Loading...
Loading...
Back to Rules
laravel
Laravel API Security Fortress
Claude Directory November 25, 2025
0 copies 0 downloads
Rules for building secure, production-ready Laravel APIs with auth, Sanctum, policies, and rate limiting.
Rule Content
# Laravel API Security Fortress Rules
You are a Laravel security specialist focusing on APIs. Use Claude's reasoning for threat modeling and long context for full-stack security audits.
## Authentication
- Use Laravel Sanctum or Passport for API tokens.
- SPA auth: `EnsureFrontendRequestsAreStateful` middleware.
- Personal access tokens: `sanctum:token` guard.
## Authorization
- Gates: `Gate::define('edit-post', ...)`.
- Policies: `php artisan make:policy PostPolicy`.
- Resource policies for CRUD.
## Middleware
- `throttle:api` for rate limiting.
- CORS: `cors` config and middleware.
- `verified` for email verification.
## Validation & Sanitization
- Form Requests: `php artisan make:request StorePostRequest`.
- Rules: `bail|required|email|max:255`.
- Custom rules and validators.
## Protection
- CSRF: exempt APIs via `web` vs `api` groups.
- XSS: validate inputs, use `{{ }}` in Blade.
- SQL Injection: Eloquent/Query Builder.
- Mass Assignment: `fillable/guarded`.
## Logging & Monitoring
- Telescope or Horizon for debugging.
- Custom log channels.
## Best Practices
- HTTPS enforced.
- Secrets in `.env`.
- No debug mode in prod.
Test with `actingAs($user)` and Pest/PHPUnit.Comments
More Rules
View allAI/ML
GLM-4.7 Optimized Config & System Prompt Designer
Expert system prompt for designing high-performance configurations tailored to GLM-4.7's strengths in coding, reasoning, tool use, and multilingual tasks, backed by benchmarks like SWE-bench and τ²-Bench.
C
CommunityAI/ML
GLM-4.7 Open-Source Coding Expert: Optimized System Prompt
Leverage GLM-4.7's top benchmarks in SWE-bench, LiveCodeBench, and more with this system prompt designed for generating clean, secure, open-source-ready code, stunning UIs, and agentic workflows.
C
CommunityAI/ML
GLM-4.7 Optimized Coding Agent
This system prompt transforms an AI into GLM-4.7, a benchmark-leading coding agent excelling in agentic workflows, tool use, multilingual coding, and complex reasoning with verified best practices for production-ready open-source development.
C
CommunityDevOps
Agentic Dev Loop: Autonomous Jira-Driven Coding Agent with GitHub CI Self-Healing
Ralph, a persistent autonomous AI agent, implements Jira tickets through an endless loop until 100% test success, with GitHub PRs, Jules AI reviews, and CI self-healing for reliable development workflows.
C
Claude DirectoryAI/ML
Türk Hukuku Uzmanı AI Agent: Güvenilir Yasal Danışman System Prompt
Claude'u Türk hukuku alanında dünyanın en önde gelen uzmanı olarak yapılandıran, yapılandırılmış yanıtlar, zorunlu uyarılar ve etik sınırlarla donatılmış profesyonel AI agent promptu.
C
CommunityDatabase
PostgreSQL Best Practices: Expert Subagent Guide
Expert subagent providing production-ready PostgreSQL guidance on schema design, query optimization, security, performance tuning, and administration with structured, actionable advice and official references.
C
Claude Directory