($invoice))->afterCommit());
```
## Route Notification Channels to Dedicated Queues
@@ -45,4 +49,4 @@ Notification::route('mail', 'admin@example.com')->notify(new SystemAlert());
## Implement `HasLocalePreference` on Notifiable Models
Laravel automatically uses the user's preferred locale for all notifications and mailables — no per-call `locale()` needed.
Laravel automatically uses the user's preferred locale for all notifications and mailables — no per-call `locale()` needed.
.agents/skills/laravel-best-practices/rules/http-client.md
+2 -2
View File
@@ -52,7 +52,7 @@ $response = Http::retry([100, 500, 1000])
Only retry on specific errors:
```php
$response = Http::retry(3, 100, function (Exception $exception, PendingRequest $request) {
$response = Http::retry(3, 100, function (Throwable $exception, PendingRequest $request) {
return $exception instanceof ConnectionException
|| ($exception instanceof RequestException && $exception->response->serverError());
})->post('https://api.example.com/data');
@@ -157,4 +157,4 @@ Test failure scenarios too:
Http::fake([
'api.example.com/*' => Http::failedConnection(),
]);
```
```
.agents/skills/laravel-best-practices/rules/mail.md
+2 -2
View File
@@ -10,7 +10,7 @@ A queued mailable dispatched inside a transaction may process before the commit.
## Use `assertQueued()` Not `assertSent()` for Queued Mailables
`Mail::assertSent()` only catches synchronous mail. Queued mailables silently pass `assertSent`, giving false confidence.
`Mail::assertSent()` only catches synchronous mail. Queued mailables fail `assertSent` with a "Did you mean to use assertQueued()?" hint.
Incorrect: `Mail::assertSent(OrderShipped::class);` when mailable implements `ShouldQueue`.
@@ -24,4 +24,4 @@ Markdown mailables auto-generate both HTML and plain-text versions, use responsi
Content tests: instantiate the mailable directly, call `assertSeeInHtml()`.
Sending tests: use `Mail::fake()` and `assertSent()`/`assertQueued()`.
Don't mix them — it conflates concerns and makes tests brittle.
Don't mix them — it conflates concerns and makes tests brittle.
.agents/skills/laravel-best-practices/rules/migrations.md
+1 -1
View File
@@ -118,4 +118,4 @@ Schema::create('settings', function (Blueprint $table) { ... });
// Migration 2: seed_default_settings
DB::table('settings')->insert(['key' => 'version', 'value' => '1.0']);
```
```
.agents/skills/laravel-best-practices/rules/queue-jobs.md
+6 -8
View File
@@ -106,25 +106,23 @@ When using time-based retry limits, set `$tries = 0` to avoid premature failure.
```php
public $tries = 0;
public function retryUntil(): DateTime
public function retryUntil(): \DateTimeInterface
{
return now()->addHours(4);
}
```
## Use `WithoutOverlapping::untilProcessing()`
## Use `ShouldBeUniqueUntilProcessing` for Early Lock Release
Prevents concurrent execution while allowing new instances to queue.
`ShouldBeUnique` holds the lock until the job completes. `ShouldBeUniqueUntilProcessing` releases it when processing starts, allowing new instances to queue.
```php
public function middleware(): array
class UpdateSearchIndex implements ShouldQueue, ShouldBeUniqueUntilProcessing
{
return [new WithoutOverlapping($this->product->id)->untilProcessing()];
// Lock releases when processing begins, not when it finishes
}
```
Without `untilProcessing()`, the lock extends through queue wait time. With it, the lock releases when processing starts.
## Use Horizon for Complex Queue Scenarios
Use Laravel Horizon when you need monitoring, auto-scaling, failure tracking, or multiple queues with different priorities.
@@ -143,4 +141,4 @@ Use Laravel Horizon when you need monitoring, auto-scaling, failure tracking, or
],
],
],
```
```
.agents/skills/laravel-best-practices/rules/routing.md
+3 -2
View File
@@ -36,7 +36,8 @@ Use `Route::resource()` or `apiResource()` for RESTful endpoints.
```php
Route::resource('posts', PostController::class);
Route::apiResource('api/posts', Api\PostController::class);
// In routes/api.php — the /api prefix is applied automatically
Route::apiResource('posts', Api\PostController::class);
```
## Keep Controllers Thin
@@ -95,4 +96,4 @@ public function store(StorePostRequest $request): RedirectResponse
return redirect()->route('posts.index');
}
```
```
.agents/skills/laravel-best-practices/rules/scheduling.md
+1 -1
View File
@@ -36,4 +36,4 @@ Schedule::daily()
Schedule::command('emails:send --force');
Schedule::command('emails:prune');
});
```
```
.agents/skills/laravel-best-practices/rules/security.md
+4 -4
View File
@@ -32,7 +32,7 @@ Use policies or gates in controllers. Never skip authorization.
Incorrect:
```php
public function update(Request $request, Post $post)
public function update(UpdatePostRequest $request, Post $post)
{
$post->update($request->validated());
}
@@ -90,7 +90,7 @@ Correct:
## CSRF Protection
Include `@csrf` in all POST/PUT/DELETE Blade forms. Not needed in Inertia.
Include `@csrf` in all POST/PUT/DELETE Blade forms. In Inertia apps, the `@csrf` directive is automatically applied.
Incorrect:
```blade
@@ -121,7 +121,7 @@ Route::post('/login', LoginController::class)->middleware('throttle:login');
## Validate File Uploads
Validate MIME type, extension, and size. Never trust client-provided filenames.
Validate extension, MIME type, and size. The `mimes` rule checks extensions; use `mimetypes` for actual MIME type validation. Never trust client-provided filenames.
```php
public function rules(): array
@@ -195,4 +195,4 @@ class Integration extends Model
];
}
}
```
```
.agents/skills/laravel-best-practices/rules/style.md
BIN
View File
Binary file not shown.
.agents/skills/laravel-best-practices/rules/testing.md
+2 -2
View File
@@ -2,7 +2,7 @@
## Use `LazilyRefreshDatabase` Over `RefreshDatabase`
`RefreshDatabase` runs all migrations every test run even when the schema hasn't changed. `LazilyRefreshDatabase` only migrates when needed, significantly speeding up large suites.
`RefreshDatabase` migrates once per process and wraps each test in a rolled-back transaction. `LazilyRefreshDatabase` skips even that first migration if the schema is already up to date.
## Use Model Assertions Over Raw Database Assertions
@@ -40,4 +40,4 @@ Without `recycle()`, nested factories create separate instances of the same conc
Ticket::factory()
->recycle(Airline::factory()->create())
->create();
```
```
.agents/skills/laravel-best-practices/rules/validation.md
+1 -1
View File
@@ -72,4 +72,4 @@ public function after(): array
},
];
}
```
```
.agents/skills/livewire-development/SKILL.md
+1 -1
View File
@@ -112,4 +112,4 @@ $this->get('/posts/create')
- Forgetting `wire:key` in loops causes unexpected behavior when items change
- Using `wire:model` expecting real-time updates (use `wire:model.live` instead in v3)
- Not validating/authorizing in Livewire actions (treat them like HTTP requests)
- Including Alpine.js separately when it's already bundled with Livewire 3
- Including Alpine.js separately when it's already bundled with Livewire 3
.agents/skills/mcp-development/SKILL.md
+96
View File
@@ -0,0 +1,96 @@
---
name: mcp-development
description: "Use this skill for Laravel MCP development only. Trigger when creating or editing MCP tools, resources, prompts, or servers in Laravel projects. Covers: artisan make:mcp-* generators, mcp:inspector, routes/ai.php, Tool/Resource/Prompt classes, schema validation, shouldRegister(), OAuth setup, URI templates, read-only attributes, and MCP debugging. Do not use for non-Laravel MCP projects or generic AI features without MCP."
license: MIT
metadata:
author: laravel
---
# MCP Development
## Documentation
Use `search-docs` for detailed Laravel MCP patterns and documentation.
## Basic Usage
Register MCP servers in `routes/ai.php`:
<!-- Register MCP Server -->
```php
use Laravel\Mcp\Facades\Mcp;
Mcp::web();
```
### Creating MCP Primitives
Create MCP tools, resources, prompts, and servers using artisan commands:
```bash
php artisan make:mcp-tool ToolName # Create a tool
php artisan make:mcp-resource ResourceName # Create a resource
php artisan make:mcp-prompt PromptName # Create a prompt
php artisan make:mcp-server ServerName # Create a server
```
After creating primitives, register them in your server's `$tools`, `$resources`, or `$prompts` properties.
### Tools
<!-- MCP Tool Example -->
```php
use Laravel\Mcp\Server\Tool;
use Laravel\Mcp\Server\Request;
use Laravel\Mcp\Server\Response;
class MyTool extends Tool
{
public function handle(Request $request): Response
{
return new Response(['result' => 'success']);
}
}
```
### Registering Primitives in a Server
Each MCP server must explicitly declare the tools, resources, and prompts it exposes.
<!-- Register Primitives in MCP Server -->
```php
use Laravel\Mcp\Server;
class AppServer extends Server
{
protected array $tools = [
\App\Mcp\Tools\MyTool::class,
];
protected array $resources = [
\App\Mcp\Resources\MyResource::class,
];
protected array $prompts = [
\App\Mcp\Prompts\MyPrompt::class,
];
}
```
## Verification
1. Check `routes/ai.php` for proper registration
2. Test tool via MCP client
## Common Pitfalls
- Running `mcp:start` command (it hangs waiting for input)
- Using HTTPS locally with Node-based MCP clients
- Not using `search-docs` for the latest MCP documentation
- Not registering MCP server routes in `routes/ai.php`
- Do not register `ai.php` in `bootstrap.php`; it is registered automatically.
- OAuth registration supports custom URI schemes (e.g., `cursor://`, `vscode://`) for native desktop clients via `mcp.custom_schemes` config
.agents/skills/pest-testing/SKILL.md
+11 -2
View File
@@ -1,6 +1,6 @@
---
name: pest-testing
description: "Use this skill for Pest PHP testing in Laravel projects only. Trigger whenever any test is being written, edited, fixed, or refactored — including fixing tests that broke after a code change, adding assertions, converting PHPUnit to Pest, adding datasets, and TDD workflows. Always activate when the user asks how to write something in Pest, mentions test files or directories (tests/Feature, tests/Unit, tests/Browser), or needs browser testing, smoke testing multiple pages for JS errors, or architecture tests. Covers: it()/expect() syntax, datasets, mocking, browser testing (visit/click/fill), smoke testing, arch(), Livewire component tests, RefreshDatabase, and all Pest 4 features. Do not use for factories, seeders, migrations, controllers, models, or non-test PHP code."
description: "Use this skill for Pest PHP testing in Laravel projects only. Trigger whenever any test is being written, edited, fixed, or refactored — including fixing tests that broke after a code change, adding assertions, converting PHPUnit to Pest, adding datasets, and TDD workflows. Always activate when the user asks how to write something in Pest, mentions test files or directories (tests/Feature, tests/Unit, tests/Browser), or needs browser testing, smoke testing multiple pages for JS errors, or architecture tests. Covers: test()/it()/expect() syntax, datasets, mocking, browser testing (visit/click/fill), smoke testing, arch(), Livewire component tests, RefreshDatabase, and all Pest 4 features. Do not use for factories, seeders, migrations, controllers, models, or non-test PHP code."
license: MIT
metadata:
author: laravel
@@ -18,6 +18,12 @@ Use `search-docs` for detailed Pest 4 patterns and documentation.
All tests must be written using Pest. Use `php artisan make:test --pest {name}`.
The `{name}` argument should include only the path and test name, but should not include the test suite.
- Incorrect: `php artisan make:test --pest Feature/SomeFeatureTest` will generate `tests/Feature/Feature/SomeFeatureTest.php`
- Correct: `php artisan make:test --pest SomeControllerTest` will generate `tests/Feature/SomeControllerTest.php`
- Incorrect: `php artisan make:test --pest --unit Unit/SomeServiceTest` will generate `tests/Unit/Unit/SomeServiceTest.php`
- Correct: `php artisan make:test --pest --unit SomeServiceTest` will generate `tests/Unit/SomeServiceTest.php`
### Test Organization
- Unit/Feature tests: `tests/Feature` and `tests/Unit` directories.
@@ -26,6 +32,8 @@ All tests must be written using Pest. Use `php artisan make:test --pest {name}`.
### Basic Test Structure
Pest supports both `test()` and `it()` functions. Before writing new tests, check existing test files in the same directory to match the project's convention. Use `test()` if existing tests use `test()`, or `it()` if they use `it()`.
<!-- Basic Pest Test Example -->
```php
it('is true', function () {
@@ -154,4 +162,5 @@ arch('controllers')
- Using `assertStatus(200)` instead of `assertSuccessful()`
- Forgetting datasets for repetitive validation tests
- Deleting tests without approval
- Forgetting `assertNoJavaScriptErrors()` in browser tests
- Forgetting `assertNoJavaScriptErrors()` in browser tests
- Prefixing `Feature/` or `Unit/` in `{name}` when using `make:test`
.agents/skills/socialite-development/SKILL.md
+1 -1
View File
@@ -77,4 +77,4 @@ Socialite provides `Socialite::fake()` for testing redirects and callbacks. Use
- Redirect URL in `config/services.php` must exactly match the provider's OAuth dashboard (including trailing slashes and protocol).
- Do not pass `state`, `response_type`, `client_id`, `redirect_uri`, or `scope` via `with()` — these are reserved.
- Community providers require event listener registration via `SocialiteWasCalled`.
- `user()` throws when the user declines authorization. Always handle denied grants.
- `user()` throws when the user declines authorization. Always handle denied grants.
.agents/skills/tailwindcss-development/SKILL.md
+1 -1
View File
@@ -116,4 +116,4 @@ If existing pages and components support dark mode, new pages and components mus
- Using `@tailwind` directives instead of `@import "tailwindcss"`
- Trying to use `tailwind.config.js` instead of CSS `@theme` directive
- Using margins for spacing between siblings instead of gap utilities
- Forgetting to add dark mode variants when the project uses dark mode
- Forgetting to add dark mode variants when the project uses dark mode
.claude/skills/configure-nightwatch/SKILL.md
+404
View File
@@ -0,0 +1,404 @@
---
name: configure-nightwatch
description: Configures Laravel Nightwatch data collection, sampling rates, filtering rules, and redaction policies. Use when setting up Nightwatch, managing data volume, protecting sensitive data (PII), or optimizing event collection for production workloads.
license: MIT
metadata:
author: laravel
---
# Nightwatch Configuration Guide
This skill helps configure Laravel Nightwatch data collection to balance observability, performance, and privacy. Covers sampling strategies, filtering rules, and redaction methods across all event types.
## Documentation Reference
The [Nightwatch Documentation](https://nightwatch.laravel.com/docs) is the definitive and up-to-date source of information for all Nightwatch configuration options. This skill provides practical guidance and common patterns, but always consult the official documentation as the primary source of truth for specific details, environment variables, and API behavior. The documentation includes comprehensive coverage of:
- [Filtering and Configuration](https://nightwatch.laravel.com/docs/filtering) - Core concepts for sampling, filtering, and redaction
- Individual event type pages with specific configuration options:
- [Requests](https://nightwatch.laravel.com/docs/requests) - Request sampling, header handling, payload capture
- [Commands](https://nightwatch.laravel.com/docs/commands) - Command sampling and redaction
- [Queries](https://nightwatch.laravel.com/docs/queries) - Query filtering and redaction
- [Cache](https://nightwatch.laravel.com/docs/cache) - Cache event filtering by key or pattern
- [Jobs](https://nightwatch.laravel.com/docs/jobs) - Job filtering and sampling decoupling
- [Mail](https://nightwatch.laravel.com/docs/mail) - Mail event filtering
- [Notifications](https://nightwatch.laravel.com/docs/notifications) - Notification filtering by channel
- [Exceptions](https://nightwatch.laravel.com/docs/exceptions) - Exception sampling and throttling
- [Outgoing Requests](https://nightwatch.laravel.com/docs/outgoing-requests) - HTTP request filtering
- [reference.md](reference.md) - Quick lookup table by event type, production presets, and verification checklist
## Data Collection Flow
Nightwatch processes events through three stages:
1. **Sampling** - Controls which entry points are captured (requests, commands, scheduled tasks)
2. **Filtering** - Excludes specific events after sampling (queries, cache, mail, etc.)
3. **Redaction** - Modifies captured data to remove/obfuscate sensitive information
```
Request/Command/Scheduled Task
|
v
[Sampling?] ----NO----> Drop entire trace
| YES
v
Events generated
|
v
[Filtering?] ----YES---> Drop specific event
| NO
v
[Redaction] ----------> Store modified data
```
---
## Sampling Configuration
Sampling determines which entry points (requests, commands, scheduled tasks) trigger full trace collection. When an entry point is sampled, all related events are captured.
### Global Sample Rates
Configure via environment variables:
```bash
# Default: 100% sampling (all requests/commands captured)
NIGHTWATCH_REQUEST_SAMPLE_RATE=0.1 # Recommended: 10% of requests
NIGHTWATCH_COMMAND_SAMPLE_RATE=1.0 # Capture all commands
NIGHTWATCH_EXCEPTION_SAMPLE_RATE=1.0 # Always capture exceptions
```
**Recommendation**: Start with `0.1` (10%) for requests in production, adjust based on volume and needs.
### Route-Based Sampling
Apply different rates to specific routes using the `Sample` middleware:
```php routes/web.php
use Illuminate\Support\Facades\Route;
use Laravel\Nightwatch\Http\Middleware\Sample;
// Sample admin routes at 100%
Route::middleware(Sample::rate(1.0))->prefix('admin')->group(function () {
// All admin routes sampled fully
});
// Sample API routes at 5%
Route::middleware(Sample::rate(0.05))->prefix('api')->group(function () {
// API routes sampled sparingly
});
// Always sample critical endpoints
Route::post('/checkout', [CheckoutController::class, 'process'])
->middleware(Sample::always());
// Never sample health checks
Route::get('/health', [HealthController::class, 'check'])
->middleware(Sample::never());
```
### Unmatched Route Sampling
Handle 404/bot traffic with reduced sampling:
```php routes/web.php
Route::fallback(fn () => abort(404))
->middleware(Sample::rate(0.01)); // 1% sampling for unmatched routes
```
### Dynamic Sampling
Sample based on runtime conditions (user role, request attributes):
```php app/Http/Middleware/SampleAdminRequests.php
use Closure;
use Illuminate\Http\Request;
use Laravel\Nightwatch\Facades\Nightwatch;
class SampleAdminRequests
{
public function handle(Request $request, Closure $next)
{
if ($request->user()?->isAdmin()) {
Nightwatch::sample(); // Always sample admin requests
}
return $next($request);
}
}
```
### Command Sampling
Exclude specific commands from sampling:
```php AppServiceProvider.php
use Illuminate\Console\Events\CommandStarting;
use Illuminate\Support\Facades\Event;
use Laravel\Nightwatch\Facades\Nightwatch;
public function boot(): void
{
Event::listen(function (CommandStarting $event) {
if (in_array($event->command, ['schedule:finish', 'horizon:snapshot'])) {
Nightwatch::dontSample();
}
});
}
```
### Vendor Commands
Nightwatch automatically ignores framework/internal commands. Opt-in to capture them:
```php
Nightwatch::captureDefaultVendorCommands();
```
---
## Filtering Configuration
Filtering excludes specific events from collection after sampling. Use filtering to reduce noise and quota usage.
### Database Queries
**Filter all queries** (disable query collection):
```bash
NIGHTWATCH_IGNORE_QUERIES=true
```
**Filter specific queries** by SQL pattern:
```php AppServiceProvider.php
use Laravel\Nightwatch\Facades\Nightwatch;
use Laravel\Nightwatch\Records\Query;
public function boot(): void
{
// Filter job table queries (PostgreSQL)
Nightwatch::rejectQueries(function (Query $query) {
return str_contains($query->sql, 'into "jobs"');
});
// Filter cache table queries (MySQL)
Nightwatch::rejectQueries(function (Query $query) {
return str_contains($query->sql, 'from `cache`')
|| str_contains($query->sql, 'into `cache`');
});
}
```
### Cache Events
**Filter all cache events**:
```bash
NIGHTWATCH_IGNORE_CACHE_EVENTS=true
```
**Filter by cache key patterns**:
```php
Nightwatch::rejectCacheKeys([
'my-app:users', // Exact match
'/^my-app:posts:/', // Regex: starts with my-app:posts:
'/^[a-zA-Z0-9]{40}$/', // Regex: session IDs
]);
```
**Filter with callback**:
```php
use Laravel\Nightwatch\Records\CacheEvent;
Nightwatch::rejectCacheEvents(function (CacheEvent $cacheEvent) {
return str_starts_with($cacheEvent->key, 'temp:');
});
```
### Mail Events
**Filter all mail**:
```bash
NIGHTWATCH_IGNORE_MAIL=true
```
**Filter specific mail**:
```php
use Laravel\Nightwatch\Records\Mail;
Nightwatch::rejectMail(function (Mail $mail) {
return str_contains($mail->subject, 'Newsletter');
});
```
### Notification Events
**Filter all notifications**:
```bash
NIGHTWATCH_IGNORE_NOTIFICATIONS=true
```
**Filter by channel**:
```php
use Laravel\Nightwatch\Records\Notification;
Nightwatch::rejectNotifications(function (Notification $notification) {
return $notification->channel === 'database';
});
```
### Outgoing HTTP Requests
**Filter all outgoing requests**:
```bash
NIGHTWATCH_IGNORE_OUTGOING_REQUESTS=true
```
**Filter by URL**:
```php
use Laravel\Nightwatch\Records\OutgoingRequest;
Nightwatch::rejectOutgoingRequests(function (OutgoingRequest $request) {
return str_contains($request->url, 'analytics.example.com');
});
```
### Queued Jobs
**Filter specific jobs**:
```php
use Laravel\Nightwatch\Records\QueuedJob;
Nightwatch::rejectQueuedJobs(function (QueuedJob $job) {
return $job->name === 'App\Jobs\LowPriorityJob';
});
```
### Decoupling Job Sampling
Sample jobs independently from parent contexts:
```php
use Illuminate\Support\Facades\Queue;
public function boot(): void
{
Queue::before(fn () => Nightwatch::sample(rate: 0.5));
}
```
---
## Redaction Configuration
Redaction modifies captured data to remove or obfuscate sensitive information. Unlike filtering, redaction keeps the event but sanitizes its content.
### Request Redaction
**Redact sensitive headers** (automatically redacts: Authorization, Cookie, X-XSRF-TOKEN):
```bash
# Customize redacted headers
NIGHTWATCH_REDACT_HEADERS=Authorization,Cookie,Proxy-Authorization,X-API-Key
```
**Redact request payloads** (disabled by default):
```bash
# Enable payload capture
NIGHTWATCH_CAPTURE_REQUEST_PAYLOAD=true
# Customize redacted fields
NIGHTWATCH_REDACT_PAYLOAD_FIELDS=password,password_confirmation,ssn,credit_card
```
**Programmatic redaction**:
```php
use Laravel\Nightwatch\Facades\Nightwatch;
use Laravel\Nightwatch\Records\Request;
Nightwatch::redactRequests(function (Request $request) {
$request->url = str_replace('secret', '***', $request->url);
$request->ip = preg_replace('/\d+$/', '***', $request->ip);
});
```
### Query Redaction
```php
use Laravel\Nightwatch\Records\Query;
Nightwatch::redactQueries(function (Query $query) {
$query->sql = str_replace('secret_token', '***', $query->sql);
});
```
### Cache Redaction
```php
use Laravel\Nightwatch\Records\CacheEvent;
Nightwatch::redactCacheEvents(function (CacheEvent $cacheEvent) {
$cacheEvent->key = str_replace('user:', 'user:***:', $cacheEvent->key);
});
```
### Command Redaction
```php
use Laravel\Nightwatch\Records\Command;
Nightwatch::redactCommands(function (Command $command) {
$command->command = preg_replace('/--password=\S+/', '--password=***', $command->command);
});
```
### Exception Redaction
```php
use Laravel\Nightwatch\Records\Exception;
Nightwatch::redactExceptions(function (Exception $exception) {
$exception->message = str_replace('secret', '***', $exception->message);
});
```
### Mail Redaction
```php
use Laravel\Nightwatch\Records\Mail;
Nightwatch::redactMail(function (Mail $mail) {
$mail->subject = str_replace('Invoice #', 'Invoice ***', $mail->subject);
});
```
### Outgoing Request Redaction
```php
use Laravel\Nightwatch\Records\OutgoingRequest;
Nightwatch::redactOutgoingRequests(function (OutgoingRequest $outgoingRequest) {
$outgoingRequest->url = preg_replace('/api_key=\w+/', 'api_key=***', $outgoingRequest->url);
});
```
.claude/skills/configure-nightwatch/reference.md
+108
View File
@@ -0,0 +1,108 @@
# Nightwatch Configuration Reference
## Configuration Summary by Event Type
| Event Type | Sampling | Filtering | Redaction |
| --------------------- | -------------------------------------------------- | ---------------------------------------------------------------------------- | ------------------------- |
| **Requests** | `NIGHTWATCH_REQUEST_SAMPLE_RATE`, Route middleware | Not applicable | Headers, payload, URL, IP |
| **Commands** | `NIGHTWATCH_COMMAND_SAMPLE_RATE`, Event listener | Not applicable | Command arguments |
| **Queries** | Parent context | `rejectQueries()`, `NIGHTWATCH_IGNORE_QUERIES` | SQL statement |
| **Cache** | Parent context | `rejectCacheKeys()`, `rejectCacheEvents()`, `NIGHTWATCH_IGNORE_CACHE_EVENTS` | Cache key |
| **Jobs** | Parent context, Queue::before | `rejectQueuedJobs()` | Not applicable |
| **Mail** | Parent context | `rejectMail()`, `NIGHTWATCH_IGNORE_MAIL` | Subject |
| **Notifications** | Parent context | `rejectNotifications()`, `NIGHTWATCH_IGNORE_NOTIFICATIONS` | Not applicable |
| **Outgoing Requests** | Parent context | `rejectOutgoingRequests()`, `NIGHTWATCH_IGNORE_OUTGOING_REQUESTS` | URL |
| **Exceptions** | `NIGHTWATCH_EXCEPTION_SAMPLE_RATE` | Not applicable | Exception message |
---
## Production Recommendations
### High-Traffic Applications
```bash
# Conservative sampling
NIGHTWATCH_REQUEST_SAMPLE_RATE=0.01 # 1% of requests
NIGHTWATCH_COMMAND_SAMPLE_RATE=0.1 # 10% of commands
NIGHTWATCH_EXCEPTION_SAMPLE_RATE=1.0 # Always capture exceptions
# Filter noisy events
NIGHTWATCH_IGNORE_CACHE_EVENTS=true
NIGHTWATCH_IGNORE_QUERIES=true # Or filter specific queries programmatically
```
### Privacy-Conscious Applications
```bash
# Disable sensitive data collection
NIGHTWATCH_CAPTURE_REQUEST_PAYLOAD=false
NIGHTWATCH_REDACT_HEADERS=Authorization,Cookie,Proxy-Authorization,X-XSRF-TOKEN
# Or use redaction in AppServiceProvider
```
### Balanced Configuration (Recommended Start)
```bash
# Sample rates
NIGHTWATCH_REQUEST_SAMPLE_RATE=0.1
NIGHTWATCH_COMMAND_SAMPLE_RATE=1.0
NIGHTWATCH_EXCEPTION_SAMPLE_RATE=1.0
# Filter obvious noise programmatically
# Redact PII as needed
```
---
## Verification Checklist
After configuration:
- [ ] Sampling rates appropriate for traffic volume
- [ ] Noisy events filtered (cache, certain queries)
- [ ] Sensitive data redacted (PII, tokens, credentials)
- [ ] Exceptions always captured for debugging
- [ ] Test in development with `NIGHTWATCH_REQUEST_SAMPLE_RATE=1.0`
- [ ] Monitor event quota usage in Nightwatch dashboard
---
## Common Patterns
### Filter Health Checks + Reduce Sampling
```php
Route::get('/health', fn() => ['status' => 'ok'])
->middleware(Sample::never());
```
### Exclude Internal/Vendor Queries
```php
Nightwatch::rejectQueries(fn($q) =>
str_contains($q->sql, 'telescope') ||
str_contains($q->sql, 'pulse')
);
```
### Protect User Data in Cache Keys
```php
Nightwatch::redactCacheEvents(fn($e) =>
$e->key = preg_replace('/user:\d+/', 'user:***', $e->key)
);
```
.claude/skills/configuring-horizon/SKILL.md
+1 -1
View File
@@ -82,4 +82,4 @@ protected function gate(): void
- The `environments` array overrides only the keys you specify. It merges into `defaults` and does not replace it.
- The timeout chain must be ordered: job `timeout` less than supervisor `timeout` less than `retry_after`. The wrong order can cause jobs to be retried before Horizon finishes timing them out.
- The metrics dashboard stays blank until `horizon:snapshot` is scheduled. Running `php artisan horizon` alone does not populate metrics.
- Always use `search-docs` for the latest Horizon documentation rather than relying on this skill alone.
- Always use `search-docs` for the latest Horizon documentation rather than relying on this skill alone.
.claude/skills/configuring-horizon/references/metrics.md
+1 -1
View File
@@ -18,4 +18,4 @@ A single manual run populates the dashboard momentarily but will not keep it upd
### `metrics.trim_snapshots` is a snapshot count, not a time duration
The `trim_snapshots.job` and `trim_snapshots.queue` values in `config/horizon.php` are counts of snapshots to keep, not minutes or hours. With the default of 24 snapshots at 5-minute intervals, that provides 2 hours of history. Increase the value to retain more history at the cost of Redis memory usage.
The `trim_snapshots.job` and `trim_snapshots.queue` values in `config/horizon.php` are counts of snapshots to keep, not minutes or hours. With the default of 24 snapshots at 5-minute intervals, that provides 2 hours of history. Increase the value to retain more history at the cost of Redis memory usage.
.claude/skills/configuring-horizon/references/notifications.md
+1 -1
View File
@@ -18,4 +18,4 @@ Configure notifications in the `boot()` method of `App\Providers\HorizonServiceP
### Failed job alerts are separate from Horizon's documented notification routing
Horizon's 12.x documentation covers built-in long-wait notifications. Do not assume the docs provide a `JobFailed` listener example in `HorizonServiceProvider`. If a user needs failed job alerts, treat that as custom queue event handling and consult the queue documentation instead of Horizon's notification-routing API.
Horizon's 12.x documentation covers built-in long-wait notifications. Do not assume the docs provide a `JobFailed` listener example in `HorizonServiceProvider`. If a user needs failed job alerts, treat that as custom queue event handling and consult the queue documentation instead of Horizon's notification-routing API.
.claude/skills/configuring-horizon/references/supervisors.md
+1 -1
View File
@@ -24,4 +24,4 @@ Auto-balancing suits variable load, but if a queue should always have exactly N
### Set `balanceCooldown` to prevent rapid worker scaling under bursty load
When using `balance: auto`, the supervisor can scale up and down rapidly under bursty load. Set `balanceCooldown` to the number of seconds between scaling decisions, typically 3 to 5, to smooth this out. `balanceMaxShift` limits how many processes are added or removed per cycle.
When using `balance: auto`, the supervisor can scale up and down rapidly under bursty load. Set `balanceCooldown` to the number of seconds between scaling decisions, typically 3 to 5, to smooth this out. `balanceMaxShift` limits how many processes are added or removed per cycle.
.claude/skills/configuring-horizon/references/tags.md
+1 -1
View File
@@ -18,4 +18,4 @@ Adding a job class to the `silenced` array in `config/horizon.php` removes it fr
### `silenced_tags` hides all jobs carrying a matching tag from the completed list
Any job carrying a matching tag string is hidden from the completed jobs view. This is useful for silencing a category of jobs such as all jobs tagged `notifications`, rather than silencing specific classes.
Any job carrying a matching tag string is hidden from the completed jobs view. This is useful for silencing a category of jobs such as all jobs tagged `notifications`, rather than silencing specific classes.
.claude/skills/debugging-output-and-previewing-html-using-ray/SKILL.md
+1 -1
View File
@@ -411,4 +411,4 @@ curl -X POST http://localhost:23517/ \
| `remove` | (empty) | Remove entry |
| `confetti` | (empty) | Confetti animation |
| `show_app` | (empty) | Show Ray window |
| `hide_app` | (empty) | Hide Ray window |
| `hide_app` | (empty) | Hide Ray window |
.claude/skills/fortify-development/SKILL.md
+22 -2
View File
@@ -1,6 +1,6 @@
---
name: fortify-development
description: 'ACTIVATE when the user works on authentication in Laravel. This includes login, registration, password reset, email verification, two-factor authentication (2FA/TOTP/QR codes/recovery codes), profile updates, password confirmation, or any auth-related routes and controllers. Activate when the user mentions Fortify, auth, authentication, login, register, signup, forgot password, verify email, 2FA, or references app/Actions/Fortify/, CreateNewUser, UpdateUserProfileInformation, FortifyServiceProvider, config/fortify.php, or auth guards. Fortify is the frontend-agnostic authentication backend for Laravel that registers all auth routes and controllers. Also activate when building SPA or headless authentication, customizing login redirects, overriding response contracts like LoginResponse, or configuring login throttling. Do NOT activate for Laravel Passport (OAuth2 API tokens), Socialite (OAuth social login), or non-auth Laravel features.'
description: 'ACTIVATE when the user works on authentication in Laravel. This includes login, registration, password reset, email verification, two-factor authentication (2FA/TOTP/QR codes/recovery codes), passkeys, profile updates, password confirmation, or any auth-related routes and controllers. Activate when the user mentions Fortify, auth, authentication, login, register, signup, forgot password, verify email, 2FA, passkeys, WebAuthn, or references app/Actions/Fortify/, CreateNewUser, UpdateUserProfileInformation, FortifyServiceProvider, config/fortify.php, or auth guards. Fortify is the frontend-agnostic authentication backend for Laravel that registers all auth routes and controllers. Also activate when building SPA or headless authentication, customizing login redirects, overriding response contracts like LoginResponse, or configuring login throttling. Do NOT activate for Laravel Passport (OAuth2 API tokens), Socialite (OAuth social login), or non-auth Laravel features.'
license: MIT
metadata:
author: laravel
@@ -32,6 +32,7 @@ Enable in `config/fortify.php` features array:
- `Features::updateProfileInformation()` - Profile updates
- `Features::updatePasswords()` - Password changes
- `Features::twoFactorAuthentication()` - 2FA with QR codes and recovery codes
- `Features::passkeys()` - Passwordless authentication with WebAuthn passkeys
> Use `search-docs` for feature configuration options and customization patterns.
@@ -50,6 +51,18 @@ Enable in `config/fortify.php` features array:
> Use `search-docs` for TOTP implementation and recovery code handling patterns.
### Passkeys Setup
```
- [ ] Add PasskeyAuthenticatable trait to User model and implement PasskeyUser
- [ ] Enable passkeys feature in config/fortify.php
- [ ] If the passkeys table migration is missing, publish via `php artisan vendor:publish --tag=fortify-migrations` and migrate
- [ ] Configure passkeys relying_party_id, allowed_origins, user_handle_secret, and timeout if defaults are not suitable
- [ ] Build UI with @laravel/passkeys for registration, login, confirmation, and deletion
```
> Use `search-docs` for passkey configuration options. For `@laravel/passkeys` frontend usage, refer to the package's README on npm.
### Email Verification Setup
```
@@ -128,4 +141,11 @@ Configure via `fortify.limiters.login` in config. Default configuration throttle
| Confirm 2FA | POST | `/user/confirmed-two-factor-authentication` |
| 2FA Challenge | POST | `/two-factor-challenge` |
| Get QR Code | GET | `/user/two-factor-qr-code` |
| Recovery Codes | GET/POST | `/user/two-factor-recovery-codes` |
| Recovery Codes | GET/POST | `/user/two-factor-recovery-codes` |
| Passkey Login Options | GET | `/passkeys/login/options` |
| Passkey Login | POST | `/passkeys/login` |
| Passkey Confirm Options| GET | `/passkeys/confirm/options` |
| Passkey Confirm | POST | `/passkeys/confirm` |
| Passkey Options | GET | `/user/passkeys/options` |
| Register Passkey | POST | `/user/passkeys` |
| Delete Passkey | DELETE | `/user/passkeys/{passkey}` |
.claude/skills/laravel-actions/SKILL.md
+1 -1
View File
@@ -299,4 +299,4 @@ Use these references for deep dives by entrypoint/topic. Keep `SKILL.md` focused
- Command entrypoint: `references/command.md`
- With attributes: `references/with-attributes.md`
- Testing and fakes: `references/testing-fakes.md`
- Troubleshooting: `references/troubleshooting.md`
- Troubleshooting: `references/troubleshooting.md`
.claude/skills/laravel-actions/references/command.md
+1 -1
View File
@@ -157,4 +157,4 @@ $this->artisan('users:update-role 1 admin')
## References
- https://www.laravelactions.com/2.x/as-command.html
- https://www.laravelactions.com/2.x/as-command.html
.claude/skills/laravel-actions/references/controller.md
+1 -1
View File
@@ -336,4 +336,4 @@ public function getAuthorizationFailure(): void
## References
- https://www.laravelactions.com/2.x/as-controller.html
- https://www.laravelactions.com/2.x/as-controller.html
.claude/skills/laravel-actions/references/job.md
+1 -1
View File
@@ -422,4 +422,4 @@ public function jobFailed(?Throwable $e, ...$parameters): void
## References
- https://www.laravelactions.com/2.x/as-job.html
- https://www.laravelactions.com/2.x/as-job.html
.claude/skills/laravel-actions/references/listener.md
+1 -1
View File
@@ -78,4 +78,4 @@ Event::assertDispatched(TaxiRequested::class);
## References
- https://www.laravelactions.com/2.x/as-listener.html
- https://www.laravelactions.com/2.x/as-listener.html
.claude/skills/laravel-actions/references/object.md
+1 -1
View File
@@ -115,4 +115,4 @@ final class ArticleService
return $this->publishArticle->handle($articleId);
}
}
```
```
.claude/skills/laravel-actions/references/testing-fakes.md
+1 -1
View File
@@ -157,4 +157,4 @@ it('does not run sync when integration is disabled', function () {
## References
- https://www.laravelactions.com/2.x/as-fake.html
- https://www.laravelactions.com/2.x/as-fake.html
.claude/skills/laravel-actions/references/troubleshooting.md
+1 -1
View File
@@ -30,4 +30,4 @@ Use this reference when action wiring behaves unexpectedly.
- Reproduce with a focused failing test.
- Validate wiring layer first, then domain behavior.
- Isolate dependencies with fakes/spies where appropriate.
- Isolate dependencies with fakes/spies where appropriate.
.claude/skills/laravel-actions/references/with-attributes.md
+1 -1
View File
@@ -186,4 +186,4 @@ $article = $action->handle($validated);
## References
- https://www.laravelactions.com/2.x/with-attributes.html
- https://www.laravelactions.com/2.x/with-attributes.html
.claude/skills/laravel-best-practices/SKILL.md
+2 -2
View File
@@ -94,7 +94,7 @@ Check sibling files, related controllers, models, or tests for established patte
### 9. Queue & Job Patterns → `rules/queue-jobs.md`
- `retry_after` must exceed job `timeout`; use exponential backoff `[1, 5, 10]`
- `ShouldBeUnique` to prevent duplicates; `WithoutOverlapping::untilProcessing()` for concurrency
- `ShouldBeUnique` to prevent duplicates; `ShouldBeUniqueUntilProcessing` for early lock release
- Always implement `failed()`; with `retryUntil()`, set `$tries = 0`
- `RateLimited` middleware for external API calls; `Bus::batch()` for related jobs
- Horizon for complex multi-queue scenarios
@@ -187,4 +187,4 @@ Always use a sub-agent to read rule files and explore this skill's content.
1. Identify the file type and select relevant sections (e.g., migration → §16, controller → §1, §3, §5, §6, §10)
2. Check sibling files for existing patterns — follow those first per Consistency First
3. Verify API syntax with `search-docs` for the installed Laravel version
3. Verify API syntax with `search-docs` for the installed Laravel version
.claude/skills/laravel-best-practices/rules/advanced-queries.md
+1 -1
View File
@@ -103,4 +103,4 @@ public function scopeOrderByLastLogin($query): void
->take(1)
);
}
```
```
.claude/skills/laravel-best-practices/rules/architecture.md
+2 -2
View File
@@ -82,7 +82,7 @@ $this->app->bind(PaymentGateway::class, StripeGateway::class);
## Default Sort by Descending
When no explicit order is specified, sort by `id` or `created_at` descending. Explicit ordering prevents cross-database inconsistencies between MySQL and Postgres.
When no explicit order is specified, sort by `id` or `created_at` descending. Without an explicit `ORDER BY`, row order is undefined.
Incorrect:
```php
@@ -199,4 +199,4 @@ class Customer extends Model
return $this->belongsToMany(Role::class);
}
}
```
```
.claude/skills/laravel-best-practices/rules/blade-views.md
+1 -1
View File
@@ -33,4 +33,4 @@ return view('dashboard', compact('users'))
## Use `@aware` for Deeply Nested Component Props
Avoids re-passing parent props through every level of nested components.
Avoids re-passing parent props through every level of nested components.
.claude/skills/laravel-best-practices/rules/caching.md
+2 -2
View File
@@ -2,7 +2,7 @@
## Use `Cache::remember()` Instead of Manual Get/Put
Atomic pattern prevents race conditions and removes boilerplate.
Cleaner cache-aside pattern that removes boilerplate. use `Cache::lock()` for race conditions.
Incorrect:
```php
@@ -67,4 +67,4 @@ If Redis goes down, the app falls back to a secondary store automatically.
```php
'failover' => ['driver' => 'failover', 'stores' => ['redis', 'database']],
```
```
.claude/skills/laravel-best-practices/rules/collections.md
+1 -1
View File
@@ -41,4 +41,4 @@ More declarative than overriding `newCollection()`.
```php
#[CollectedBy(UserCollection::class)]
class User extends Model {}
```
```
.claude/skills/laravel-best-practices/rules/config.md
+2 -2
View File
@@ -2,7 +2,7 @@
## `env()` Only in Config Files
Direct `env()` calls return `null` when config is cached.
Direct `env()` calls may return `null` when config is cached.
Incorrect:
```php
@@ -70,4 +70,4 @@ If the application already uses language files for localization, use `__()` for
```php
// Only when lang files already exist in the project
return back()->with('message', __('app.article_added'));
```
```
.claude/skills/laravel-best-practices/rules/db-performance.md
+1 -1
View File
@@ -189,4 +189,4 @@ return view('users.index', compact('users'));
@foreach ($users as $user)
{{ $user->profile->name }}
@endforeach
```
```
.claude/skills/laravel-best-practices/rules/eloquent.md
+1 -1
View File
@@ -145,4 +145,4 @@ Order::where('status', 'pending')->get();
Prefer Eloquent queries and relationships over `DB::table()` whenever possible — they already reference the model's table. When `DB::table()` or raw joins are unavoidable, always use `(new Model)->getTable()` to keep the reference traceable.
**Exception — migrations:** In migrations, hardcoded table names via `DB::table('settings')` are acceptable and preferred. Models change over time but migrations are frozen snapshots — referencing a model that is later renamed or deleted would break the migration.
**Exception — migrations:** In migrations, hardcoded table names via `DB::table('settings')` are acceptable and preferred. Models change over time but migrations are frozen snapshots — referencing a model that is later renamed or deleted would break the migration.
.claude/skills/laravel-best-practices/rules/error-handling.md
+1 -1
View File
@@ -69,4 +69,4 @@ class InvalidOrderException extends Exception
return ['order_id' => $this->orderId];
}
}
```
```
.claude/skills/laravel-best-practices/rules/events-notifications.md
+6 -2
View File
@@ -29,7 +29,11 @@ class InvoicePaid extends Notification implements ShouldQueue
## Use `afterCommit()` on Notifications in Transactions
Same race condition as events — the queued notification job may run before the transaction commits.
Same race condition as events — call `afterCommit()` to delay dispatch until the transaction commits.
```php
$user->notify((new InvoicePaid($invoice))->afterCommit());
```
## Route Notification Channels to Dedicated Queues
@@ -45,4 +49,4 @@ Notification::route('mail', 'admin@example.com')->notify(new SystemAlert());
## Implement `HasLocalePreference` on Notifiable Models
Laravel automatically uses the user's preferred locale for all notifications and mailables — no per-call `locale()` needed.
Laravel automatically uses the user's preferred locale for all notifications and mailables — no per-call `locale()` needed.
.claude/skills/laravel-best-practices/rules/http-client.md
+2 -2
View File
@@ -52,7 +52,7 @@ $response = Http::retry([100, 500, 1000])
Only retry on specific errors:
```php
$response = Http::retry(3, 100, function (Exception $exception, PendingRequest $request) {
$response = Http::retry(3, 100, function (Throwable $exception, PendingRequest $request) {
return $exception instanceof ConnectionException
|| ($exception instanceof RequestException && $exception->response->serverError());
})->post('https://api.example.com/data');
@@ -157,4 +157,4 @@ Test failure scenarios too:
Http::fake([
'api.example.com/*' => Http::failedConnection(),
]);
```
```
.claude/skills/laravel-best-practices/rules/mail.md
+2 -2
View File
@@ -10,7 +10,7 @@ A queued mailable dispatched inside a transaction may process before the commit.
## Use `assertQueued()` Not `assertSent()` for Queued Mailables
`Mail::assertSent()` only catches synchronous mail. Queued mailables silently pass `assertSent`, giving false confidence.
`Mail::assertSent()` only catches synchronous mail. Queued mailables fail `assertSent` with a "Did you mean to use assertQueued()?" hint.
Incorrect: `Mail::assertSent(OrderShipped::class);` when mailable implements `ShouldQueue`.
@@ -24,4 +24,4 @@ Markdown mailables auto-generate both HTML and plain-text versions, use responsi
Content tests: instantiate the mailable directly, call `assertSeeInHtml()`.
Sending tests: use `Mail::fake()` and `assertSent()`/`assertQueued()`.
Don't mix them — it conflates concerns and makes tests brittle.
Don't mix them — it conflates concerns and makes tests brittle.
.claude/skills/laravel-best-practices/rules/migrations.md
+1 -1
View File
@@ -118,4 +118,4 @@ Schema::create('settings', function (Blueprint $table) { ... });
// Migration 2: seed_default_settings
DB::table('settings')->insert(['key' => 'version', 'value' => '1.0']);
```
```
.claude/skills/laravel-best-practices/rules/queue-jobs.md
+6 -8
View File
@@ -106,25 +106,23 @@ When using time-based retry limits, set `$tries = 0` to avoid premature failure.
```php
public $tries = 0;
public function retryUntil(): DateTime
public function retryUntil(): \DateTimeInterface
{
return now()->addHours(4);
}
```
## Use `WithoutOverlapping::untilProcessing()`
## Use `ShouldBeUniqueUntilProcessing` for Early Lock Release
Prevents concurrent execution while allowing new instances to queue.
`ShouldBeUnique` holds the lock until the job completes. `ShouldBeUniqueUntilProcessing` releases it when processing starts, allowing new instances to queue.
```php
public function middleware(): array
class UpdateSearchIndex implements ShouldQueue, ShouldBeUniqueUntilProcessing
{
return [new WithoutOverlapping($this->product->id)->untilProcessing()];
// Lock releases when processing begins, not when it finishes
}
```
Without `untilProcessing()`, the lock extends through queue wait time. With it, the lock releases when processing starts.
## Use Horizon for Complex Queue Scenarios
Use Laravel Horizon when you need monitoring, auto-scaling, failure tracking, or multiple queues with different priorities.
@@ -143,4 +141,4 @@ Use Laravel Horizon when you need monitoring, auto-scaling, failure tracking, or
],
],
],
```
```
.claude/skills/laravel-best-practices/rules/routing.md
+3 -2
View File
@@ -36,7 +36,8 @@ Use `Route::resource()` or `apiResource()` for RESTful endpoints.
```php
Route::resource('posts', PostController::class);
Route::apiResource('api/posts', Api\PostController::class);
// In routes/api.php — the /api prefix is applied automatically
Route::apiResource('posts', Api\PostController::class);
```
## Keep Controllers Thin
@@ -95,4 +96,4 @@ public function store(StorePostRequest $request): RedirectResponse
return redirect()->route('posts.index');
}
```
```
.claude/skills/laravel-best-practices/rules/scheduling.md
+1 -1
View File
@@ -36,4 +36,4 @@ Schedule::daily()
Schedule::command('emails:send --force');
Schedule::command('emails:prune');
});
```
```
.claude/skills/laravel-best-practices/rules/security.md
+4 -4
View File
@@ -32,7 +32,7 @@ Use policies or gates in controllers. Never skip authorization.
Incorrect:
```php
public function update(Request $request, Post $post)
public function update(UpdatePostRequest $request, Post $post)
{
$post->update($request->validated());
}
@@ -90,7 +90,7 @@ Correct:
## CSRF Protection
Include `@csrf` in all POST/PUT/DELETE Blade forms. Not needed in Inertia.
Include `@csrf` in all POST/PUT/DELETE Blade forms. In Inertia apps, the `@csrf` directive is automatically applied.
Incorrect:
```blade
@@ -121,7 +121,7 @@ Route::post('/login', LoginController::class)->middleware('throttle:login');
## Validate File Uploads
Validate MIME type, extension, and size. Never trust client-provided filenames.
Validate extension, MIME type, and size. The `mimes` rule checks extensions; use `mimetypes` for actual MIME type validation. Never trust client-provided filenames.
```php
public function rules(): array
@@ -195,4 +195,4 @@ class Integration extends Model
];
}
}
```
```
.claude/skills/laravel-best-practices/rules/style.md
BIN
View File
Binary file not shown.
.claude/skills/laravel-best-practices/rules/testing.md
+2 -2
View File
@@ -2,7 +2,7 @@
## Use `LazilyRefreshDatabase` Over `RefreshDatabase`
`RefreshDatabase` runs all migrations every test run even when the schema hasn't changed. `LazilyRefreshDatabase` only migrates when needed, significantly speeding up large suites.
`RefreshDatabase` migrates once per process and wraps each test in a rolled-back transaction. `LazilyRefreshDatabase` skips even that first migration if the schema is already up to date.
## Use Model Assertions Over Raw Database Assertions
@@ -40,4 +40,4 @@ Without `recycle()`, nested factories create separate instances of the same conc
Ticket::factory()
->recycle(Airline::factory()->create())
->create();
```
```
.claude/skills/laravel-best-practices/rules/validation.md
+1 -1
View File
@@ -72,4 +72,4 @@ public function after(): array
},
];
}
```
```
.claude/skills/livewire-development/SKILL.md
+1 -1
View File
@@ -112,4 +112,4 @@ $this->get('/posts/create')
- Forgetting `wire:key` in loops causes unexpected behavior when items change
- Using `wire:model` expecting real-time updates (use `wire:model.live` instead in v3)
- Not validating/authorizing in Livewire actions (treat them like HTTP requests)
- Including Alpine.js separately when it's already bundled with Livewire 3
- Including Alpine.js separately when it's already bundled with Livewire 3
.claude/skills/mcp-development/SKILL.md
+96
View File
@@ -0,0 +1,96 @@
---
name: mcp-development
description: "Use this skill for Laravel MCP development only. Trigger when creating or editing MCP tools, resources, prompts, or servers in Laravel projects. Covers: artisan make:mcp-* generators, mcp:inspector, routes/ai.php, Tool/Resource/Prompt classes, schema validation, shouldRegister(), OAuth setup, URI templates, read-only attributes, and MCP debugging. Do not use for non-Laravel MCP projects or generic AI features without MCP."
license: MIT
metadata:
author: laravel
---
# MCP Development
## Documentation
Use `search-docs` for detailed Laravel MCP patterns and documentation.
## Basic Usage
Register MCP servers in `routes/ai.php`:
<!-- Register MCP Server -->
```php
use Laravel\Mcp\Facades\Mcp;
Mcp::web();
```
### Creating MCP Primitives
Create MCP tools, resources, prompts, and servers using artisan commands:
```bash
php artisan make:mcp-tool ToolName # Create a tool
php artisan make:mcp-resource ResourceName # Create a resource
php artisan make:mcp-prompt PromptName # Create a prompt
php artisan make:mcp-server ServerName # Create a server
```
After creating primitives, register them in your server's `$tools`, `$resources`, or `$prompts` properties.
### Tools
<!-- MCP Tool Example -->
```php
use Laravel\Mcp\Server\Tool;
use Laravel\Mcp\Server\Request;
use Laravel\Mcp\Server\Response;
class MyTool extends Tool
{
public function handle(Request $request): Response
{
return new Response(['result' => 'success']);
}
}
```
### Registering Primitives in a Server
Each MCP server must explicitly declare the tools, resources, and prompts it exposes.
<!-- Register Primitives in MCP Server -->
```php
use Laravel\Mcp\Server;
class AppServer extends Server
{
protected array $tools = [
\App\Mcp\Tools\MyTool::class,
];
protected array $resources = [
\App\Mcp\Resources\MyResource::class,
];
protected array $prompts = [
\App\Mcp\Prompts\MyPrompt::class,
];
}
```
## Verification
1. Check `routes/ai.php` for proper registration
2. Test tool via MCP client
## Common Pitfalls
- Running `mcp:start` command (it hangs waiting for input)
- Using HTTPS locally with Node-based MCP clients
- Not using `search-docs` for the latest MCP documentation
- Not registering MCP server routes in `routes/ai.php`
- Do not register `ai.php` in `bootstrap.php`; it is registered automatically.
- OAuth registration supports custom URI schemes (e.g., `cursor://`, `vscode://`) for native desktop clients via `mcp.custom_schemes` config
.claude/skills/pest-testing/SKILL.md
+11 -2
View File
@@ -1,6 +1,6 @@
---
name: pest-testing
description: "Use this skill for Pest PHP testing in Laravel projects only. Trigger whenever any test is being written, edited, fixed, or refactored — including fixing tests that broke after a code change, adding assertions, converting PHPUnit to Pest, adding datasets, and TDD workflows. Always activate when the user asks how to write something in Pest, mentions test files or directories (tests/Feature, tests/Unit, tests/Browser), or needs browser testing, smoke testing multiple pages for JS errors, or architecture tests. Covers: it()/expect() syntax, datasets, mocking, browser testing (visit/click/fill), smoke testing, arch(), Livewire component tests, RefreshDatabase, and all Pest 4 features. Do not use for factories, seeders, migrations, controllers, models, or non-test PHP code."
description: "Use this skill for Pest PHP testing in Laravel projects only. Trigger whenever any test is being written, edited, fixed, or refactored — including fixing tests that broke after a code change, adding assertions, converting PHPUnit to Pest, adding datasets, and TDD workflows. Always activate when the user asks how to write something in Pest, mentions test files or directories (tests/Feature, tests/Unit, tests/Browser), or needs browser testing, smoke testing multiple pages for JS errors, or architecture tests. Covers: test()/it()/expect() syntax, datasets, mocking, browser testing (visit/click/fill), smoke testing, arch(), Livewire component tests, RefreshDatabase, and all Pest 4 features. Do not use for factories, seeders, migrations, controllers, models, or non-test PHP code."
license: MIT
metadata:
author: laravel
@@ -18,6 +18,12 @@ Use `search-docs` for detailed Pest 4 patterns and documentation.
All tests must be written using Pest. Use `php artisan make:test --pest {name}`.
The `{name}` argument should include only the path and test name, but should not include the test suite.
- Incorrect: `php artisan make:test --pest Feature/SomeFeatureTest` will generate `tests/Feature/Feature/SomeFeatureTest.php`
- Correct: `php artisan make:test --pest SomeControllerTest` will generate `tests/Feature/SomeControllerTest.php`
- Incorrect: `php artisan make:test --pest --unit Unit/SomeServiceTest` will generate `tests/Unit/Unit/SomeServiceTest.php`
- Correct: `php artisan make:test --pest --unit SomeServiceTest` will generate `tests/Unit/SomeServiceTest.php`
### Test Organization
- Unit/Feature tests: `tests/Feature` and `tests/Unit` directories.
@@ -26,6 +32,8 @@ All tests must be written using Pest. Use `php artisan make:test --pest {name}`.
### Basic Test Structure
Pest supports both `test()` and `it()` functions. Before writing new tests, check existing test files in the same directory to match the project's convention. Use `test()` if existing tests use `test()`, or `it()` if they use `it()`.
<!-- Basic Pest Test Example -->
```php
it('is true', function () {
@@ -154,4 +162,5 @@ arch('controllers')
- Using `assertStatus(200)` instead of `assertSuccessful()`
- Forgetting datasets for repetitive validation tests
- Deleting tests without approval
- Forgetting `assertNoJavaScriptErrors()` in browser tests
- Forgetting `assertNoJavaScriptErrors()` in browser tests
- Prefixing `Feature/` or `Unit/` in `{name}` when using `make:test`
.claude/skills/socialite-development/SKILL.md
+1 -1
View File
@@ -77,4 +77,4 @@ Socialite provides `Socialite::fake()` for testing redirects and callbacks. Use
- Redirect URL in `config/services.php` must exactly match the provider's OAuth dashboard (including trailing slashes and protocol).
- Do not pass `state`, `response_type`, `client_id`, `redirect_uri`, or `scope` via `with()` — these are reserved.
- Community providers require event listener registration via `SocialiteWasCalled`.
- `user()` throws when the user declines authorization. Always handle denied grants.
- `user()` throws when the user declines authorization. Always handle denied grants.
.claude/skills/tailwindcss-development/SKILL.md
+1 -1
View File
@@ -116,4 +116,4 @@ If existing pages and components support dark mode, new pages and components mus
- Using `@tailwind` directives instead of `@import "tailwindcss"`
- Trying to use `tailwind.config.js` instead of CSS `@theme` directive
- Using margins for spacing between siblings instead of gap utilities
- Forgetting to add dark mode variants when the project uses dark mode
- Forgetting to add dark mode variants when the project uses dark mode
.cursor/skills/configure-nightwatch/SKILL.md
+404
View File
@@ -0,0 +1,404 @@
---
name: configure-nightwatch
description: Configures Laravel Nightwatch data collection, sampling rates, filtering rules, and redaction policies. Use when setting up Nightwatch, managing data volume, protecting sensitive data (PII), or optimizing event collection for production workloads.
license: MIT
metadata:
author: laravel
---
# Nightwatch Configuration Guide
This skill helps configure Laravel Nightwatch data collection to balance observability, performance, and privacy. Covers sampling strategies, filtering rules, and redaction methods across all event types.
## Documentation Reference
The [Nightwatch Documentation](https://nightwatch.laravel.com/docs) is the definitive and up-to-date source of information for all Nightwatch configuration options. This skill provides practical guidance and common patterns, but always consult the official documentation as the primary source of truth for specific details, environment variables, and API behavior. The documentation includes comprehensive coverage of:
- [Filtering and Configuration](https://nightwatch.laravel.com/docs/filtering) - Core concepts for sampling, filtering, and redaction
- Individual event type pages with specific configuration options:
- [Requests](https://nightwatch.laravel.com/docs/requests) - Request sampling, header handling, payload capture
- [Commands](https://nightwatch.laravel.com/docs/commands) - Command sampling and redaction
- [Queries](https://nightwatch.laravel.com/docs/queries) - Query filtering and redaction
- [Cache](https://nightwatch.laravel.com/docs/cache) - Cache event filtering by key or pattern
- [Jobs](https://nightwatch.laravel.com/docs/jobs) - Job filtering and sampling decoupling
- [Mail](https://nightwatch.laravel.com/docs/mail) - Mail event filtering
- [Notifications](https://nightwatch.laravel.com/docs/notifications) - Notification filtering by channel
- [Exceptions](https://nightwatch.laravel.com/docs/exceptions) - Exception sampling and throttling
- [Outgoing Requests](https://nightwatch.laravel.com/docs/outgoing-requests) - HTTP request filtering
- [reference.md](reference.md) - Quick lookup table by event type, production presets, and verification checklist
## Data Collection Flow
Nightwatch processes events through three stages:
1. **Sampling** - Controls which entry points are captured (requests, commands, scheduled tasks)
2. **Filtering** - Excludes specific events after sampling (queries, cache, mail, etc.)
3. **Redaction** - Modifies captured data to remove/obfuscate sensitive information
```
Request/Command/Scheduled Task
|
v
[Sampling?] ----NO----> Drop entire trace
| YES
v
Events generated
|
v
[Filtering?] ----YES---> Drop specific event
| NO
v
[Redaction] ----------> Store modified data
```
---
## Sampling Configuration
Sampling determines which entry points (requests, commands, scheduled tasks) trigger full trace collection. When an entry point is sampled, all related events are captured.
### Global Sample Rates
Configure via environment variables:
```bash
# Default: 100% sampling (all requests/commands captured)
NIGHTWATCH_REQUEST_SAMPLE_RATE=0.1 # Recommended: 10% of requests
NIGHTWATCH_COMMAND_SAMPLE_RATE=1.0 # Capture all commands
NIGHTWATCH_EXCEPTION_SAMPLE_RATE=1.0 # Always capture exceptions
```
**Recommendation**: Start with `0.1` (10%) for requests in production, adjust based on volume and needs.
### Route-Based Sampling
Apply different rates to specific routes using the `Sample` middleware:
```php routes/web.php
use Illuminate\Support\Facades\Route;
use Laravel\Nightwatch\Http\Middleware\Sample;
// Sample admin routes at 100%
Route::middleware(Sample::rate(1.0))->prefix('admin')->group(function () {
// All admin routes sampled fully
});
// Sample API routes at 5%
Route::middleware(Sample::rate(0.05))->prefix('api')->group(function () {
// API routes sampled sparingly
});
// Always sample critical endpoints
Route::post('/checkout', [CheckoutController::class, 'process'])
->middleware(Sample::always());
// Never sample health checks
Route::get('/health', [HealthController::class, 'check'])
->middleware(Sample::never());
```
### Unmatched Route Sampling
Handle 404/bot traffic with reduced sampling:
```php routes/web.php
Route::fallback(fn () => abort(404))
->middleware(Sample::rate(0.01)); // 1% sampling for unmatched routes
```
### Dynamic Sampling
Sample based on runtime conditions (user role, request attributes):
```php app/Http/Middleware/SampleAdminRequests.php
use Closure;
use Illuminate\Http\Request;
use Laravel\Nightwatch\Facades\Nightwatch;
class SampleAdminRequests
{
public function handle(Request $request, Closure $next)
{
if ($request->user()?->isAdmin()) {
Nightwatch::sample(); // Always sample admin requests
}
return $next($request);
}
}
```
### Command Sampling
Exclude specific commands from sampling:
```php AppServiceProvider.php
use Illuminate\Console\Events\CommandStarting;
use Illuminate\Support\Facades\Event;
use Laravel\Nightwatch\Facades\Nightwatch;
public function boot(): void
{
Event::listen(function (CommandStarting $event) {
if (in_array($event->command, ['schedule:finish', 'horizon:snapshot'])) {
Nightwatch::dontSample();
}
});
}
```
### Vendor Commands
Nightwatch automatically ignores framework/internal commands. Opt-in to capture them:
```php
Nightwatch::captureDefaultVendorCommands();
```
---
## Filtering Configuration
Filtering excludes specific events from collection after sampling. Use filtering to reduce noise and quota usage.
### Database Queries
**Filter all queries** (disable query collection):
```bash
NIGHTWATCH_IGNORE_QUERIES=true
```
**Filter specific queries** by SQL pattern:
```php AppServiceProvider.php
use Laravel\Nightwatch\Facades\Nightwatch;
use Laravel\Nightwatch\Records\Query;
public function boot(): void
{
// Filter job table queries (PostgreSQL)
Nightwatch::rejectQueries(function (Query $query) {
return str_contains($query->sql, 'into "jobs"');
});
// Filter cache table queries (MySQL)
Nightwatch::rejectQueries(function (Query $query) {
return str_contains($query->sql, 'from `cache`')
|| str_contains($query->sql, 'into `cache`');
});
}
```
### Cache Events
**Filter all cache events**:
```bash
NIGHTWATCH_IGNORE_CACHE_EVENTS=true
```
**Filter by cache key patterns**:
```php
Nightwatch::rejectCacheKeys([
'my-app:users', // Exact match
'/^my-app:posts:/', // Regex: starts with my-app:posts:
'/^[a-zA-Z0-9]{40}$/', // Regex: session IDs
]);
```
**Filter with callback**:
```php
use Laravel\Nightwatch\Records\CacheEvent;
Nightwatch::rejectCacheEvents(function (CacheEvent $cacheEvent) {
return str_starts_with($cacheEvent->key, 'temp:');
});
```
### Mail Events
**Filter all mail**:
```bash
NIGHTWATCH_IGNORE_MAIL=true
```
**Filter specific mail**:
```php
use Laravel\Nightwatch\Records\Mail;
Nightwatch::rejectMail(function (Mail $mail) {
return str_contains($mail->subject, 'Newsletter');
});
```
### Notification Events
**Filter all notifications**:
```bash
NIGHTWATCH_IGNORE_NOTIFICATIONS=true
```
**Filter by channel**:
```php
use Laravel\Nightwatch\Records\Notification;
Nightwatch::rejectNotifications(function (Notification $notification) {
return $notification->channel === 'database';
});
```
### Outgoing HTTP Requests
**Filter all outgoing requests**:
```bash
NIGHTWATCH_IGNORE_OUTGOING_REQUESTS=true
```
**Filter by URL**:
```php
use Laravel\Nightwatch\Records\OutgoingRequest;
Nightwatch::rejectOutgoingRequests(function (OutgoingRequest $request) {
return str_contains($request->url, 'analytics.example.com');
});
```
### Queued Jobs
**Filter specific jobs**:
```php
use Laravel\Nightwatch\Records\QueuedJob;
Nightwatch::rejectQueuedJobs(function (QueuedJob $job) {
return $job->name === 'App\Jobs\LowPriorityJob';
});
```
### Decoupling Job Sampling
Sample jobs independently from parent contexts:
```php
use Illuminate\Support\Facades\Queue;
public function boot(): void
{
Queue::before(fn () => Nightwatch::sample(rate: 0.5));
}
```
---
## Redaction Configuration
Redaction modifies captured data to remove or obfuscate sensitive information. Unlike filtering, redaction keeps the event but sanitizes its content.
### Request Redaction
**Redact sensitive headers** (automatically redacts: Authorization, Cookie, X-XSRF-TOKEN):
```bash
# Customize redacted headers
NIGHTWATCH_REDACT_HEADERS=Authorization,Cookie,Proxy-Authorization,X-API-Key
```
**Redact request payloads** (disabled by default):
```bash
# Enable payload capture
NIGHTWATCH_CAPTURE_REQUEST_PAYLOAD=true
# Customize redacted fields
NIGHTWATCH_REDACT_PAYLOAD_FIELDS=password,password_confirmation,ssn,credit_card
```
**Programmatic redaction**:
```php
use Laravel\Nightwatch\Facades\Nightwatch;
use Laravel\Nightwatch\Records\Request;
Nightwatch::redactRequests(function (Request $request) {
$request->url = str_replace('secret', '***', $request->url);
$request->ip = preg_replace('/\d+$/', '***', $request->ip);
});
```
### Query Redaction
```php
use Laravel\Nightwatch\Records\Query;
Nightwatch::redactQueries(function (Query $query) {
$query->sql = str_replace('secret_token', '***', $query->sql);
});
```
### Cache Redaction
```php
use Laravel\Nightwatch\Records\CacheEvent;
Nightwatch::redactCacheEvents(function (CacheEvent $cacheEvent) {
$cacheEvent->key = str_replace('user:', 'user:***:', $cacheEvent->key);
});
```
### Command Redaction
```php
use Laravel\Nightwatch\Records\Command;
Nightwatch::redactCommands(function (Command $command) {
$command->command = preg_replace('/--password=\S+/', '--password=***', $command->command);
});
```
### Exception Redaction
```php
use Laravel\Nightwatch\Records\Exception;
Nightwatch::redactExceptions(function (Exception $exception) {
$exception->message = str_replace('secret', '***', $exception->message);
});
```
### Mail Redaction
```php
use Laravel\Nightwatch\Records\Mail;
Nightwatch::redactMail(function (Mail $mail) {
$mail->subject = str_replace('Invoice #', 'Invoice ***', $mail->subject);
});
```
### Outgoing Request Redaction
```php
use Laravel\Nightwatch\Records\OutgoingRequest;
Nightwatch::redactOutgoingRequests(function (OutgoingRequest $outgoingRequest) {
$outgoingRequest->url = preg_replace('/api_key=\w+/', 'api_key=***', $outgoingRequest->url);
});
```
.cursor/skills/configure-nightwatch/reference.md
+108
View File
@@ -0,0 +1,108 @@
# Nightwatch Configuration Reference
## Configuration Summary by Event Type
| Event Type | Sampling | Filtering | Redaction |
| --------------------- | -------------------------------------------------- | ---------------------------------------------------------------------------- | ------------------------- |
| **Requests** | `NIGHTWATCH_REQUEST_SAMPLE_RATE`, Route middleware | Not applicable | Headers, payload, URL, IP |
| **Commands** | `NIGHTWATCH_COMMAND_SAMPLE_RATE`, Event listener | Not applicable | Command arguments |
| **Queries** | Parent context | `rejectQueries()`, `NIGHTWATCH_IGNORE_QUERIES` | SQL statement |
| **Cache** | Parent context | `rejectCacheKeys()`, `rejectCacheEvents()`, `NIGHTWATCH_IGNORE_CACHE_EVENTS` | Cache key |
| **Jobs** | Parent context, Queue::before | `rejectQueuedJobs()` | Not applicable |
| **Mail** | Parent context | `rejectMail()`, `NIGHTWATCH_IGNORE_MAIL` | Subject |
| **Notifications** | Parent context | `rejectNotifications()`, `NIGHTWATCH_IGNORE_NOTIFICATIONS` | Not applicable |
| **Outgoing Requests** | Parent context | `rejectOutgoingRequests()`, `NIGHTWATCH_IGNORE_OUTGOING_REQUESTS` | URL |
| **Exceptions** | `NIGHTWATCH_EXCEPTION_SAMPLE_RATE` | Not applicable | Exception message |
---
## Production Recommendations
### High-Traffic Applications
```bash
# Conservative sampling
NIGHTWATCH_REQUEST_SAMPLE_RATE=0.01 # 1% of requests
NIGHTWATCH_COMMAND_SAMPLE_RATE=0.1 # 10% of commands
NIGHTWATCH_EXCEPTION_SAMPLE_RATE=1.0 # Always capture exceptions
# Filter noisy events
NIGHTWATCH_IGNORE_CACHE_EVENTS=true
NIGHTWATCH_IGNORE_QUERIES=true # Or filter specific queries programmatically
```
### Privacy-Conscious Applications
```bash
# Disable sensitive data collection
NIGHTWATCH_CAPTURE_REQUEST_PAYLOAD=false
NIGHTWATCH_REDACT_HEADERS=Authorization,Cookie,Proxy-Authorization,X-XSRF-TOKEN
# Or use redaction in AppServiceProvider
```
### Balanced Configuration (Recommended Start)
```bash
# Sample rates
NIGHTWATCH_REQUEST_SAMPLE_RATE=0.1
NIGHTWATCH_COMMAND_SAMPLE_RATE=1.0
NIGHTWATCH_EXCEPTION_SAMPLE_RATE=1.0
# Filter obvious noise programmatically
# Redact PII as needed
```
---
## Verification Checklist
After configuration:
- [ ] Sampling rates appropriate for traffic volume
- [ ] Noisy events filtered (cache, certain queries)
- [ ] Sensitive data redacted (PII, tokens, credentials)
- [ ] Exceptions always captured for debugging
- [ ] Test in development with `NIGHTWATCH_REQUEST_SAMPLE_RATE=1.0`
- [ ] Monitor event quota usage in Nightwatch dashboard
---
## Common Patterns
### Filter Health Checks + Reduce Sampling
```php
Route::get('/health', fn() => ['status' => 'ok'])
->middleware(Sample::never());
```
### Exclude Internal/Vendor Queries
```php
Nightwatch::rejectQueries(fn($q) =>
str_contains($q->sql, 'telescope') ||
str_contains($q->sql, 'pulse')
);
```
### Protect User Data in Cache Keys
```php
Nightwatch::redactCacheEvents(fn($e) =>
$e->key = preg_replace('/user:\d+/', 'user:***', $e->key)
);
```
.cursor/skills/configuring-horizon/SKILL.md
+1 -1
View File
@@ -82,4 +82,4 @@ protected function gate(): void
- The `environments` array overrides only the keys you specify. It merges into `defaults` and does not replace it.
- The timeout chain must be ordered: job `timeout` less than supervisor `timeout` less than `retry_after`. The wrong order can cause jobs to be retried before Horizon finishes timing them out.
- The metrics dashboard stays blank until `horizon:snapshot` is scheduled. Running `php artisan horizon` alone does not populate metrics.
- Always use `search-docs` for the latest Horizon documentation rather than relying on this skill alone.
- Always use `search-docs` for the latest Horizon documentation rather than relying on this skill alone.
.cursor/skills/configuring-horizon/references/metrics.md
+1 -1
View File
@@ -18,4 +18,4 @@ A single manual run populates the dashboard momentarily but will not keep it upd
### `metrics.trim_snapshots` is a snapshot count, not a time duration
The `trim_snapshots.job` and `trim_snapshots.queue` values in `config/horizon.php` are counts of snapshots to keep, not minutes or hours. With the default of 24 snapshots at 5-minute intervals, that provides 2 hours of history. Increase the value to retain more history at the cost of Redis memory usage.
The `trim_snapshots.job` and `trim_snapshots.queue` values in `config/horizon.php` are counts of snapshots to keep, not minutes or hours. With the default of 24 snapshots at 5-minute intervals, that provides 2 hours of history. Increase the value to retain more history at the cost of Redis memory usage.
.cursor/skills/configuring-horizon/references/notifications.md
+1 -1
View File
@@ -18,4 +18,4 @@ Configure notifications in the `boot()` method of `App\Providers\HorizonServiceP
### Failed job alerts are separate from Horizon's documented notification routing
Horizon's 12.x documentation covers built-in long-wait notifications. Do not assume the docs provide a `JobFailed` listener example in `HorizonServiceProvider`. If a user needs failed job alerts, treat that as custom queue event handling and consult the queue documentation instead of Horizon's notification-routing API.
Horizon's 12.x documentation covers built-in long-wait notifications. Do not assume the docs provide a `JobFailed` listener example in `HorizonServiceProvider`. If a user needs failed job alerts, treat that as custom queue event handling and consult the queue documentation instead of Horizon's notification-routing API.
.cursor/skills/configuring-horizon/references/supervisors.md
+1 -1
View File
@@ -24,4 +24,4 @@ Auto-balancing suits variable load, but if a queue should always have exactly N
### Set `balanceCooldown` to prevent rapid worker scaling under bursty load
When using `balance: auto`, the supervisor can scale up and down rapidly under bursty load. Set `balanceCooldown` to the number of seconds between scaling decisions, typically 3 to 5, to smooth this out. `balanceMaxShift` limits how many processes are added or removed per cycle.
When using `balance: auto`, the supervisor can scale up and down rapidly under bursty load. Set `balanceCooldown` to the number of seconds between scaling decisions, typically 3 to 5, to smooth this out. `balanceMaxShift` limits how many processes are added or removed per cycle.
.cursor/skills/configuring-horizon/references/tags.md
+1 -1
View File
@@ -18,4 +18,4 @@ Adding a job class to the `silenced` array in `config/horizon.php` removes it fr
### `silenced_tags` hides all jobs carrying a matching tag from the completed list
Any job carrying a matching tag string is hidden from the completed jobs view. This is useful for silencing a category of jobs such as all jobs tagged `notifications`, rather than silencing specific classes.
Any job carrying a matching tag string is hidden from the completed jobs view. This is useful for silencing a category of jobs such as all jobs tagged `notifications`, rather than silencing specific classes.
.cursor/skills/debugging-output-and-previewing-html-using-ray/SKILL.md
+1 -1
View File
@@ -411,4 +411,4 @@ curl -X POST http://localhost:23517/ \
| `remove` | (empty) | Remove entry |
| `confetti` | (empty) | Confetti animation |
| `show_app` | (empty) | Show Ray window |
| `hide_app` | (empty) | Hide Ray window |
| `hide_app` | (empty) | Hide Ray window |
.cursor/skills/fortify-development/SKILL.md
+22 -2
View File
@@ -1,6 +1,6 @@
---
name: fortify-development
description: 'ACTIVATE when the user works on authentication in Laravel. This includes login, registration, password reset, email verification, two-factor authentication (2FA/TOTP/QR codes/recovery codes), profile updates, password confirmation, or any auth-related routes and controllers. Activate when the user mentions Fortify, auth, authentication, login, register, signup, forgot password, verify email, 2FA, or references app/Actions/Fortify/, CreateNewUser, UpdateUserProfileInformation, FortifyServiceProvider, config/fortify.php, or auth guards. Fortify is the frontend-agnostic authentication backend for Laravel that registers all auth routes and controllers. Also activate when building SPA or headless authentication, customizing login redirects, overriding response contracts like LoginResponse, or configuring login throttling. Do NOT activate for Laravel Passport (OAuth2 API tokens), Socialite (OAuth social login), or non-auth Laravel features.'
description: 'ACTIVATE when the user works on authentication in Laravel. This includes login, registration, password reset, email verification, two-factor authentication (2FA/TOTP/QR codes/recovery codes), passkeys, profile updates, password confirmation, or any auth-related routes and controllers. Activate when the user mentions Fortify, auth, authentication, login, register, signup, forgot password, verify email, 2FA, passkeys, WebAuthn, or references app/Actions/Fortify/, CreateNewUser, UpdateUserProfileInformation, FortifyServiceProvider, config/fortify.php, or auth guards. Fortify is the frontend-agnostic authentication backend for Laravel that registers all auth routes and controllers. Also activate when building SPA or headless authentication, customizing login redirects, overriding response contracts like LoginResponse, or configuring login throttling. Do NOT activate for Laravel Passport (OAuth2 API tokens), Socialite (OAuth social login), or non-auth Laravel features.'
license: MIT
metadata:
author: laravel
@@ -32,6 +32,7 @@ Enable in `config/fortify.php` features array:
- `Features::updateProfileInformation()` - Profile updates
- `Features::updatePasswords()` - Password changes
- `Features::twoFactorAuthentication()` - 2FA with QR codes and recovery codes
- `Features::passkeys()` - Passwordless authentication with WebAuthn passkeys
> Use `search-docs` for feature configuration options and customization patterns.
@@ -50,6 +51,18 @@ Enable in `config/fortify.php` features array:
> Use `search-docs` for TOTP implementation and recovery code handling patterns.
### Passkeys Setup
```
- [ ] Add PasskeyAuthenticatable trait to User model and implement PasskeyUser
- [ ] Enable passkeys feature in config/fortify.php
- [ ] If the passkeys table migration is missing, publish via `php artisan vendor:publish --tag=fortify-migrations` and migrate
- [ ] Configure passkeys relying_party_id, allowed_origins, user_handle_secret, and timeout if defaults are not suitable
- [ ] Build UI with @laravel/passkeys for registration, login, confirmation, and deletion
```
> Use `search-docs` for passkey configuration options. For `@laravel/passkeys` frontend usage, refer to the package's README on npm.
### Email Verification Setup
```
@@ -128,4 +141,11 @@ Configure via `fortify.limiters.login` in config. Default configuration throttle
| Confirm 2FA | POST | `/user/confirmed-two-factor-authentication` |
| 2FA Challenge | POST | `/two-factor-challenge` |
| Get QR Code | GET | `/user/two-factor-qr-code` |
| Recovery Codes | GET/POST | `/user/two-factor-recovery-codes` |
| Recovery Codes | GET/POST | `/user/two-factor-recovery-codes` |
| Passkey Login Options | GET | `/passkeys/login/options` |
| Passkey Login | POST | `/passkeys/login` |
| Passkey Confirm Options| GET | `/passkeys/confirm/options` |
| Passkey Confirm | POST | `/passkeys/confirm` |
| Passkey Options | GET | `/user/passkeys/options` |
| Register Passkey | POST | `/user/passkeys` |
| Delete Passkey | DELETE | `/user/passkeys/{passkey}` |
.cursor/skills/laravel-actions/SKILL.md
+1 -1
View File
@@ -299,4 +299,4 @@ Use these references for deep dives by entrypoint/topic. Keep `SKILL.md` focused
- Command entrypoint: `references/command.md`
- With attributes: `references/with-attributes.md`
- Testing and fakes: `references/testing-fakes.md`
- Troubleshooting: `references/troubleshooting.md`
- Troubleshooting: `references/troubleshooting.md`
.cursor/skills/laravel-actions/references/command.md
+1 -1
View File
@@ -157,4 +157,4 @@ $this->artisan('users:update-role 1 admin')
## References
- https://www.laravelactions.com/2.x/as-command.html
- https://www.laravelactions.com/2.x/as-command.html
.cursor/skills/laravel-actions/references/controller.md
+1 -1
View File
@@ -336,4 +336,4 @@ public function getAuthorizationFailure(): void
## References
- https://www.laravelactions.com/2.x/as-controller.html
- https://www.laravelactions.com/2.x/as-controller.html

Some files were not shown because too many files have changed in this diff Show More