Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Spy
Assessments

Laravel Spy Laravel Package

farayaz/laravel-spy

Lightweight Laravel package that automatically logs all outgoing HTTP client requests. Capture URL, method, headers, payload, response headers/body, status code, and duration, with configurable logging and options to obfuscate sensitive data for debugging and auditing.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Laravel-native alignment: The package leverages Laravel’s HTTP client (Guzzle under the hood) and integrates seamlessly with its service container, middleware, and event systems. This ensures minimal disruption to existing Laravel applications, particularly those already using Laravel’s Http facade or client.
  • Observability gap filler: Addresses a critical need for structured logging of outgoing HTTP requests, including payloads, headers, and timing metrics. This is invaluable for debugging integrations, auditing compliance, and monitoring third-party API performance.
  • Environment-driven control: Uses Laravel’s .env conventions for toggling features (SPY_ENABLED), obfuscating sensitive data (SPY_OBFUSCATES), and excluding URLs (SPY_EXCLUDE_URLS). This aligns with Laravel’s philosophy of configuration over convention and enables zero-code deployment for observability.
  • Database-backed persistence: Stores logs in a dedicated http_logs table, providing queryable, long-term storage for auditing and forensics. However, this introduces synchronous write overhead, which could impact performance in high-throughput environments.
  • Middleware-based interception: Operates within Laravel’s middleware pipeline, allowing for pre- and post-processing of HTTP requests/responses. This design enables customization (e.g., filtering, masking) but is constrained by the package’s closed-source core logic.
  • Dashboard limitations: The built-in /spy endpoint is basic and read-only, lacking advanced features like real-time monitoring, filtering, or aggregation. Middleware dependencies (e.g., auth) may require additional configuration to avoid conflicts with existing route protections.

Technical Risk

  • Performance overhead: Synchronous database writes for every HTTP request could introduce latency, especially in high-traffic applications (>100 RPS). This risk is mitigated by configurable field lengths and retention policies but remains a concern for production-critical paths.
  • Storage costs: Unbounded log retention could lead to database bloat if not properly managed. The SPY_CLEAN_DAYS and SPY_FIELD_MAX_ROWS configurations help, but monitoring and tuning may be required for long-term use.
  • Dependency on Laravel’s HTTP client: The package does not intercept raw Guzzle instances or other HTTP clients (e.g., cURL). Applications using these directly will miss logging coverage, requiring refactoring to Laravel’s Http facade.
  • Future-dated release (2026): The last release date raises concerns about maintenance and long-term support. The package’s GitHub activity and contributor base should be evaluated to assess its viability for production use.
  • Limited customization: While configurable via environment variables, the package’s core logic is closed-source, limiting deep customization for edge cases (e.g., async logging, alternative storage backends).
  • Binary data handling: Excluding binary payloads (e.g., images, PDFs) requires explicit configuration (SPY_REQUEST_BODY_EXCLUDE_CONTENT_TYPES). Misconfiguration could lead to unnecessary storage of large, non-textual data.

Key Questions

  1. Performance Impact: How will synchronous database writes affect latency in high-traffic scenarios? Are there plans to support async logging (e.g., via Laravel queues)?
  2. Storage Management: What strategies are in place to monitor and cap log storage growth? Are there plans for alternative storage backends (e.g., Redis, Elasticsearch)?
  3. Raw Guzzle Support: Is there a roadmap to extend logging to raw Guzzle instances or other HTTP clients?
  4. Maintenance and Support: Given the future-dated release, what is the package’s long-term maintenance plan? Are there active contributors or a governance model?
  5. Dashboard Enhancements: Are there plans to improve the built-in dashboard with features like real-time monitoring, advanced filtering, or integration with third-party tools?
  6. Compliance and Security: How does the package handle sensitive data in headers (e.g., authorization tokens)? Are there plans to extend obfuscation to headers or cookies?
  7. Testing and Validation: How can the package’s logging accuracy be validated in CI/CD pipelines or staging environments? Are there tools or assertions to verify log completeness?
  8. Migration Path: What steps are required to migrate from the package to a more scalable solution (e.g., async logging) if needed in the future?

Integration Approach

Stack Fit

  • Laravel 10–12 + PHP 8.1+: The package is optimized for modern Laravel, leveraging its service container, facades, and middleware systems. No additional dependencies are required beyond Laravel’s core.
  • Database compatibility: Works with any Laravel-supported database (MySQL, PostgreSQL, SQLite, etc.), as it relies on Laravel’s migration system and Eloquent models.
  • HTTP client compatibility: Fully compatible with Laravel’s Http facade and client. Existing Http:: calls (e.g., Http::get(), Http::post()) will be automatically logged without code changes.
  • Middleware integration: Can be stacked with other middleware (e.g., for authentication, rate limiting) but may require ordering adjustments to avoid conflicts.
  • Queue system compatibility: While the package does not natively support async logging, it could be extended with Laravel queues for high-throughput scenarios (see "Migration Path" below).

Migration Path

  1. Initial Setup (Zero-Config):

    • Install via Composer: composer require farayaz/laravel-spy.
    • Publish the config: php artisan vendor:publish --provider="Farayaz\LaravelSpy\LaravelSpyServiceProvider".
    • Run migrations: php artisan migrate.
    • Configure environment variables (e.g., SPY_ENABLED=true, SPY_OBFUSCATES=password,token).
    • No code changes required for basic usage.

  2. Customization Phase:

    • Tune exclusions (SPY_EXCLUDE_URLS), obfuscation (SPY_OBFUSCATES), and retention (SPY_CLEAN_DAYS) via .env.
    • Extend the http_logs table schema if additional fields are needed (e.g., custom metadata).
    • Implement middleware to pre-process logs (e.g., add user context, filter sensitive data).

  3. Advanced Scaling (If Needed):

    • Async Logging: Modify the package or create a custom middleware to defer log writes to a queue (e.g., spy:log job). This requires:
      • Publishing and extending the package’s service provider.
      • Creating a job to handle async writes to the database.
      • Updating the config to toggle async mode.
    • Alternative Storage: Replace the Eloquent model with a queue-backed or Redis-based logger for high-throughput scenarios.
    • Dashboard Integration: Extend the /spy endpoint or build a custom admin panel using Laravel’s resources or a frontend framework (e.g., Livewire, Inertia).

  4. Rollback Plan:

    • Disable logging via SPY_ENABLED=false.
    • Remove the http_logs table or archive its data.
    • Uninstall the package: composer remove farayaz/laravel-spy.

Compatibility

  • Laravel Versions: Tested with Laravel 10–12. Not compatible with older versions (e.g., Laravel 9 or below).
  • PHP Versions: Requires PHP 8.1+. Not compatible with PHP 7.x or 8.0.
  • Database Systems: Works with any Laravel-supported database, but performance may vary (e.g., SQLite may struggle with high write volumes).
  • HTTP Clients: Only logs requests made via Laravel’s Http facade/client. Raw Guzzle instances or other HTTP libraries (e.g., cURL) are not intercepted.
  • Middleware Conflicts: May conflict with other middleware that modifies HTTP requests/responses (e.g., encryption, compression). Ordering in app/Http/Kernel.php may need adjustment.

Sequencing

  1. Pre-Installation:

    • Assess performance requirements (e.g., expected request volume).
    • Identify sensitive data to obfuscate and URLs to exclude.
    • Plan for log retention (e.g., SPY_CLEAN_DAYS) and storage capacity.

  2. Installation:

    • Install the package and publish the config.
    • Run migrations and configure .env.
    • Test in a staging environment with realistic traffic.

  3. Customization:

    • Fine-tune exclusions, obfuscation, and retention.
    • Implement middleware extensions if needed (e.g., adding user context).
    • Set up scheduled cleanup (php artisan spy:clean) via Laravel’s scheduler.

  4. Monitoring:

    • Monitor database write performance and adjust field lengths/retention as needed.
    • Validate log completeness by comparing a sample of requests with and without the package.
    • Set up alerts for log table growth or write failures.

  5. Production Rollout:

    • Enable logging in staging first, then promote to production.
    • Use SPY_ENABLED to toggle logging dynamically (e.g., disable in production for non-critical paths).
    • Document
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport
twbs/bootstrap4