freek.dev / .freek-dev

You can't out-prompt an attacker -- to the model, your system instructions and a malicious support ticket are the same text. So stop defending the prompt and lock down the boundaries you actually control: tools scoped to the authenticated user server ...

Matthias writes that AI has shifted more of software development from typing to thinking, reviewing, and iterating. Nice reflection on how agentic coding, parallel worktrees, and voice dictation can slow individual features down while still ...

Flare now supports log collection for Laravel and PHP apps, with real-time filtering and search in the same polished interface. A nice overview of what logging adds and how to get started with the new SDK release.

Your Agent::fake() tests prove your Laravel AI feature runs -- not that its output is any good. This evals a real ticket classifier with the AI SDK: a golden dataset for the fields you can check, an LLM-as-judge for the free text you can't, and a ...

We built deep Livewire support into Flare, making component hierarchies, lifecycle phases, method calls, and related queries visible inside traces. It looks like a solid step forward for understanding where Livewire apps spend time and where things . ...

We shipped a Svelte 5 integration for Flare with an error boundary, component hierarchy reporting, and lifecycle-aware context. Looks especially useful for seeing which component broke, and where the error came from.

We shipped dedicated webpack and Next.js plugins for Flare that upload sourcemaps after each production build. Nice update, especially the Next.js wrapper that handles source map generation and cleanup for you.

Steve King explains why Tempest feels so nice for API work: typed request objects, declarative validation, route discovery, and a low-ceremony action flow. It is a good look at how the framework removes boilerplate without giving up clarity.

Daniel Petrica tells the story of how an unpatched Livewire vulnerability on a forgotten side project exposed Mailcoach API keys and led to 50,000 spam emails being sent. It is a useful reminder to keep dormant apps updated, and a good real-world ...

Michael Dyrynda shows how PHP 8.4 property hooks can replace simple computed getter methods with virtual properties. He makes the case for using them when you want a clean, property-based API for derived values.