Laravel 13 Archives - LaraCopilot

Laravel Enterprise Apps: Is the Framework Ready 2026?

Posted on April 29, 2026 by Avinash Vagh

Your enterprise stakeholders are skeptical. They’ve heard “Laravel is just for startups” or “PHP doesn’t scale.” Your board wants Java. Your investors mention .NET. But you’ve looked at the tech and you’re here to build the case with actual evidence.

This post is written for that exact situation: a CTO or technical founder who needs honest, current data on Laravel’s enterprise readiness not a sales pitch, not a PHP fanboy post, and not another generic list of framework features.

Here’s what the production evidence actually shows in 2026.

Real Companies, Real Scale Numbers

Before architecture theory, establish the baseline with production proof.

Disney uses Laravel across multiple internal platforms and subsidiary applications content management, partner portals, and internal tooling at a scale that handles millions of daily requests. This is publicly documented.

Twitch has Laravel confirmed in its ecosystem stack. A platform serving 30+ million daily active users with Laravel in the mix is a meaningful data point for any enterprise conversation.

The New York Times, WWE, Warner Bros, HSBC, PwC, and Siemens all run Laravel-powered applications. These are organisations with compliance requirements, security reviews, and infrastructure teams — not side projects.

The most telling case study for scale skeptics: Ghost’s publishing platform handles 14 million monthly requests with a single engineer, running on Laravel Cloud. That is a documented, public ratio of output to engineering headcount that no Java Spring Boot shop can match.

The honest framing most articles skip: large enterprises rarely run their entire stack on one framework. Laravel typically powers specific platforms, internal tools, or subsidiary products rather than the entire monolith. That is actually the correct pattern and the same one you’ll see with Rails and Django at enterprise scale.

Architecture Decision Framework

This is the section every competing post skips. They say “use DDD” or “consider a modular monolith” without telling you when to choose which. Here is a practical decision tree:

Use standard Laravel MVC when:

Team is under 10 engineers
Application scope is well-defined and unlikely to split into separate domains
You’re in validation phase and velocity matters most
Traffic target is under 5 million monthly requests

Use a modular monolith when:

Team is 10–50 engineers working across distinct business domains
You need domain isolation — billing, auth, notifications as separate modules without microservices operational overhead
You expect the codebase to live 5+ years
You want the ability to extract services later without a full rewrite

Laravel 13 makes this pattern significantly cleaner. The new Container Scoping feature allows genuinely isolated domain boundaries within a single codebase. Different domains can have separate service providers, separate config, and separate test suites while still deploying as one application.

Move toward microservices when:

Teams are 50+ engineers with clear service ownership and contracts
Individual services need dramatically different scaling (video processing vs user auth)
You need language-level flexibility — some services in Go or Python alongside PHP
You have a platform team capable of managing the operational overhead

The thing most posts never say: microservices are an organisational solution, not a technical one. If your engineering team doesn’t have clear domain ownership already working, microservices will make things worse. A modular monolith gives you most of the isolation benefits with a fraction of the complexity.

Laravel 2026 Enterprise Stack

If your enterprise evaluation is based on Laravel 5 or 6 impressions, you’re evaluating a different product. Here’s what the stack looks like now:

Component	What It Does for Enterprise
Laravel Octane	Keeps the app permanently in memory via Swoole or RoadRunner. 5–10x throughput improvement on I/O-heavy workloads. Removes the most common PHP performance objection in enterprise conversations.
Laravel Horizon	Production-grade queue management — jobs per minute, failed job tracking, worker monitoring, alerts. Operational visibility your infrastructure team expects.
Laravel Pulse	Real-time monitoring dashboard built into the framework. Active sessions, slow queries, failed jobs, cache hits, queue throughput — without a third-party APM subscription.
Laravel Cloud	Auto-scaling, zero-downtime deployments, managed queue workers, and edge caching. Eliminates infrastructure management burden for teams without dedicated specialists.
Laravel Telescope	Debugging and introspection for development and staging. Every request, query, job, mail, and log entry captured and searchable.

Combined: high throughput via Octane, operational visibility via Horizon and Pulse, managed infrastructure via Cloud, deep debugging via Telescope. That is a complete enterprise observability and deployment story.

NEW: Laravel Private Cloud — April 2026

Taylor Otwell announced Laravel Private Cloud in April 2026, directly addressing the final objection in enterprise procurement conversations: dedicated, compliant, isolated infrastructure.

What Laravel Private Cloud delivers:

Isolated VPCs — Dedicated nodes, private networking gateways, and routing tables with VPC peering for secure integration
Zero shared resources — No cross-tenant infrastructure. Fully isolated cluster for maximum privacy and compliance
SOC 2 Type II certified — Meets the audit requirements that enterprise procurement teams require by default
PCI-DSS compliant — Opens Laravel to payment-handling enterprise applications and fintech workloads
DDoS mitigation — Cloudflare partnership with bespoke enterprise-level protection
SSO/SAML — Removes password management overhead; integrates with corporate identity providers
Private endpoints — All services accessed via private endpoints, eliminating external exposure
Laravel Cloud API + CLI — Programmatic control for automation and integration with existing DevOps workflows
Custom SLA guarantees — Dedicated Solutions Architect and 24/7 support by Laravel experts

Taylor Otwell, April 2026: “For years, it felt like ‘Laravel’ and ‘enterprise’ were treated like separate conversations. Startups used Laravel. Big companies used something heavier, slower, and more expensive. That’s over. Laravel Private Cloud gives you isolated infrastructure, dedicated nodes, private networking, SOC 2 Type II, and PCI-DSS compliance. Same Laravel DX. Same one-minute deploys. Now with the controls your security team actually needs.”

This announcement materially changes the enterprise conversation. The argument that “Laravel lacks enterprise-grade infrastructure” is now factually incorrect. Isolated VPCs, SOC 2 Type II, PCI-DSS, and SSO/SAML are the checklist items enterprise security teams use in procurement reviews. Laravel Private Cloud delivers all of them, with the same developer experience the framework has always offered.

Security and Compliance

Built-in security is table stakes, every Laravel post covers it. CSRF protection, XSS prevention, SQL injection protection via the query builder, bcrypt password hashing, AES-256 encryption. These are defaults, not configurations.

What no competing post covers is the compliance layer which matters most for your target markets.

GDPR (Germany, Switzerland, EU)

Laravel’s architecture supports compliance through built-in encryption, audit logging via packages like owen-it/laravel-auditing, soft deletes for right-to-erasure workflows, and policy-based authorization for data access control. Pair with spatie/laravel-personal-data-export for data subject access request handling. The framework gives you clean primitives — the architecture determines the compliance.

SOC 2 Readiness (US, UK)

Audit trails, access logging, and change tracking are achievable with the standard ecosystem. Horizon provides job audit history. Telescope captures request logs. The event system makes it straightforward to emit compliance-relevant events to a SIEM. Role-based access control via spatie/laravel-permission satisfies least-privilege access requirements.

Laravel Cloud is now SOC 2 Type II certified meaning your hosting environment carries certification alongside your application-level controls.

PCI-DSS and Fintech Workloads

With Laravel Private Cloud’s PCI-DSS compliance, Laravel applications can now operate in payment card environments that previously required more restricted infrastructure. The private networking, isolated VPCs, and certified infrastructure stack remove the compliance blockers for fintech and payment-adjacent enterprise applications.

HIPAA-Adjacent Applications

Laravel supports database-level encryption for PHI fields, audit logging, and access controls. HIPAA compliance remains an infrastructure and process concern as much as a code concern. Private Cloud’s isolated, private-networking infrastructure is a meaningful step toward meeting those requirements.

The honest summary: Laravel provides the building blocks for compliance in regulated markets. Private Cloud now provides certified infrastructure. Treat compliance as an architecture decision, not just a framework question.

When Laravel is NOT the Right Choice

Every post on this topic tells you Laravel is perfect for enterprise. A CTO will see through that immediately. Here is where Laravel is the wrong call:

When your team has zero PHP context. If your engineering organisation runs entirely on Go, Java, or .NET, the switching cost is real. A strong Java team will outperform a reluctant PHP team on Laravel every single time. Framework choice follows team capability, not the other way around.

When you need sub-millisecond latency at extreme throughput. Laravel with Octane is fast. It is not Go or Rust fast. For real-time financial systems processing hundreds of thousands of transactions per second, language-level overhead matters. Octane closes the gap significantly, but at the extreme performance ceiling, it won’t close it entirely.

When your architecture is pure microservices with high-frequency inter-service communication at the core. Laravel is excellent for individual services in a microservices mesh, but is not optimised for extreme-throughput gRPC communication or complex event-sourcing at the infrastructure level.

When your organisation has a mandated technology list. Some enterprises run approved stacks for regulatory or vendor support reasons. If PHP/Laravel isn’t on the list, framework quality is irrelevant.

Acknowledging these limitations directly is what separates an honest technical evaluation from marketing. It also builds more trust with sceptical stakeholders than a list of capabilities does.

How to Make the Case Internally

If you’re a Laravel technical lead trying to get enterprise sign-off, here are the arguments that actually move the conversation:

Objection	The Response
On cost	A senior Laravel developer commands $90–130k in the US. A comparable Java Spring Boot engineer is $120–160k. PHP/Laravel talent availability is significantly higher globally. For a 5-engineer team, the salary delta alone is $150–200k annually before accounting for reduced time-to-market.
On velocity	Laravel’s convention-over-configuration approach means new engineers become productive in days, not weeks. Teams consistently ship 30–40% faster on Laravel compared to more verbose enterprise frameworks.
On risk	Laravel 13 has LTS support. Spatie — the largest Laravel package organisation — maintains packages used by hundreds of thousands of production applications. The framework has been in continuous active development since 2011.
On performance	Lead with the Ghost case study: 14 million monthly requests, one engineer. Then bring up Disney and Twitch. The burden of proof belongs with the “Laravel doesn’t scale” claim, not with you.
On security & compliance	Laravel Cloud is SOC 2 Type II certified. Laravel Private Cloud adds PCI-DSS, isolated VPCs, private networking, and SSO/SAML. The framework patches critical vulnerabilities fast — the security changelog transparency is itself an enterprise-positive signal.
On infrastructure	Laravel Private Cloud delivers dedicated infrastructure with zero shared resources — the same isolation guarantee your security team demands from AWS or Azure private deployments, with Laravel-native tooling and one-minute deploys.

Filling the Gaps Competitors Miss

After reviewing the top five ranking posts on “laravel enterprise,” the pattern is clear: they all cover the same security bullet points, the same company name drops, and the same generic scalability claims. None of them give you a decision framework. None of them cover compliance for specific markets. None of them tell you when not to use the framework. And none of them have updated for Laravel Private Cloud.

Those are exactly the sections a CTO reading this at 11pm needs not reassurance, but architecture guidance and honest tradeoffs they can take into a board conversation or a procurement review.

The evidence in 2026 is strong. Laravel powers serious applications at serious scale, in regulated industries, in markets with strict compliance requirements. The companies that run it well made deliberate architectural choices queue-driven background processing, Redis caching strategy, modular domain boundaries, horizontal scaling plan. The framework enables the velocity. The architecture enables the scale. And now the platform enables the compliance.

LaraCopilot for Enterprise Prototyping

One pattern enterprise Laravel teams are adopting in 2026: using AI-assisted building to prototype and validate architecture decisions before committing full engineering resources.

Before a team of five engineers spends eight weeks building a modular monolith for a new internal tool, a technical lead can use LaraCopilot to generate a working Laravel prototype — authentication, role-based access, database schema, API endpoints in hours. That prototype becomes the architectural reference point for the full build. Edge cases surface early. Stakeholders see working software instead of a specification document.

LaraCopilot generates enterprise-pattern code by default: service layers, event-driven architecture, queue-driven background processing, proper access control. The prototype starts with the right foundation, not scaffolding you’ll rip out later.

For teams targeting Laravel Private Cloud deployments, LaraCopilot’s generated apps follow the Laravel conventions that deploy cleanly to Private Cloud environments giving you a validated prototype ready for enterprise infrastructure from day one.

Try Enterprise-Grade AI →

Laravel Sanctum vs Passport 2026: Which Auth to Use?

Posted on April 27, 2026June 1, 2026 by Dhaval Joshi

Laravel has four first-party authentication packages. The documentation covers what each one does. What it doesn’t tell you clearly, at least is when to use each one and why the others would be wrong for that situation.

If you’ve spent time flipping between the Sanctum docs and the Passport docs trying to figure out which one your app actually needs, this is the post that should have existed from the beginning.

Short Answer

What you’re building	Use this
SPA (React, Vue, Next.js) talking to a Laravel API	Sanctum (cookie auth)
Mobile app consuming a Laravel API	Sanctum (API tokens)
Internal tool, admin panel, simple web app	Breeze or Fortify + session auth
Public API for third-party developers	Passport (full OAuth 2.0)
Your app needs to act as an OAuth provider (Login with YourApp)	Passport
B2B SaaS where other companies need to connect programmatically	Passport

Most apps: Sanctum. Apps that need OAuth: Passport. UI-only apps: Breeze. That’s 80% of the decision. The rest of this post is for the 20% where it’s less obvious.

Full Picture: Four Packages, Four Purposes

The confusion happens because the names don’t explain the purpose clearly. Here’s the one-line version of each:

Sanctum — Lightweight token and cookie auth for your own front-end clients
Passport — Full OAuth 2.0 server for third-party API consumers
Fortify — Headless auth backend (login, register, 2FA, email verify) — no UI
Breeze — Scaffolded auth UI (Blade, Vue, React starter kit) built on Fortify

Fortify and Breeze handle traditional session-based authentication for web apps. Sanctum and Passport handle API authentication. That’s the first split.

Within API auth, the choice between Sanctum and Passport comes down to one question: are you building auth for your own front-end, or for third-party developers?

Laravel Sanctum: What It Actually Does

Sanctum is the right default for most Laravel APIs in 2026. Here’s why.

It handles two distinct authentication scenarios and it’s worth understanding both because they use different mechanisms.

Sanctum: SPA Authentication (Cookie-based)

When your SPA (React, Vue, Nuxt, Next.js) is served from the same top-level domain as your Laravel API, Sanctum uses standard session cookies. Your SPA calls /sanctum/csrf-cookie to initialize the CSRF token, then authenticates with /login. From that point on, the session cookie handles all subsequent requests, the same way a traditional web app works.

This is significant because cookie-based auth with CSRF protection is more secure than storing a token in localStorage. There’s no bearer token to steal via XSS. The session lives in an HttpOnly cookie that JavaScript can’t touch.

The practical requirement: your SPA and your API need to share a top-level domain. app.yoursite.com + api.yoursite.com works. yoursite.com + different-backend.com doesn’t.

Sanctum: API Token Authentication

For mobile apps, CLI tools, or any client that can’t use cookies, Sanctum provides API tokens. A user authenticates once and receives a token. That token is stored on the client and sent as a bearer token on every subsequent request.

Sanctum tokens are intentionally simple compared to OAuth. There are no refresh tokens, no token expiry by default (though you can configure it), no authorization scopes per-client. A token either works or it doesn’t.

This simplicity is the point. If you’re building a mobile app that authenticates as a specific user and needs to call your API, Sanctum handles this with almost no overhead.

What Sanctum doesn’t do

Sanctum has no concept of OAuth clients, authorization flows, or delegated access. It can’t generate “login with YourApp” flows. It can’t issue scoped tokens to third-party developers who want to build on top of your platform. It doesn’t support authorization code flows, client credentials flows, or any other OAuth grant type.

For all of that, you need Passport.

Laravel Passport: What It Actually Does

Passport is a full OAuth 2.0 authorization server implementation for Laravel. That sentence matters: it’s an authorization server, not just an auth library. When you install Passport, your Laravel app becomes capable of acting as an OAuth provider, the way GitHub, Google, or Stripe act as OAuth providers.

What OAuth 2.0 actually means in practice

OAuth 2.0 is a protocol for delegated authorization. It lets a user grant a third-party application limited access to your API on their behalf, without giving that application the user’s credentials.

When you build with Passport, you can:

Issue authorization codes to third-party developers
Manage OAuth clients (applications registered to use your API)
Define scopes that limit what a token can access
Support multiple grant types: authorization code, client credentials, password, implicit
Issue refresh tokens for long-lived access
Build a “Login with YourApp” flow that other apps can implement

This is powerful infrastructure. It’s also infrastructure most apps don’t need.

When Passport is actually the right choice

You’re building a public API platform. If developers outside your company will be building applications that connect to your API, you need OAuth. Personal access tokens from Sanctum are for your own front-ends. OAuth clients are for everyone else’s.

Your app needs to be an OAuth provider. If you want other apps to offer “Login with YourApp” or “Connect YourApp Account” like Slack’s OAuth login, Stripe Connect, or Shopify’s Partner API — that’s Passport.

B2B integrations that require scoped, auditable access. If companies will be connecting their systems to your API and you need to manage which client has which permissions, revoke access per-client, and audit API usage by OAuth client, Passport gives you that infrastructure.

Machine-to-machine auth (client credentials flow). If you have separate services that need to talk to your API without a human user in the loop, Passport’s client credentials grant handles this cleanly.

What Passport costs you

Passport is heavier than Sanctum. It requires more infrastructure (it creates several database tables for clients, tokens, and auth codes), has more configuration surface area, and takes longer to understand and set up correctly.

The bigger cost is conceptual overhead. OAuth 2.0 has real complexity — grant types, scopes, token introspection, refresh flows. If your team doesn’t need OAuth and you install Passport because it seemed more “complete,” you’re carrying that complexity with no benefit.

Fortify and Breeze: Where They Fit

Since these come up in every auth discussion, here’s where they actually live in the stack.

Fortify is a headless authentication backend. It implements login, registration, password reset, email verification, and two-factor authentication but it has no UI. It’s designed to be the auth engine that Breeze and other front-end starters are built on top of. You’d use Fortify directly if you’re building a custom UI and want the backend auth logic handled without opinions on your front-end.

Breeze is a starter kit — authentication scaffolding with a UI included. It comes in Blade, Livewire, Vue (Inertia), and React (Inertia) flavors. If you’re building a traditional web app and want a working login/register/reset flow out of the box, Breeze is the fastest starting point. It uses session-based auth, which is exactly right for browser-rendered applications.

Neither Fortify nor Breeze is an API authentication solution. They’re session-based web authentication. For API auth, you’re back to choosing between Sanctum and Passport.

Decision Tree

Work through this when you’re making the call:

Is any part of your app a traditional web app with Blade views (not an SPA)?

Yes → Use Breeze (if you want scaffolded UI) or Fortify (if you’re building your own UI). These handle session auth for you.

No, it’s all API → Continue.

Will third-party developers outside your company be consuming your API, or will your app act as an OAuth provider?

Yes → Passport

No → Sanctum

Within Sanctum, which authentication method?

Is your front-end a SPA on the same top-level domain as your API?

Yes → Use Sanctum’s cookie-based SPA auth

No (mobile app, CLI, external client) → Use Sanctum’s API tokens

If you get to the end and you’re still unsure: use Sanctum. You can always migrate to Passport later if you need OAuth. Going from Sanctum to Passport is an additive change. The reverse stripping out Passport because you realized you didn’t need it is more painful.

Common Scenarios, Definitive Answers

“I’m building a React SPA backed by a Laravel API.”

Sanctum, cookie auth. Your React app and Laravel API should share a domain (or subdomain). Run through the CSRF init flow, use /login to authenticate, and every subsequent API call uses the session cookie. No tokens on the client.

“I’m building a mobile app (iOS/Android) that needs to call a Laravel API.”

Sanctum, API tokens. Mobile apps can’t use cookie-based session auth properly. Issue a token on login, store it securely in the native keychain, send it as a bearer token on API calls.

“I’m building a SaaS and want to let customers connect our product to their other tools (Zapier, Slack, custom integrations).”

Passport. You need OAuth clients, scopes, and the authorization code flow so third-party tools can request access on behalf of your users.

“I’m building an internal tool for our company — no external API access.”

Breeze or Fortify with session auth. You don’t need API token auth at all. Sessions are simpler, more secure for web apps, and require no client-side token management.

“I’m building a B2B SaaS where enterprise customers want to integrate with us via API.”

Passport, specifically the client credentials flow for machine-to-machine, and the authorization code flow for user-delegated access. You’ll want to define scopes so customers can limit what their API keys can do.

“I just need API auth and I’m not sure what the front-end will look like yet.”

Sanctum with API tokens. It’s simple to set up, easy to test, and you can layer in cookie auth for an SPA later or switch to Passport if you end up needing OAuth. Don’t install Passport speculatively.

Note on Token Security

One thing the docs underemphasize: how you store and transmit tokens matters as much as which package you use.

Never store API tokens in localStorage. XSS vulnerabilities can steal localStorage contents. A stolen Sanctum API token is just as bad as a stolen password. If you’re building an SPA, use Sanctum’s cookie auth, the session is stored in an HttpOnly cookie that JavaScript can’t read.

For mobile apps, use the platform keychain. iOS Keychain and Android Keystore are designed for this. Don’t store tokens in shared preferences or local files.

Scope Passport tokens appropriately. If you’re using Passport, define narrow scopes and grant clients only what they need. A token that can do everything is a bigger blast radius if it’s compromised.

Set token expiration. Sanctum tokens don’t expire by default. For production APIs, add expiration via the expiration config. For Passport, set appropriate token lifetimes for your use case — short-lived access tokens with longer-lived refresh tokens is the standard pattern.

How LaraCopilot Handles Auth

One of the things developers consistently get wrong when setting up new Laravel projects is choosing and wiring auth before they’ve fully defined what they’re building. You end up installing Passport, then realizing you don’t need OAuth, then ripping it out.

LaraCopilot generates auth scaffolding based on what you’re building, not as a separate step. Describe your app, “a SaaS with a React front-end and a mobile companion app” and it wires Sanctum for both the cookie-based SPA auth and the mobile API token auth. Describe a platform API that external developers will consume and it scaffolds Passport with sensible defaults.

The generated code follows current Laravel best practices for whichever auth package is appropriate. You’re not starting from scratch or copy-pasting documentation examples, you get a working foundation you can immediately build on.

Read more about generating a full-stack Laravel app with auth already configured: Generate a Laravel Full-Stack App with AI

Ready to Code Smarter with Laravel?

Meet LaraCopilot — your AI full-stack assistant built for Laravel developers.
Skip the boilerplate, build faster, and focus on what matters: problem solving.

Try LaraCopilot Now

Bottom Line

The mental model that makes this click: Sanctum is for auth between your app and your own clients. Passport is for auth between your app and everyone else’s clients.

If you’re building a web app, SPA, or mobile app that talks to your own Laravel backend, Sanctum handles it and it handles it more simply and securely than Passport for that use case.

If you’re building infrastructure that other developers or companies will connect to, that’s an OAuth problem, and Passport is the right tool.

Don’t install Passport because it sounds more enterprise or more complete. Install it because you need an OAuth authorization server. That’s what it’s for.

Generate Auth Setup →

Laravel Filament AI: Generate Admin Panels in Minutes

Posted on April 24, 2026 by Dhaval Joshi

You know Filament is the best admin panel framework for Laravel. But you’re still hand-writing every Resource, Form, Table, and Filter. There’s a faster way and it ships today.

Why Filament became the go-to Laravel admin

If you’ve built more than two Laravel applications in the last couple of years, you’ve almost certainly landed on Filament. It’s the admin panel framework that finally got everything right: beautiful UI out of the box, a component system that’s actually pleasant to use, first-class Livewire integration, and an ecosystem of plugins that covers nearly every use case.

As of 2026, Filament has crossed 30,000+ GitHub stars and is regularly the most-recommended answer whenever someone asks “what’s the best Laravel admin panel?” on Reddit, Laracasts, or Twitter/X. There’s a reason for that.

**30k+**GitHub stars
#1 Laravel admin panel
**856+**community plugins
v3current stable version

Filament v3 took everything good about v2 and made it dramatically more composable. You can now build multi-panel apps, use standalone components outside admin contexts, and the make:filament-resource command generates a clean starting point in seconds.

But here’s the thing: “a clean starting point” is still just that — a starting point.

Repetition problem every Laravel freelancer hits

Let’s be honest about what building an admin panel with Filament actually looks like in practice. You’ve got a Product model with 15 fillable fields. You run:

php artisan make:filament-resource Product --generate

Filament scaffolds a resource file. Great! Except now you need to:

Go into the form() method and configure each field — decide between TextInput, Select, Toggle, RichEditor, FileUpload, etc.
Set validation rules on each form field
Go into the table() method and pick which columns to display, set sortable/searchable flags, add badges for status fields
Wire up relationships — BelongsTo dropdowns, HasMany repeaters
Add filters — SelectFilter, TernaryFilter, date ranges
Configure bulk actions, row actions, and header actions
Do this for every single model in your project

On a medium Laravel project, say 12–15 Eloquent models — this manual CRUD setup easily consumes two to three full days of dev time. Days you’d rather spend on the actual custom logic that makes your client’s app unique.

“I love Filament. I hate that I spend 40% of my project time doing mechanical setup that any halfway-decent AI should be able to do for me.”

— Common sentiment in the Filament Discord

This is the problem. And it has a solution now.

Where Laravel Filament AI enters the picture

The idea of Laravel Filament AI generation isn’t just about writing less code, it’s about eliminating the entire mechanical translation layer between “I have this database schema / model” and “I have a fully working Filament resource.”

Modern AI models understand Laravel’s conventions deeply enough to make smart decisions: they know that a status column with an enum cast should probably be a Select with a Badge column in the table. They know a body text field should default to a RichEditor. They know a user_id foreign key should generate a Select::make('user_id')->relationship('user', 'name').

That contextual understanding is what makes AI-generated Filament resources genuinely useful — not just syntactically correct boilerplate, but semantically appropriate code that you’d actually write yourself.

→ The key insight: You’re not replacing Filament with AI. You’re using AI to instantly generate the Filament code that would take you hours to write by hand then you edit the 20% that needs customization.

How LaraCopilot generates Filament resources

LaraCopilot is a Laravel vibe coding AI tool which is also Laravel admin generator. Instead of generic code generation, it’s trained specifically on Filament v3 patterns, community best practices, and real-world resource structures.

Here’s what it takes as input:

Your Eloquent model (paste the class or provide the model name)
Your migration file or a description of your database schema
Optional: any specific UI preferences (e.g., “use tabs for the form”, “add soft delete actions”)

And here’s what it generates:

A complete XxxResource.php with form() and table() fully configured
Appropriate field types based on column names, types, and cast inference
Relationship fields wired up using your model’s defined relations
Table columns, sortable/searchable flags, and status badges where applicable
Filters including date ranges and relationship filters
Standard actions: view, edit, delete, bulk delete with soft delete support if detected
Optional: separate CreateXxx and EditXxx page classes if you prefer that structure

The whole generation runs in under 10 seconds. You get clean, readable, production-grade Filament code not an unreadable soup of auto-generated spaghetti.

Step-by-step: from schema to working admin panel

Paste your model or migration into LaraCopilot Head to LaraCopilot and paste your Eloquent model. The generator reads your $fillable, $casts, and any relationship methods you’ve defined.
Choose your generation option Select your Filament version (v3 by default), whether you want simple or full resource pages, and any UI preferences like form tabs or wizard steps for complex models.
Review and generate LaraCopilot shows you a preview of the resource structure before generating. You can tweak field types, reorder columns, or exclude fields you don’t want in the admin.
Copy the output into your project Drop the generated file into app/Filament/Resources/. It works immediately. Run your app and the resource appears in your Filament panel navigation.
Customize the 20% that’s unique to your project Add custom business logic, tweak validation, adjust layout — the generated code is clean and readable, so customization is fast.

Real code output examples

Let’s make this concrete. Here’s a simple Product model:

class Product extends Model
{
    use HasFactory, SoftDeletes;

    protected $fillable = [
        'name', 'slug', 'description', 'price',
        'status', 'category_id', 'is_featured', 'published_at'
    ];

    protected $casts = [
        'price'        => 'decimal:2',
        'is_featured'  => 'boolean',
        'published_at' => 'datetime',
        'status'       => ProductStatus::class,
    ];

    public function category(): BelongsTo
    {
        return $this->belongsTo(Category::class);
    }
}

LaraCopilot generates this Filament resource:

public static function form(Form $form): Form
{
    return $form->schema([
        Section::make('Product details')->schema([
            TextInput::make('name')
                ->required()
                ->maxLength(255)
                ->live(onBlur: true)
                ->afterStateUpdated(fn (Set $set, $state) =>
                    $set('slug', Str::slug($state))
                ),
            TextInput::make('slug')
                ->required()
                ->unique(ignoreRecord: true),
            RichEditor::make('description')
                ->columnSpanFull(),
        ])->columns(2),

        Section::make('Pricing & status')->schema([
            TextInput::make('price')
                ->numeric()
                ->prefix('$')
                ->required(),
            Select::make('status')
                ->options(ProductStatus::class)
                ->required(),
            Select::make('category_id')
                ->relationship('category', 'name')
                ->searchable()
                ->preload(),
            Toggle::make('is_featured'),
            DateTimePicker::make('published_at'),
        ])->columns(2),
    ]);
}

public static function table(Table $table): Table
{
    return $table
        ->columns([
            TextColumn::make('name')->searchable()->sortable(),
            TextColumn::make('category.name')->badge()->sortable(),
            TextColumn::make('price')->money('USD')->sortable(),
            BadgeColumn::make('status')
                ->colors([
                    'success' => ProductStatus::Active,
                    'warning' => ProductStatus::Draft,
                    'danger'  => ProductStatus::Archived,
                ]),
            IconColumn::make('is_featured')->boolean(),
            TextColumn::make('published_at')->dateTime()->sortable(),
        ])
        ->filters([
            SelectFilter::make('status')->options(ProductStatus::class),
            SelectFilter::make('category')->relationship('category', 'name'),
            TernaryFilter::make('is_featured'),
            Filter::make('published_at')->form([
                DatePicker::make('published_from'),
                DatePicker::make('published_until'),
            ]),
            TrashedFilter::make(), // detected SoftDeletes
        ])
        ->actions([...])
        ->bulkActions([...]);
}

✦Notice the auto-slug generation wired to the name field, the TrashedFilter automatically added because SoftDeletes was detected on the model, and the enum-aware BadgeColumn colors. This is not generic scaffolding, it’s contextually appropriate Filament code.

Manual vs AI-generated: time comparison

Here’s a realistic time breakdown for building out a Laravel admin with 10 models, comparing a fully manual Filament approach versus using LaraCopilot as your filament admin builder:

Task	Manual Filament	LaraCopilot + Filament
Generate resource files (10 models)	10 min (artisan)	2 min
Configure form fields	~4 hours	~20 min review + tweak
Configure table columns + sorting	~2 hours	~10 min
Add filters	~1.5 hours	~10 min
Wire up relationships	~2 hours	~15 min
Custom business logic	~3 hours	~3 hours (same)
Total	~12.5 hours	~4 hours

That’s roughly 3x faster on the admin panel setup alone — time you can reinvest in the features that actually differentiate your client’s product, or use to take on an additional project.

For Laravel freelancers billing hourly, this is a direct profit multiplier. For those on fixed-price projects, it’s the difference between a healthy margin and a project that barely breaks even.

Who this is for (and who it isn’t)

This is a strong fit if you’re a Laravel freelancer who:

Builds client projects with content-heavy backends (blogs, ecommerce, SaaS dashboards, CRMs)
Regularly uses Filament and knows the framework well enough to review generated code
Finds yourself spending 30–40% of project time on repetitive admin CRUD setup
Works across multiple simultaneous projects and needs to move fast without sacrificing code quality

It’s less useful if:

You’re building a highly unconventional admin with very custom UI that doesn’t follow standard resource patterns
Your project has fewer than 4–5 Filament resources (the time savings are smaller)
You’re completely new to Filament and won’t be able to review or understand the generated code

→ The generator works best for developers who know Filament well, it accelerates experts, it doesn’t replace the need to understand what’s being generated.

If you’re newer to Filament, the LaraCopilot getting started guide walks you through reading and understanding the generated output before you start customizing it.

Ready to Code Smarter with Laravel?

Meet LaraCopilot — your AI full-stack assistant built for Laravel developers.
Skip the boilerplate, build faster, and focus on what matters: problem solving.

Try LaraCopilot Now

Stop writing Filament boilerplate by hand.

Paste your model. Get a production-ready Filament resource in under 10 seconds.

No credit card required for your first three resources.

Generate Admin Panel in Plain English with AI →

Laravel Testing with AI: Write Pest and PHPUnit Fast

Posted on April 19, 2026 by Dhaval Joshi

Everyone agrees testing is important.

Most teams still don’t do it properly.

Not because they don’t understand it.

But because it slows everything down.

You finish building a feature. It works. You move on.

Tests become “something we’ll add later.”

And later rarely comes.

Why do Laravel developers skip writing tests?

It’s not a knowledge problem.

Laravel makes testing approachable. Pest and PHPUnit are well-documented. The tooling is solid.

But the process still feels heavy.

You have to think through scenarios, write setup code, structure assertions, and repeat that for every feature. It’s not difficult work, but it’s time-consuming.

And when deadlines are tight, testing is the first thing that gets cut.

What actually goes into writing proper Laravel tests?

A good test suite is more than just checking if something works.

You need to cover:

expected behavior

edge cases

validation failures

authorization rules

You also need proper setup, factories, and consistent structure.

That means every test file follows a pattern.

And that pattern repeats across your codebase.

Why does writing tests feel slower than writing features?

Because it’s not part of your natural flow.

When you build a feature, you’re solving a problem.

When you write tests, you’re rethinking that same problem from different angles.

You’re duplicating context.

And that’s where friction comes in.

Even experienced developers feel it.

What does the manual testing workflow look like?

You write a controller or service.

Then you switch context.

You create a test file.

Set up data using factories.

Write assertions.

Handle edge cases.

Then repeat for the next feature.

The code quality improves.

But the process slows down.

How can AI help generate Laravel tests?

This is where the shift is happening.

Instead of writing tests from scratch, you generate them based on your existing code.

Your controllers.

Your validation rules.

Your logic.

AI understands the structure and creates test cases around it.

Not just happy paths.

But failure scenarios too.

What changes when tests are generated instead of written manually?

The biggest change is momentum.

You don’t stop to write tests.

You continue building.

And tests are created alongside your code.

That removes the biggest barrier.

Not complexity.

But interruption.

How does this work with Pest and PHPUnit?

The output isn’t abstract.

You still get real Laravel tests.

Pest syntax or PHPUnit structure, depending on your setup.

With:

proper test cases

clear assertions

readable structure

Which means your team doesn’t need to learn anything new.

They just review and refine.

Does AI-generated testing reduce code quality?

That’s the usual concern.

But in practice, it often improves consistency.

Because the structure is standardized.

Assertions follow patterns.

Edge cases are less likely to be missed.

Test coverage becomes more uniform.

You still review.

You still think.

But you don’t start from zero.

Where does LaraCopilot fit into this workflow?

LaraCopilot doesn’t treat testing as a separate step.

It generates tests alongside features.

When you build something, the corresponding tests are created in the same flow.

That means:

no context switching

no “we’ll write tests later”

no missing coverage

Everything stays aligned.

How does this change team behavior?

This is the real impact.

Testing stops being optional.

Because it’s no longer slow.

Teams that used to skip tests start including them by default. Not because they changed their mindset, but because the friction is gone.

And once tests are part of the workflow, quality improves naturally.

What does this look like in a real Laravel project?

You implement a feature.

Instead of opening a new file and starting from scratch, you already have a test suite generated for that feature.

You review it.

Adjust edge cases if needed.

Run it.

And move on.

The process feels continuous.

Not interrupted.

Why is AI-driven testing becoming standard in 2026?

Because expectations have changed.

Teams are expected to move faster.

Ship more frequently.

Maintain quality at scale.

Manual testing doesn’t keep up with that pace.

AI-assisted testing does.

Ready to Code Smarter with Laravel?

Meet LaraCopilot — your AI full-stack assistant built for Laravel developers.
Skip the boilerplate, build faster, and focus on what matters: problem solving.

Try LaraCopilot Now

How to generate Laravel tests with AI

The workflow is straightforward.

You build your feature.

You generate tests based on that code.

You refine and run them.

If you want to see how this fits into a broader system, this guide explains how teams approach AI test generation in 2026.

Should you use Pest or PHPUnit for Laravel testing?

Most Laravel teams end up choosing between Pest and PHPUnit.

Not because one is strictly better.

But because they change how testing feels.

PHPUnit has been around longer.

It’s structured, explicit, and widely used across PHP projects. If you’ve worked in larger teams or enterprise environments, you’ve likely used it already. It gives you full control and follows a more traditional testing approach.

But that structure comes with verbosity.

You write more code.

You define more setup.

And over time, test files can become harder to read.

Pest takes a different approach.

It builds on top of PHPUnit but simplifies how tests are written. The syntax is cleaner, more expressive, and easier to scan. You spend less time writing boilerplate and more time describing behavior.

That’s why many Laravel developers prefer it.

It feels lighter.

In practice, both do the same job.

They run tests.

They validate behavior.

They integrate with Laravel seamlessly.

The difference is not capability.

It’s experience.

Where AI changes the equation

This is where things get interesting.

When tests are generated using AI, the choice between Pest and PHPUnit becomes less about effort and more about preference.

Because the repetitive part is removed.

You’re not writing test structure manually.

You’re reviewing and refining it.

With LaraCopilot, you can generate tests in either format.

Pest if you prefer readability.

PHPUnit if you prefer structure.

The output follows Laravel conventions, so your team can adopt it without friction.

What should you choose?

If your team values readability and faster writing, Pest is usually the better fit.

If you’re working in environments where PHPUnit is already standard, it makes sense to stay consistent.

Either way, the real shift is not the framework.

It’s how the tests are created.

What does a clean Laravel testing architecture look like?

A well-structured test setup in Laravel isn’t just about writing assertions.

It follows a clear flow.

From request to verification, each layer plays a role in ensuring your application behaves correctly.

When a test runs, it doesn’t directly check the database or a single function.

It simulates real behavior.

The flow looks like this

A test starts by preparing data.

Factories or seeders create the required state. This ensures your test environment mirrors real usage.

Then the test triggers an action.

It might hit an API endpoint, call a controller, or execute a service method.

From there, your application processes the request just like it would in production.

Validation runs.

Business logic executes.

Data is stored or retrieved.

Finally, the test makes assertions.

It verifies:

the response

the database state

the expected side effects

Where different types of tests fit

Feature tests operate at a higher level.

They simulate full application flows. Requests, responses, and database interactions all work together. These tests give you confidence that your system behaves correctly end-to-end.

Unit tests focus on smaller pieces.

They isolate logic. A service method, a helper function, or a specific calculation. They run faster and help you validate core logic independently.

Both are important.

They solve different problems.

Why structure matters in testing

Without a clear structure, test suites become fragile.

Tests depend on each other.

Data setup becomes inconsistent.

Failures become harder to debug.

Over time, teams start ignoring tests instead of trusting them.

A well-structured architecture avoids that.

It keeps tests predictable, isolated, and reliable.

Where AI-generated tests fit into this

When tests are generated instead of written manually, this structure is created by default.

Factories are included.

Assertions follow consistent patterns.

Feature and unit tests are separated properly.

You’re not just saving time.

You’re starting with a better testing foundation.

Ready to Code Smarter with Laravel?

Meet LaraCopilot — your AI full-stack assistant built for Laravel developers.
Skip the boilerplate, build faster, and focus on what matters: problem solving.

Try LaraCopilot Now

Closing!

Testing isn’t the problem.

The friction around testing is.

Remove that friction, and teams don’t skip tests.

They rely on them.

Generate Tests with AI →

If you want to write tests without slowing down development:

Generate Laravel tests with LaraCopilot.

Laravel API Generator: From Database Schema to REST

Posted on April 18, 2026 by Sahil Darji

You start with a database schema.

A few tables.

Some relationships.

Clear business logic.

And then comes the repetitive part.

Controllers.

Form requests.

Validation.

Resources.

Pagination.

Error handling.

Every time.

It’s not hard work.

But it’s the same work.

And it adds up.

Why does building Laravel REST APIs feel repetitive?

Because most of the work isn’t unique.

You’re not solving new problems.

You’re reimplementing patterns you’ve already written dozens of times.

Every model needs:

a controller

validation rules

API responses

basic CRUD logic

And even though Laravel makes it clean, it doesn’t make it faster.

You still write everything manually.

What actually goes into building a proper Laravel API?

It’s more than just a controller.

A production-ready API includes:

validation through form requests

structured responses using resources

consistent error handling

pagination for lists

authorization where needed

And ideally, tests to ensure everything works.

None of this is optional.

But all of it is repetitive.

Why does this slow down even experienced Laravel developers?

Because repetition consumes focus.

You don’t notice it on the first endpoint.

But when you’re building multiple models, it compounds.

You spend hours writing code that follows the same structure.

Not because it’s complex.

But because it’s required.

And over time, that becomes the bottleneck.

What does the manual approach actually look like?

You start by creating a model.

Then you generate a controller.

Then a form request.

Then an API resource.

Then you define routes.

Then you write validation rules.

Then you handle responses.

And then you repeat it for the next model.

Everything works.

But it takes time.

And the more models you have, the more time it consumes.

How can you generate Laravel APIs instead of writing them manually?

This is where the shift is happening.

Instead of building each layer manually, you define what you need.

Your models.

Your relationships.

Your expected behavior.

And generate the API structure around it.

Controllers, validation, resources, and responses are created together.

Not one by one.

What changes when you generate APIs from a schema?

The starting point changes.

You don’t begin with empty files.

You begin with a working API.

That includes:

consistent structure

clean validation

standardized responses

From there, you refine.

Instead of building.

How does this affect development speed?

It removes the slowest part.

The repetition.

Instead of spending hours setting up each endpoint, you move directly to refining business logic.

Which means:

you ship faster

you iterate faster

you spend more time on what matters

Not on scaffolding.

How does LaraCopilot generate complete Laravel APIs?

Instead of treating API development as separate steps, LaraCopilot treats it as a single flow.

You describe your schema and intent.

It generates:

controllers with proper methods

form requests with validation

API resources for structured responses

pagination-ready endpoints

basic error handling

Everything aligned with Laravel standards.

What does a generated API include by default?

You don’t just get endpoints.

You get structure.

Validation is already defined.

Responses are consistent.

Pagination is handled.

Errors follow a standard format.

Which means your API is usable immediately.

Not just technically complete.

What about customization and control?

This is where most developers hesitate.

Generated code sounds limiting.

But in practice, it’s just a starting point.

You can modify anything.

Refactor logic.

Add custom behavior.

Change validation rules.

The difference is:

you start ahead.

How does this compare to traditional scaffolding?

Traditional scaffolding tools generate files.

But they don’t connect everything.

You still need to:

write validation

structure responses

handle edge cases

With AI-generated APIs, the pieces are already connected.

That’s what makes the difference.

When should you still build APIs manually?

Not everything needs automation.

If you’re building something highly custom or experimental, manual control can still be useful.

But for standard CRUD-based APIs, manual work adds little value.

It just slows you down.

What does a modern Laravel API architecture look like?

At a high level, every well-structured Laravel API follows a clear flow.

From request to response, each layer has a specific responsibility.

When a request hits your API, it doesn’t go directly to the database.

It flows through layers.

The request is first validated. Then it’s handled by a controller. From there, business logic is executed, data is fetched or stored, and finally, a structured response is returned.

The flow looks like this

A client sends a request to your API.

That request passes through a Form Request, where validation rules are applied. If the data is invalid, the request stops there.

If it passes validation, it reaches the Controller, which acts as the entry point. The controller doesn’t contain heavy logic. It delegates work.

From there, the request moves into the Service layer (or directly into models for simpler apps), where business logic is executed.

The Model interacts with the database, retrieving or storing data.

Finally, the result is passed through an API Resource, which transforms the data into a consistent response format before sending it back to the client.

Why this structure matters

Without this separation, APIs quickly become messy.

Controllers grow too large.

Validation becomes inconsistent.

Responses vary across endpoints.

Over time, that leads to bugs, confusion, and slower development.

With a clean structure:

You know where logic belongs.

You can scale features without breaking things.

And your API remains predictable for both developers and consumers.

Where API generators fit into this

When you generate APIs instead of writing everything manually, this structure is created for you.

Validation is already separated.

Controllers stay clean.

Responses are consistent.

You’re not just saving time.

You’re starting with a better architecture by default.

Ready to Code Smarter with Laravel?

Meet LaraCopilot — your AI full-stack assistant built for Laravel developers.
Skip the boilerplate, build faster, and focus on what matters: problem solving.

Try LaraCopilot Now

What’s the difference between manual and AI-generated API architecture?

At a glance, both approaches produce a working API.

But how you get there and what you end up maintaining is very different.

When you build APIs manually, you move step by step.

You create a controller. Then a form request. Then a resource. Then you connect everything. Each piece is written separately, often at different times, sometimes by different developers.

It works.

But consistency depends on discipline.

If one endpoint skips proper validation, or another returns a slightly different response format, those small inconsistencies start adding up. Over time, the codebase becomes harder to maintain.

With AI-generated APIs, the approach is different.

You don’t build layer by layer.

You define the outcome.

From there, the system generates a connected structure where validation, controllers, resources, and responses are aligned from the start.

That doesn’t mean the code is “locked.”

It just means you begin with a complete, consistent foundation.

Practical difference shows up over time

In a manual setup, the first few endpoints feel fine.

But as the number grows, so does variation.

Different developers structure things differently.

Validation rules drift.

Response formats change slightly across endpoints.

None of these are big problems individually.

But together, they slow everything down.

In an AI-generated setup, that variation is reduced.

Every endpoint starts with the same structure.

Validation is consistent.

Responses follow the same pattern.

Controllers stay focused.

You still customize where needed.

But you’re not fixing structure every time.

This is the real shift

It’s not about replacing manual work entirely.

It’s about removing the repetitive parts that don’t add value.

So instead of spending time writing the same patterns, you spend time refining logic and building features that actually matter.

What does this look like in a real project?

You define your database.

You describe your API requirements.

And within minutes, you have working endpoints.

From there, your focus shifts.

You’re no longer building infrastructure.

You’re building product behavior.

Why is this becoming the default approach in 2026?

Because expectations have changed.

Speed matters more.

Iteration matters more.

And developers don’t want to spend time on solved problems.

They want to focus on logic.

On architecture.

On outcomes.

How to generate a Laravel API in minutes

If you want to move faster without sacrificing structure, the approach is simple.

Start from your schema.

Define what your API should do.

And generate the base.

If you want to see how this fits into a full workflow, this guide shows how teams generate Laravel full stack apps with AI.

Why is LaraCopilot right fit for Laravel API generation?

At this point, the pattern is clear.

Building APIs manually works.

But it slows you down as your project grows.

Using generators helps.

But most tools still give you fragments, not a complete system.

That’s where LaraCopilot fits differently.

Instead of generating individual pieces, LaraCopilot generates the full API structure in one flow.

You don’t create controllers first and then figure out validation later.

You describe your data and intent.

And you get a working API that already includes:

consistent validation

clean controllers

structured API responses

pagination-ready endpoints

All aligned with how Laravel applications are actually built in production.

The difference shows up immediately.

You’re not stitching files together.

You’re starting with something that already works.

How does LaraCopilot actually help in real projects?

The biggest benefit is not just speed.

It’s consistency.

When your API structure is generated as a system, everything follows the same pattern. Validation doesn’t drift. Response formats stay predictable. Controllers don’t become overloaded.

That reduces the kind of problems that usually appear later.

It also changes how your team spends time.

Instead of writing repetitive scaffolding, you focus on:

business logic

edge cases

real product behavior

The parts that actually matter.

And because the output follows Laravel standards, you’re not locked into anything.

You can modify, extend, or refactor as needed.

You’re still in control.

You’re just starting ahead.

What does this mean for your workflow?

Instead of spending the first few days building API structure, you move directly into building features.

Your feedback loop becomes shorter.

Your delivery becomes faster.

And your API remains clean as it grows.

That’s the real value.

Not just generating code.

But removing the friction that slows down development.

Ready to Code Smarter with Laravel?

Meet LaraCopilot — your AI full-stack assistant built for Laravel developers.
Skip the boilerplate, build faster, and focus on what matters: problem solving.

Try LaraCopilot Now

Wrap-up!

Building APIs is necessary.

But writing the same patterns again and again isn’t.

The shift is not about avoiding code.

It’s about avoiding repetition.

And focusing on what actually moves your product forward.

Generate API in Minutes →

If you want to skip repetitive setup and start with a working API:

Generate your Laravel API with LaraCopilot.

Laravel 13 AI SDK: Complete Getting Started Guide

Posted on April 1, 2026 by Avinash Vagh

The release of Laravel 13 in March 2026 brought one of the most highly anticipated additions to the ecosystem: the first-party Laravel AI SDK (laravel/ai). If you are a senior developer who has spent the last few years spinning up disjointed Python microservices or wrestling with unmaintained third-party wrappers to handle LLM interactions, this update changes everything.

While the official documentation is still catching up to the sheer scope of this release, this complete laravel ai sdk tutorial will bridge the gap. We will dive deep into the architecture, practical implementation, and advanced features of the SDK so you can start building AI-native applications directly within your Laravel monolith.

Why the Laravel AI SDK Changes the Game

Before we look at the code, it is crucial to understand the philosophy behind this laravel ai package. Taylor Otwell and the team designed the SDK around strict provider agnosticism.

You no longer need to write provider-specific API calls. The SDK offers a unified interface for OpenAI, Anthropic, Gemini, DeepSeek, Ollama, and more. Switching from GPT-4o to Claude 3.5 Sonnet is now as simple as changing an environment variable. Furthermore, it natively handles text, agents, vector searches, and multimodal generation (images, audio) using the expressive Laravel syntax you already know.

Among all the laravel 13 features 2026 introduced, this is the one that will most significantly impact day-to-day enterprise development.

Installation and Configuration

To get started with the laravel 13 AI SDK, install the package via Composer:

composer require laravel/ai

Next, publish the configuration file and database migrations (for conversational memory and vector storage):

php artisan ai:install
php artisan migrate

Open config/ai.php. Here, you can define your default providers, configure custom base URLs (essential if you are routing through enterprise gateways like Azure or LiteLLM), and set up automatic failover mechanisms.

// config/ai.php
'default' => env('AI_PROVIDER', 'openai'),

'providers' => [
    'openai' => [
        'driver' => 'openai',
        'key' => env('OPENAI_API_KEY'),
        'fallback' => 'anthropic', // Automatic failover if OpenAI is down
    ],
    'anthropic' => [
        'driver' => 'anthropic',
        'key' => env('ANTHROPIC_API_KEY'),
    ],
],

Core Concept 1: The Agent Architecture

In Laravel 13, AI interactions are encapsulated within “Agents.” Think of an Agent as a controller for your LLM logic. It holds the system prompts, memory configurations, available tools, and expected output schemas.

You can generate a new agent using Artisan:

php artisan make:agent SupportAssistant

This generates a dedicated PHP class in the app/Ai/Agents directory. Let’s build a practical example: a support agent that analyzes customer transcripts.

namespace App\\Ai\\Agents;

use Laravel\\Ai\\Agent;
use Laravel\\Ai\\Contracts\\Promptable;

class SupportAssistant extends Agent implements Promptable
{
    /**
     * Define the system instructions for this agent.
     */
    public function instructions(): string
    {
        return 'You are an expert customer support analyst. Analyze the provided text and extract key frustrations.';
    }
}

Calling this agent in your application is fluent and straightforward:

use App\\Ai\\Agents\\SupportAssistant;

$transcript = "I've been trying to reset my password for three days and the email never arrives!";

$response = SupportAssistant::make()->prompt($transcript);

echo $response->text();

Implementing Conversational Memory

LLMs are inherently stateless. To build a functional chatbot, you must manage chat history. The Laravel 13 AI SDK automates this entirely via the RemembersConversations trait.

use Laravel\\Ai\\Traits\\RemembersConversations;

class SupportAssistant extends Agent implements Promptable
{
    use RemembersConversations;

    protected int $memoryLimit = 10; // Retain the last 10 messages
}

When you use this trait, Laravel automatically persists the conversation to your database (using the published ai_messages table) and seamlessly injects the context window into the payload before making the API request.

Core Concept 2: Tools and Structured Output

Enterprise applications rarely rely on raw text generation alone. You need the AI to interact with your system and return predictable data structures.

Function Calling (Tools)

You can bind custom PHP classes as tools that the LLM can execute mid-thought.

namespace App\\Ai\\Tools;

class CheckOrderSetup
{
    public string $description = 'Check the shipping status of an order ID.';

    public function handle(string $orderId): string
    {
        $status = \\App\\Models\\Order::find($orderId)->status;
        return "The status for order {$orderId} is {$status}.";
    }
}

Attach it to your agent:

class SupportAssistant extends Agent implements HasTools
{
    public function tools(): array
    {
        return [
            new CheckOrderSetup(),
        ];
    }
}

The SDK handles the complex handshake: the LLM requests the tool, Laravel executes the PHP method, and Laravel feeds the result back to the LLM automatically.

Structured Output

Stop parsing markdown blocks to find JSON. Use the HasStructuredOutput interface to enforce strict schema adherence.

use Laravel\\Ai\\Contracts\\HasStructuredOutput;

class SentimentAnalyzer extends Agent implements HasStructuredOutput
{
    public function schema(): array
    {
        return [
            'sentiment' => 'string (positive, negative, neutral)',
            'confidence_score' => 'float',
            'requires_human' => 'boolean',
        ];
    }
}

When you call $response->json(), you are guaranteed an associative array matching your exact schema.

Core Concept 3: Native Vector & Semantic Search

Building Retrieval-Augmented Generation (RAG) pipelines previously meant managing Pinecone, Qdrant, or Weaviate. Laravel 13 integrates vector math directly into the framework, heavily leveraging PostgreSQL’s pgvector.

Generating Embeddings

Convert strings into vector embeddings using Laravel’s fluent string helpers:

$text = 'The Laravel 13 AI SDK natively supports embeddings.';
$embeddings = Str::of($text)->toEmbeddings();

Semantic Query Builder

You can now perform semantic similarity searches directly alongside your traditional Eloquent queries.

use Illuminate\\Support\\Facades\\DB;

$relevantDocs = DB::table('knowledge_base')
    ->whereVectorSimilarTo('embedding_column', 'How do I reset my password?')
    ->limit(5)
    ->get();

Hybrid Reranking

For optimal search results, the SDK allows you to combine traditional full-text search with AI-powered reranking models (like Cohere). Fetch a broad set of results via full-text, then let the AI rank the top 10 based on deep semantic meaning:

$articles = Article::query()
    ->whereFullText('content', request('query'))
    ->limit(50)
    ->get()
    ->rerank('content', request('query'), limit: 10);

Core Concept 4: Multimodal Capabilities

The laravel 13 AI SDK extends far beyond text. It provides a beautiful API for interacting with image and audio models, seamlessly integrated with Laravel’s Storage subsystem.

Image Generation

Generate images using DALL-E 3 or Gemini Pro Vision and store them instantly:

use Laravel\\Ai\\Facades\\Image;

$image = Image::of('A minimalist workspace with a laptop displaying Laravel code.')
    ->model('dall-e-3')
    ->generate();

// Save directly to your S3 bucket or local disk
Storage::disk('s3')->put('workspaces/img-1.png', $image->stream());

Audio Transcription (Speech-to-Text)

Process uploaded audio files to extract text, perfect for accessibility features or meeting summaries:

use Laravel\\Ai\\Facades\\Audio;

$transcript = Audio::transcribe(
    request()->file('meeting_recording')->path()
);

echo $transcript->text();

Core Concept 5: Multi-Agent Workflows & Streaming

Advanced AI applications often require multiple specialized models working in tandem. Laravel 13 natively supports standard multi-agent patterns out of the box.

Parallel Execution

Need to run sentiment analysis, summarization, and entity extraction simultaneously? Use Laravel’s Concurrency facade with the AI SDK:

use Illuminate\\Support\\Facades\\Concurrency;

[$sentiment, $summary, $entities] = Concurrency::run([
    fn () => SentimentAgent::make()->prompt($text),
    fn () => SummaryAgent::make()->prompt($text),
    fn () => EntityAgent::make()->prompt($text),
]);

Streaming Responses

To prevent users from staring at a loading spinner during long inference times, you can stream responses directly to your frontend:

return SupportAssistant::make()->stream('Analyze this report...')
    ->then(function (StreamedAgentResponse $response) {
        // This closure fires when the stream completes
        // Ideal for logging total token usage to the database
        Log::info('Tokens used: ' . $response->tokenUsage()->total());
    });

Core Concept 6: Testing with FakeAi

Historically, testing AI integrations was a nightmare involving mocked HTTP clients, unpredictable assertions, and expensive API bills. Laravel 13 solves this gracefully with the FakeAi facade.

You can completely isolate your test suite from external AI providers while verifying that your application’s logic is sound.

public function test_support_agent_is_called_with_correct_data()
{
    FakeAi::shouldFake();

    // Trigger the job or controller that runs the AI logic
    $this->post('/api/analyze-ticket', [
        'transcript' => 'My server is down.'
    ]);

    // Assert the agent was utilized
    FakeAi::assertAgentPrompted(SupportAssistant::class);
    
    // You can also assert specific tools were called
    FakeAi::assertToolCalled(CheckOrderSetup::class);
}

Conclusion: Future is AI-Native

The laravel 13 AI SDK is a massive leap forward. By standardizing interactions, abstracting vector math into Eloquent, and providing first-class testing tools, Laravel has transformed from a traditional web framework into a robust, AI-native ecosystem.

You no longer need to maintain disparate technology stacks to build highly intelligent applications. Everything you need to orchestrate complex RAG pipelines and multi-agent systems is now available right at your fingertips in PHP.

To learn more about optimizing your entire workflow with these new features, check out our broader analysis of Laravel 13 updates.

Ready to Code Smarter with Laravel?

Meet LaraCopilot — your AI full-stack assistant built for Laravel developers.
Skip the boilerplate, build faster, and focus on what matters: problem solving.

Try LaraCopilot Now

Ready to accelerate your Laravel AI development?

Stop wrestling with boilerplate and start shipping intelligent features faster. Try LaraCopilot Free today and seamlessly integrate advanced AI coding assistance tailored specifically for the Laravel ecosystem.

Laravel 13: What’s New, Breaking Changes & Upgrade

Posted on March 19, 2026June 1, 2026 by Vishal Rajpurohit

Laravel 13 dropped yesterday, and we didn’t wait. 🚀

LaraCopilot now generates new projects with Laravel 13 out of the box — starting today. No upgrades. No migration hassle. No waiting for your tools to catch up. Just start building on the latest version of Laravel, instantly.

Laravel 13 dropped yesterday…

and we didn’t wait. 🚀@laracopilot now generates projects with Laravel 13 — starting today.

No upgrades.
No migration hassle.
Just start building on the latest version instantly.

This is what we’re aiming for:
zero lag between Laravel releases…
— Vishal Rajpurohit (@vishal_viitor) March 18, 2026

This is what we’ve always aimed for at LaraCopilot: zero lag between Laravel releases and real development.

But before we show you how LaraCopilot supercharges Laravel 13 development, let’s break down everything that’s new and why this release matters for your next project.

What is Laravel 13?

Laravel 13 is the latest stable release of the most popular PHP framework in the world. According to the official Laravel 13 release notes, this is a stability-first release — minimal breaking changes, a clean upgrade path, and a strong focus on AI-native tooling and developer experience improvements.

Laravel 13 is here. This update focuses on AI-native workflows, stronger defaults, and more expressive developer APIs.

If you're running Laravel 12 or higher you can run /upgrade in Laravel Boost and have your agent upgrade your app for you.
— Laravel (@laravelphp) March 17, 2026

If you’ve been following the Laravel ecosystem, this release sends a clear signal: Laravel is becoming AI-native by design. From a first-party AI SDK to semantic/vector search built into the query builder, the framework is being purpose-built for the kind of intelligent, agent-driven applications that define modern SaaS products.

As Laravel News put it: “Laravel 13 is now released. This release will require PHP 8.3 as the minimum version and will follow Laravel’s standard support cycle.”

What’s New in Laravel 13

1. PHP 8.3 is Now Required

Laravel 13 drops support for PHP 8.2 and sets PHP 8.3 as the minimum version, with support extending through PHP 8.5. This means every new Laravel 13 project is automatically on a modern, performant, and long-term-supported PHP version.

For developers starting fresh projects today, this is a non-issue. For teams upgrading existing apps, the Laravel 13 upgrade guide walks you through every breaking change and the good news is that the list is intentionally short.

2. First-Class PHP Attributes

One of the most developer-friendly additions in Laravel 13 is native PHP attribute support across the entire framework. Attributes are now available for models, jobs, controllers, notifications, queue configuration, and authorization — making your code more declarative and colocated.

Here’s what this looks like in practice:

Model attributes:

#[Table('users')]
#[Fillable('name', 'email')]
#[Hidden('password', 'remember_token')]
class User extends Model {}

Job attributes:

#[Tries(3)]
#[Backoff(60)]
#[Timeout(120)]
class ProcessOrderJob implements ShouldQueue {}

Controller attributes:

#[Middleware('auth')]
#[Authorize('view', Post::class)]
class PostController extends Controller {}

The key benefit: your existing property-based configuration still works unchanged. Attributes are fully optional — you adopt them at your own pace, or not at all. This is the kind of progressive upgrade that keeps Laravel accessible for everyone, from beginners to senior architects.

3. Laravel AI SDK is Now Stable

This is the headline feature for anyone building modern SaaS products. Laravel 13 ships the Laravel AI SDK as a first-party, stable package — giving you a unified, provider-agnostic API for:

Text generation — chat completions, summarization, classification
Tool-calling agents — AI agents that call your Laravel code as tools
Embeddings — convert text to vectors with Str::toEmbeddings()
Image generation — Image::of()->generate()
Audio synthesis — Audio::of()->generate()

The AI SDK works across providers. You write your code once and swap between OpenAI, Anthropic, or others via a single config change, no refactoring required.

This matters for how you think about product architecture: Laravel 13 gives you the runtime AI primitives. LaraCopilot gives you the AI-assisted scaffolding and code generation on top. Together, they close the loop from idea to working, AI-powered application.

4. JSON:API Resources (Built In)

Laravel 13 introduces native JSON:API resource support, giving you properly spec-compliant API responses out of the box. This means:

Resource objects with typed id and type
Relationship definitions (hasOne, hasMany)
Sparse fieldsets (?fields[post]=title,body)
Standardized links and meta blocks
Proper HTTP headers for content negotiation

For API-first teams and SaaS builders, this removes the need for third-party packages like laravel-json-api or fractal. Your generated APIs speak a standard language that every frontend framework, mobile client, and third-party integration already understands.

5. Queue Routing with `Queue::route()`

Laravel 13 adds centralized queue routing via Queue::route(), letting you define default connection and queue targets for specific job classes in a single place instead of scattering ->onQueue() and ->onConnection() calls across your codebase.

Queue::route([
    ProcessOrderJob::class => 'redis:orders',
    SendEmailJob::class => 'ses:notifications',
]);

This is especially powerful when generating queue-heavy modules with a code generation tool, because your scaffolded jobs respect a single routing map rather than hardcoded queue names embedded everywhere.

6. Semantic Search and Vector Queries

Laravel 13 adds native vector/semantic search directly into the query builder, powered by PostgreSQL + pgvector:

Post::query()
    ->whereVectorSimilarTo('embedding', $queryEmbedding)
    ->limit(10)
    ->get();

Combined with the AI SDK’s Str::toEmbeddings(), you now have a complete first-party stack for RAG (Retrieval-Augmented Generation) features — no external dependencies, no custom query hacks. This is the foundation for building semantic search, AI-powered recommendations, and knowledge-base chatbots entirely within the Laravel ecosystem.

7. `Cache::touch()`

A small but meaningful quality-of-life addition: Cache::touch() extends a cache item’s TTL without fetching or rewriting its value. Under the hood, it maps to the most efficient operation per driver — a single EXPIRE command in Redis, for example.

Cache::touch('user:session:42', now()->addHours(2));

Better performance patterns, baked in, without changing your existing cache logic.

Laravel 13 Support Timeline

Understanding the support window helps you make confident architectural decisions:

Version	Bug Fixes Until	Security Fixes Until
Laravel 13	Q3 2027	Q1 2028
Laravel 12	August 13, 2026	February 24, 2027

If you’re starting a new project today, Laravel 13 gives you nearly two years of active support and over two years of security coverage. There’s no reason to start on 12.

Upgrading from Laravel 12?

The upgrade from 12 to 13 is one of the smoothest in the framework’s history. The core team deliberately kept breaking changes minimal, and tools like Laravel Boost (updated to run post-npm install so the AI agent can see your frontend packages) and Laravel Shift (the deep, PR-based automated upgrade path) make the transition mechanical rather than painful.

The official upgrade guide covers every breaking change in detail and you’ll find the list shorter than you expect.

Build a Laravel 13 App with LaraCopilot — Start to Preview

LaraCopilot’s entire premise is one sentence: describe the product you want to build, and get a working Laravel application back. No CLI. No config files. No boilerplate sprint before you touch real product logic.

Here’s what actually happens when you use it today — on Laravel 13.

Step 1 — Write One Prompt

You open LaraCopilot and describe your product in plain English. No templates to fill. No dropdowns to configure. Just intent.

"Build a SaaS app where companies can post jobs, 
candidates can apply, and hiring managers get 
an AI-ranked shortlist based on resume match score."

That’s the entire input. LaraCopilot takes it from here.

Step 2 — LaraCopilot Generates the Full Project

Within seconds, LaraCopilot produces a complete, structured Laravel 13 application — not code snippets, not a starter kit, but a working project architecture with:

Laravel 13 as the base — PHP 8.3+, fresh defaults, latest framework conventions applied automatically
Full backend — models, migrations, relationships, controllers, form requests, policies, and service classes generated around your domain (Job, Candidate, Application, ShortlistScore)
Frontend interface — views or API layer scaffolded alongside the backend, not as an afterthought
Authentication & authorization — roles, gates, and middleware wired for your actual user types (Company, Candidate, Hiring Manager) — not generic auth stubs
Boilerplate configuration — environments, service providers, queue setup, and route structure ready for production patterns

This is the part that separates LaraCopilot from other tools: others stop at the frontend. LaraCopilot builds the whole app.

Step 3 — See It Running Immediately

You don’t get a zip file to unpack locally. LaraCopilot serves a live preview of the generated application so you can interact with it the moment generation is complete.

Browse the UI. Click through flows. See your job board, candidate profiles, and application pipeline working — before you’ve written a single line of code yourself.

This is where the time math changes completely. The gap between idea and working demo collapses from days to minutes.

Step 4 — Refine With Follow-Up Prompts

LaraCopilot isn’t a one-shot generator — it’s an AI agent you keep talking to. After the initial generation, you can iterate:

`"Add an AI-powered resume scoring feature 
using the Laravel AI SDK's embedding pipeline."`

`"Switch the shortlist ranking to use 
vector similarity search on candidate profiles."`

LaraCopilot updates the project — wiring the Laravel 13 AI SDK, adding the whereVectorSimilarTo() query, scaffolding the embedding job without you touching the underlying framework plumbing. You’re steering product decisions, not configuring infrastructure.

Step 5 — Download and Own Your Code

When you’re happy with the generated foundation, you download the full project. Clean Laravel 13 code. Yours completely. No vendor lock-in, no proprietary runtime, no dependency on LaraCopilot to keep your app running.

From here you take it into your own editor, your own repo, your own deployment pipeline. LaraCopilot got you past the 0-to-foundation problem — everything after is standard Laravel development on the latest version of the framework.

Why Laravel 13 + Today Matters

Laravel 13 went live yesterday. LaraCopilot generates on Laravel 13 today. Most tools, teams, and agencies will spend the next few weeks reading the release notes, checking package compatibility, and cautiously upgrading their templates.

You’re already shipping on it.

That’s the zero-lag promise and it’s not a tagline. It’s the product decision we made the moment Laravel 13 landed.

Why This Release is a Big Deal for AI-Powered SaaS

The through-line in Laravel 13 isn’t any single feature, it’s a philosophy shift. As highlighted in the Laravel News release breakdown, this release treats AI as a first-class citizen of the framework, not a plugin bolted on from the outside.

The Laravel AI SDK handles LLM integration. Vector search handles semantic retrieval. JSON:API resources handle standardized data transport. PHP attributes handle clean, declarative configuration. These aren’t separate concerns anymore — they’re one cohesive stack.

For founders and developers using LaraCopilot to generate Laravel MVPs, this means every project you scaffold today is built on a foundation that speaks the language of 2026’s application requirements: AI-native, agent-friendly, and production-ready from day one.

Get Started

Planning an upgrade? Start with the Laravel 13 Upgrade Guide

Ready to build? Open LaraCopilot and generate your first Laravel 13 project today.