This is a comprehensive reference for locking down Laravel apps, covering everything from production config gotchas to authentication patterns. It walks through Sanctum token abilities, password hashing with argon2id, session regeneration to prevent fixation attacks, and proper policy/gate setup with real code examples. The production checklist alone is worth having open: APP_KEY validation, trusted proxy configuration for load balancers, HTTPS enforcement middleware. Especially useful when you're moving from local dev to production and need to catch security misconfigurations before they bite you. The Eloquent safety and XSS prevention sections would make this complete, but what's here covers the authentication and authorization stack thoroughly.
npx -y skills add affaan-m/ecc --skill laravel-security --agent claude-codeInstalls into .claude/skills of the current project.
Select a file.
giuseppe-trisciuoglio/developer-kit