Laravel 12 Blog API Development

Expert Laravel 12 development assistant for building a production-ready Blog API with modern PHP 8.4+ features, comprehensive testing, Docker-based development environment, and automated code quality enforcement.

What This Skill Does

This skill guides you to generate high-quality Laravel 12 code that follows:

**Modern PHP 8.4+ features** (readonly properties, enums, typed properties, first-class callables)

**Strict typing** with `declare(strict_types=1);` and PHPStan level 10 compliance

**SOLID principles** with clean architecture (Services, Actions, DTOs)

**Comprehensive testing** with Pest PHP (80% coverage requirement)

**Docker-based workflow** with isolated test environments

**Automated quality gates** (pre-commit linting, pre-push testing)

**Semantic commits** with Conventional Commits enforcement

**API best practices** with Laravel Sanctum, Scramble documentation, and structured responses

Project Context

This is a **Laravel 12 Blog API** built with:

**PHP 8.2+** (targeting 8.4+ features) with strict typing

**MySQL 8.0** for database + **Redis** for cache/sessions

**Laravel Sanctum** for API token authentication

**Pest PHP 3.8+** for BDD-style testing

**Larastan 3.0+** (PHPStan level 10) for static analysis

**Laravel Pint** for code formatting

**Scramble** for automatic OpenAPI documentation

**Docker & Docker Compose** for multi-service architecture

**Husky hooks** for automated validation

Domain Model

The application manages a blog platform with these core entities:

Core Entities

**User**: Blog users with role-based permissions (Administrator, Editor, Author, Contributor, Subscriber)

**Article**: Blog posts with status management (Draft, Published, Archived)

**Category**: Hierarchical content organization (many-to-many with articles)

**Tag**: Flexible content labeling (many-to-many with articles)

**Comment**: User interactions on articles (one-to-many)

Supporting Entities

**Role**: User access levels with many-to-many relationship

**Permission**: Granular access control

**Notification**: Polymorphic system-wide messaging

**NewsletterSubscriber**: Email subscription management

Key Enums (Type-Safe Constants)

`UserRole`: Administrator, Editor, Author, Contributor, Subscriber

`ArticleStatus`: Draft, Published, Archived

`ArticleAuthorRole`: Primary, CoAuthor, Contributor

`NotificationType`: System, User, Admin

Project Structure

Follow this clean, modular structure:

```

app/

├── Actions/ # Single-responsibility action classes

├── Data/ # Data Transfer Objects (DTOs)

├── Enums/ # Type-safe enums for constants

├── Events/ # Domain events

├── Exceptions/ # Custom exceptions

├── Http/

│ ├── Controllers/ # Thin controllers (invokable pattern)

│ ├── Middleware/ # HTTP middleware

│ ├── Requests/ # Form Request validation

│ ├── Resources/ # API Resource responses

├── Jobs/ # Queued jobs

├── Listeners/ # Event listeners

├── Models/ # Eloquent models

├── Policies/ # Authorization policies

├── Services/ # Business logic (with interfaces)

└── Support/ # Helpers & utility classes

```

Step-by-Step Instructions

1. File Header Standards

**Always start PHP files with:**

```php

<?php

declare(strict_types=1);

namespace App\[Directory];

// imports...

```

2. Controller Pattern (Invokable)

Generate **thin, final, invokable controllers** with this structure:

```php

<?php

declare(strict_types=1);

namespace App\Http\Controllers\Api\V1;

use App\Http\Requests\[RequestName];

use App\Http\Resources\[ResourceName];

use App\Services\[ServiceName];

use Illuminate\Http\JsonResponse;

final class [ActionName]Controller

{

public function __construct(

private readonly [ServiceName] $service

) {}

public function __invoke([RequestName] $request): JsonResponse

{

try {

$data = $this->service->[method]($request->validated());

return response()->json([

'status' => true,

'message' => '[Success message]',

'data' => new [ResourceName]($data),

], 201);

} catch (\Exception $e) {

\Log::error('[Error context]', ['error' => $e->getMessage()]);

return response()->json([

'status' => false,

'message' => '[User-friendly error]',

'data' => null,

'error' => null,

], 500);

}

```

**Controller Rules:**

Use invokable pattern with `__invoke()` method

Declare as `final` class

Use `readonly` for dependency injection

Business logic in Services, not controllers

Try-catch with proper logging

Return structured JSON responses

3. Form Request Pattern

Generate **Form Requests** with `withDefaults()` method:

```php

<?php

declare(strict_types=1);

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;

final class [RequestName] extends FormRequest

{

public function authorize(): bool

{

return true; // or implement authorization logic

}

public function rules(): array

{

return [

'field' => ['required', 'string', 'max:255'],

// validation rules...

];

}

public function withDefaults(): array

{

return array_merge($this->validated(), [

'default_field' => $this->input('default_field', 'default_value'),

]);

}

```

4. Service Layer Pattern

Generate **Services** with interfaces for testability:

```php

<?php

declare(strict_types=1);

namespace App\Services;

use App\Models\[ModelName];

use Illuminate\Support\Facades\DB;

final class [ServiceName] implements [ServiceInterface]

{

public function __construct(

private readonly [ModelName] $model

) {}

public function [methodName](array $data): [ModelName]

{

return DB::transaction(function () use ($data) {

$record = $this->model->create($data);

// Additional business logic...

return $record;

});

}

```

**Service Rules:**

Use transactions for multi-step writes

Inject dependencies via constructor

Implement interfaces for contracts

Handle business logic, not HTTP concerns

5. Model Pattern

Generate **Eloquent models** with strict typing:

```php

<?php

declare(strict_types=1);

namespace App\Models;

use Illuminate\Database\Eloquent\Model;

use Illuminate\Database\Eloquent\Relations\BelongsTo;

final class [ModelName] extends Model

{

protected $fillable = [

'field1',

'field2',

];

protected $casts = [

'status' => \App\Enums\[EnumName]::class,

'published_at' => 'datetime',

];

public function relation(): BelongsTo

{

return $this->belongsTo([RelatedModel]::class);

}

```

**Model Rules:**

Use `$fillable` or `$guarded` for mass assignment protection

Cast enums, dates, and JSON fields

Define relationship return types

Use eager loading to prevent N+1 queries

6. API Resource Pattern

Generate **API Resources** for structured responses:

```php

<?php

declare(strict_types=1);

namespace App\Http\Resources;

use Illuminate\Http\Request;

use Illuminate\Http\Resources\Json\JsonResource;

final class [ResourceName] extends JsonResource

{

public function toArray(Request $request): array

{

return [

'id' => $this->id,

'field' => $this->field,

'created_at' => $this->created_at?->toISOString(),

'relation' => new [RelatedResource]($this->whenLoaded('relation')),

];

}

```

7. Enum Pattern

Generate **PHP 8.1+ enums** for type safety:

```php

<?php

declare(strict_types=1);

namespace App\Enums;

enum [EnumName]: string

{

case VALUE_ONE = 'value_one';

case VALUE_TWO = 'value_two';

public function label(): string

{

return match($this) {

self::VALUE_ONE => 'Value One',

self::VALUE_TWO => 'Value Two',

};

}

```

8. Testing Pattern (Pest PHP)

Generate **BDD-style tests** with Pest:

```php

<?php

declare(strict_types=1);

use App\Models\User;

use Laravel\Sanctum\Sanctum;

describe('[Feature Name]', function () {

beforeEach(function () {

$this->user = User::factory()->create();

Sanctum::actingAs($this->user);

});

it('can perform action successfully', function () {

// Arrange

$data = ['field' => 'value'];

// Act

$response = $this->postJson('/api/v1/endpoint', $data);

// Assert

$response->assertStatus(201)

->assertJsonStructure([

'status',

'message',

'data' => ['id', 'field'],

]);

expect($response->json('status'))->toBeTrue();

});

it('validates required fields', function () {

$response = $this->postJson('/api/v1/endpoint', []);

$response->assertStatus(422)

->assertJsonValidationErrors(['field']);

});

```

**Testing Rules:**

Use `describe()` and `it()` for BDD organization

Use `RefreshDatabase` trait for clean state

Test authentication and authorization

Assert project-specific response format

Aim for 80% code coverage minimum

9. API Routes Pattern

Generate **versioned API routes**:

```php

<?php

use App\Http\Controllers\Api\V1\[ControllerName];

use Illuminate\Support\Facades\Route;

Route::prefix('v1')->group(function () {

Route::middleware('auth:sanctum')->group(function () {

Route::post('/endpoint', [ControllerName]::class);

});

```

10. Migration Pattern

Generate **migrations** with proper constraints:

```php

<?php

use Illuminate\Database\Migrations\Migration;

use Illuminate\Database\Schema\Blueprint;

use Illuminate\Support\Facades\Schema;

return new class extends Migration

{

public function up(): void

{

Schema::create('table_name', function (Blueprint $table) {

$table->id();

$table->string('field');

$table->foreignId('related_id')

->constrained('related_table')

->cascadeOnDelete();

$table->timestamps();

$table->index('field');

});

}

public function down(): void

{

Schema::dropIfExists('table_name');

}

};

```

Code Quality Requirements

PHPStan Level 10 Compliance (Mandatory)

All properties must have explicit types

All parameters must have type hints

All return types must be declared

No mixed types allowed

No ignored errors

Laravel Pint Formatting (Mandatory)

Run `./vendor/bin/pint` before committing

Follows PSR-12 coding standards

Enforced by pre-commit hooks

Response Format Standards

**Success Response:**

```json

{

"status": true,

"message": "Success message",

"data": { /* response data */ }

}

```

**Error Response:**

```json

{

"status": false,

"message": "Error message",

"data": null,

"error": null

}

```

Security Best Practices

1. **Never trust user input** - validate and sanitize all inputs

2. **Use Form Requests** for validation

3. **Use `validated()` data** - never `$request->all()`

4. **Use transactions** for multi-step database writes

5. **Implement authorization** via Policies

6. **Eager load relationships** to prevent N+1 queries

7. **Use Sanctum** for API authentication with token abilities

8. **Store secrets in `.env`** - never hard-code

Development Workflow

Docker Commands

`make up` - Start development environment

`make test` - Run test suite in isolated environment

`make shell` - Access application container

`make pint` - Run code formatter

`make stan` - Run PHPStan analysis

Git Workflow

**Semantic commits** enforced by Husky hooks

**Pre-commit**: Linting and formatting checks

**Pre-push**: Full test suite execution

**Commit format**: `type(scope): message` (e.g., `feat(api): add article endpoints`)

Key Patterns to Follow

1. **Invokable Controllers**: One action per controller

2. **Service Layer**: Business logic separate from HTTP layer

3. **Form Requests**: Validation with `withDefaults()` method

4. **API Resources**: Structured JSON responses

5. **Enums**: Type-safe constants for status/type fields

6. **Final Classes**: Immutability by default

7. **Readonly Properties**: Constructor-injected dependencies

8. **Strict Types**: `declare(strict_types=1);` in all files

9. **Comprehensive PHPDoc**: Required for PHPStan level 10

10. **BDD Testing**: Pest PHP with describe/it blocks

Important Constraints

**Minimum 80% test coverage** is enforced

**PHPStan level 10** must pass with zero errors

**All API routes** must be prefixed with `/api/v1/`

**All controllers** must use invokable pattern

**All responses** must follow project-specific format

**All commits** must follow Conventional Commits format

**All classes** should be `final` unless designed for extension

Reference Files

For comprehensive guidelines, always refer to:

`.cursor/rules/development-guide-ai.mdc` - General Laravel standards

`.cursor/rules/laravel-blog-api-rules.mdc` - Project-specific patterns

Laravel 12 Blog API Development

Laravel 12 Blog API Development

What This Skill Does

Project Context

Domain Model

Core Entities

Supporting Entities

Key Enums (Type-Safe Constants)

Project Structure

Step-by-Step Instructions

1. File Header Standards

2. Controller Pattern (Invokable)

3. Form Request Pattern

4. Service Layer Pattern

5. Model Pattern

6. API Resource Pattern

7. Enum Pattern

8. Testing Pattern (Pest PHP)

9. API Routes Pattern

10. Migration Pattern

Code Quality Requirements

PHPStan Level 10 Compliance (Mandatory)

Laravel Pint Formatting (Mandatory)

Response Format Standards

Security Best Practices

Development Workflow

Docker Commands

Git Workflow

Key Patterns to Follow

Important Constraints

Reference Files

Reviews (0)