My new video on Laravel Daily channel.
NEW in Laravel 13.20: Image Manipulation
https://t.co/FsKGceMB3a
Unexpected MAJOR new feature in the framework.
And I was intrigued WHY/WHEN we need it, instead of using spatie/laravel-medialibrary or other packages.
New tool for Laravel devs!
EnvKit - Local Dev Stack for Windows & macOS
https://t.co/WNJo5Yhgu0
It's like Laravel Herd but with MORE tech-stack outside of Laravel:
- nginx/Apache
- MongoDB
- Python
- and more
what is agent looping
for the last two years we prompted agents one task at a time. that is starting to change
instead of asking an agent to build the landing page and then driving every step yourself, you set up a loop that handles discovery, planning, the work, checking, and iterating until the goal is met
looping is a setup you build. almost any agent harness can run it, it just depends on how you wire it up
at its simplest, looping is one agent working on itself:
> researches
> drafts
> checks the draft against a goal
> fixes what is weak
> runs that cycle again until the work clears the requirements
you are not prompting each step anymore. the agent repeats the cycle for you
the bigger version is a fleet looping. you give an orchestrator agent a goal, it breaks the goal into pieces, hands each piece to a specialist agent, and those specialists hand smaller jobs to their own subagents
the whole tree keeps looping through discovery, planning, execution, and verification until the goal is met
one agent looping is like a person redoing their own draft. a fleet looping is a whole team running a project end-to-end
you create a goal, and the system runs the loop until it finishes within the reqs you set
open and closed looping:
OPEN LOOPING is exploratory. it still has conditions and a goal, but you give the agent or the fleet a wide space to move in. it can try different paths, discover things, build something you did not fully spec out
this is the exciting end, it is what Peter and others are doing, and tbh it is where I want to spend more time
the catch is cost, an open loop with real room to explore burns an insane amount of tokens. for the 90 percent of people without an unlimited budget it is not runnable yet, and pointed at projects with a loose standard it turns into a slop machine
CLOSED LOOPING is bounded. a human designs the end-to-end path first:
> clear goal
> defined steps
> an eval at each step
> a point where it stops or hands back to you (and feeds back performance data)
the agents still loop, but inside framework you built. it gets better every run because each pass feeds the next, and it runs on a normal budget because the path is tight.
for most marketing work, closed is the one that pays off today.
> the orchestrator owns the goal
> the specialists own the steps
> the subagents do the narrow work
> an eval gate make sure its not slop
Hey Laravel Developers
We know that PHP handles memory management automatically, and objects are generally destroyed once they are no longer referenced.
However, sometimes it is still better to manually unset a variable and free up memory earlier, especially when working with long-running functions or scripts.
This is because a variable remains in scope until the function or script finishes execution.
Even if you no longer need the variable, PHP may continue holding the memory until it goes out of scope. By using unset(), you can release that memory sooner.
Check the code example below for a better understanding!
#laravel #php
Did you know that @nativephp has its own Laravel starter kit version?
So, you need only three terminal commands to see NativePHP starter-app on your phone.
Jump App is similar to Expo Go for React Native.
Read more in the docs: https://t.co/F8jQu6KUkM
Someone open-sourced a library of every tech logo you've ever needed as clean, optimized SVGs.
It's called developer-icons. here's what you get:
→ 200+ tech logos (React, HTML, JS, Docker, you name it) as real components
→ fully customizable size, color, stroke width per icon
→ scales to any resolution with zero quality loss
→ light/dark + wordmark variants built in
→ tree-shakeable, so your bundle only ships what you import
no more digging through Figma exports or pasting random SVGs you found on stack overflow.
npm i developer-icons import the icon, drop it in your JSX, done.
100% open source. MIT license. 2.1k stars.
New Laravel tool released 🚨
Laravel Moat, announced by @enunomaduro
It scans your org/repos and shows how well you're using GitHub’s built-in security features, with clear recommendations to improve.
I know this will be incredibly useful for me.
introducing laravel moat
as an open source maintainer, recent supply chain attacks in the ecosystem made me want a simple cli to audit the security of my GitHub organizations and repositories
built in Rust. for any open source project on GitHub
With new security incident(s), we PHP/Laravel devs probably should stop running `composer update` blindly, trusting the latest versions.
Modern apps are mostly DEPENDENCIES.
Security is no longer just about your code, SQL injections or XSS attacks on your website.
So, for packages, probably lock SPECIFIC versions.
Probably do not install anything "too fresh".
Consider NOT using external packages when possible/logical.
I'm currently writing a much longer tutorial with security recommendations, possibly will even turn it into a course.
🚨 Ongoing supply chain attack on Composer packages! We just found multiple laravel-lang/* packages compromised on Packagist (lang, http-statuses, attributes). Payload runs at autoload time. At least 50 package versions were compromised.
If you installed a compromised version, the malware already executed. Pin to a clean COMMIT (not version) and rotate secrets immediately.
If your lockfile already had an older commit from before today, you are safe. But you should not update at the moment.
PHP developers used to have limited options for building AI agents: learn Python, or accept that raw API calls were as far as you'd get.
The Laravel AI SDK changed that.
Agents, tools, memory, streaming, vector search, and multi-agent workflows. All in Laravel, and all first-party.
Learn more about the AI SDK →
https://t.co/S1mUSVbnJr
When developing There There locally, nobody on our team ever types a password.
You just click a button to instantly log in as any kind of user: a trial admin, a pro member, even a fresh user that still needs onboarding.
Those buttons are powered by spatie/laravel-login-link, our free package that lets you log in as any user with a single click. It only works outside of production, so it's safe to leave in.
Package: https://t.co/M4ZhYFeFla
There There: https://t.co/pYgNIxR876
it has zero dependencies; this is a tool for all php developers
that means you can use it as a library developer, with @drupal, or with anything php-based
🚨 Security advisory: Composer 2.9.8 and 2.2.28 are out and fix a vulnerability leaking GitHub Actions new format GITHUB_TOKENs into job logs via error messages.
Update now (composer self-update) or disable affected Actions workflows.
#composerphp#phpc#php
Laravel developers now get websockets setup in ~40 seconds, for free, using https://t.co/L2kbFeHyOb and the new composer package 🔥
artisan vask:install will auth with https://t.co/64mTdrNgMK, give you a websocket app, and set those details in your .env file so you're ready to go 💪
Coming soon: your agent will register for you, no OAuth needed 😅