home / skills / jcastillotx / vibe-skeleton-app / laravel-best-practices

laravel-best-practices skill

/setup/skills/laravel-best-practices

This skill enforces Laravel best practices to optimize security, Eloquent, performance, API design, and testing across applications.

npx playbooks add skill jcastillotx/vibe-skeleton-app --skill laravel-best-practices

Review the files below or copy the command above to add this skill to your agents.

Files (14)
SKILL.md
1.4 KB
---
name: laravel-best-practices
description: Laravel development standards. Triggers when working with Laravel applications, Eloquent ORM, Blade templates, or Livewire components.
trigger_patterns:
  - laravel
  - eloquent
  - blade
  - livewire
  - artisan
  - composer.json
  - app/Models
  - app/Http
auto_load_with:
  - php-best-practices
  - mysql-best-practices
---

# Laravel Best Practices

Comprehensive coding standards for Laravel applications, optimized for AI agents and LLMs.

## Overview

This skill provides 26 rules organized across 8 categories:

1. **Security (security-)** - CSRF, XSS, SQL injection, mass assignment [CRITICAL]
2. **Eloquent Optimization (eloquent-)** - Eager loading, chunking, lazy collections [CRITICAL]
3. **Performance (perf-)** - Route caching, config caching, OPcache [HIGH]
4. **Architecture (arch-)** - Service containers, repositories, actions [HIGH]
5. **API Development (api-)** - Resources, rate limiting, versioning [MEDIUM-HIGH]
6. **Testing (test-)** - Feature tests, mocking, factories [MEDIUM]
7. **Queue & Jobs (queue-)** - Job batching, rate limiting, retries [MEDIUM]
8. **Livewire (livewire-)** - Wire navigation, lazy loading, polling [LOW-MEDIUM]

## Usage

Reference this skill when:
- Building Laravel applications
- Optimizing Eloquent queries
- Implementing API endpoints
- Setting up job queues
- Writing tests

## Build

```bash
pnpm build    # Compile rules to AGENTS.md
pnpm validate # Validate rule files
```

Overview

This skill codifies Laravel development standards focused on security, Eloquent optimization, performance, architecture, API design, testing, queues, and Livewire patterns. It organizes 26 practical rules across eight categories to guide safe, efficient, and maintainable Laravel apps. Use it as a checklist and reference when building or reviewing Laravel projects.

How this skill works

The skill inspects common Laravel development areas and recommends concrete practices: prevent CSRF/XSS/SQL injection, guard against mass assignment, optimize Eloquent with eager loading and chunking, and enable caching and OPcache for production. It also covers architecture choices (service containers, actions), API conventions (resources, rate limiting), testing strategies, job/queue handling, and Livewire optimizations.

When to use it

  • During application design or architecture reviews for new Laravel projects
  • When optimizing slow Eloquent queries or reducing N+1 query problems
  • While hardening an app for security and production readiness
  • When implementing or versioning REST APIs and rate limiting
  • While creating job queues, retries, and batching strategies
  • When developing Livewire components to avoid unnecessary re-renders

Best practices

  • Always escape output and use Blade/validation helpers to prevent XSS and CSRF issues
  • Protect models with fillable/guarded to prevent mass assignment vulnerabilities
  • Eager load relationships, use chunking or lazy collections for large datasets
  • Enable route/config caching and OPcache in production for performance
  • Favor small, single-responsibility actions/services and use the service container for dependencies
  • Use API Resources, version endpoints, and apply rate limiting for public APIs

Example use cases

  • Audit controllers and models to fix N+1 queries and add eager loads
  • Harden form handling by ensuring CSRF tokens and input sanitization are in place
  • Migrate a monolith feature into an action or service for clearer responsibilities
  • Implement job batching with retries and backoff for heavy background processing
  • Structure API endpoints with resources, versioning, and throttle rules
  • Optimize Livewire components with wire:loading, lazy properties, and pagination

FAQ

Do these rules apply to all Laravel versions?

The principles are broadly applicable, but check framework-specific features and available helpers for your Laravel version before applying changes.

Which category should I prioritize for a production launch?

Prioritize Security and Eloquent Optimization first, then Performance and Architecture to ensure safety and responsiveness at scale.