feat: telescope

[PilsAraujo]

Summary by CodeRabbit

• New Features

  • Integrated diagnostics dashboard with role-restricted access, environment-aware visibility, and masking of sensitive request details.
  • Persistent storage for diagnostics entries and monitoring tags via new database support.
  • Full diagnostics configuration with per-watcher controls and filtering options.

• Chores

  • Updated framework and libraries and added the diagnostics package as a dependency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds Laravel Telescope integration: new TelescopeServiceProvider with boot gating, sensitive-request masking and access gate; conditional provider registration in AppServiceProvider; config/telescope.php; composer dependency updates; and a migration creating telescope tables (entries, entries_tags, monitoring).

Changes

Cohort / File(s)	Summary
Service provider & registration app/Providers/Tools/TelescopeServiceProvider.php, app/Providers/AppServiceProvider.php, bootstrap/providers.php	Adds TelescopeServiceProvider (extends TelescopeApplicationServiceProvider) with register(), boot(), canBoot(), hideSensitiveRequestDetails(), and gate() methods; AppServiceProvider conditionally registers the provider; provider ordering adjusted in bootstrap/providers.php.
Configuration config/telescope.php	New Telescope configuration file defining enablement, domain/path, storage driver/options, queue settings, route middleware, ignore/only lists, and per-watcher enablement/settings for multiple watchers.
Database migration database/migrations/2025_12_17_151114_create_telescope_entries_table.php	New migration creating telescope_entries, telescope_entries_tags (composite primary key, FK → telescope_entries(uuid) cascade), and telescope_monitoring tables; uses configurable DB connection; includes down() to drop tables.
Dependencies & tooling composer.json, mise.toml, phpunit.xml	Adds laravel/telescope ^5.16; updates laravel/framework, laravel/nightwatch, livewire/flux, and dev deps; adds PHP tool entry in mise.toml; removes TELESCOPE_ENABLED env var from phpunit.xml.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Inspect TelescopeServiceProvider::gate() authorization integration with the app's user/role model.
• Verify hideSensitiveRequestDetails() covers intended inputs/headers and respects environment gating.
• Validate migration schema: column types, indexes, composite PK, FK cascade, and configurable connection usage.
• Review config/telescope.php watcher defaults and any environment-sensitive settings.
• Confirm composer upgrades compatibility with CI and other packages.

Possibly related PRs

• fix: admin queries and bootstrapping #132 — Adds conditional registration of tool service providers and introduces a Tools service provider class (similar pattern applied here for Telescope).

Suggested reviewers

• RichardGL11

Poem

"I nibble logs beneath the moonlit sky,
I tuck away secrets that prying eyes spy,
I watch queues hop and entries bloom,
With twitching whiskers I guard the room,
Hop—Telescope keeps our code cozy and spry!" 🐰🔭

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 63.64% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'feat: telescope' is too vague and generic. While it references a real component being added (Telescope), it does not convey the specific purpose, scope, or main change. It lacks context about what is being implemented or configured.	Consider a more descriptive title such as 'feat: add Laravel Telescope integration with access control' to better communicate the main objective and scope of the changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/telescope

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0a5bba3 and eb9c061.

⛔ Files ignored due to path filters (1)

• composer.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• app/Providers/Tools/TelescopeServiceProvider.php (1 hunks)
• bootstrap/providers.php (1 hunks)
• composer.json (2 hunks)
• config/telescope.php (1 hunks)
• database/migrations/2025_12_17_151114_create_telescope_entries_table.php (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

app/Providers/Tools/TelescopeServiceProvider.php (1)

app-modules/user/src/Models/User.php (1)

• isAdmin (57-60)

bootstrap/providers.php (2)

app/Providers/Tools/TelescopeServiceProvider.php (1)

• TelescopeServiceProvider (13-77)

app/Providers/Filament/GuestPanelProvider.php (1)

• GuestPanelProvider (26-116)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Perform Rector Check / Run

🔇 Additional comments (7)

bootstrap/providers.php (1)

14-14: LGTM! Clean Telescope integration.

The TelescopeServiceProvider is properly imported and registered at the end of the providers array, ensuring all other services are available when Telescope boots.

Also applies to: 26-26

config/telescope.php (1)

51-229: Well-structured Telescope configuration.

The configuration properly sets up Telescope with:

• Appropriate middleware including Authorize::class for access control
• Sensible path filtering to ignore Livewire, Nova, and Pulse routes
• Comprehensive watcher configuration with environment-based toggles
• Reasonable defaults (e.g., 100ms slow query threshold)

app/Providers/Tools/TelescopeServiceProvider.php (3)

18-32: LGTM! Solid entry filtering logic.

The filter appropriately logs all entries in local environments while limiting production logging to actionable data (exceptions, failures, scheduled tasks, and monitored tags). This balances debugging capability with storage efficiency.

---

34-46: LGTM! Proper conditional boot logic.

The canBoot() check ensures Telescope only boots when explicitly enabled via configuration, providing a clean kill-switch for the entire integration.

---

51-64: LGTM! Appropriate data sensitivity controls.

The method correctly preserves full visibility in local environments for debugging while hiding sensitive tokens and headers in production environments.

database/migrations/2025_12_17_151114_create_telescope_entries_table.php (1)

14-71: LGTM! Standard Telescope migration with proper structure.

The migration correctly:

• Uses configurable connection from config('telescope.storage.database.connection')
• Creates all required Telescope tables with appropriate columns and types
• Adds proper indexes for performance (uuid, batch_id, family_hash, created_at)
• Implements foreign key constraint with cascade delete
• Drops tables in correct order during rollback

composer.json (1)

41-41: laravel/telescope ^5.16 is the latest stable version and fully compatible.

Version 5.16.0 is current (released 2025-12-09) and supports Laravel 12.0, making it appropriate for your project.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eb9c061 and 0002d93.

📒 Files selected for processing (3)

• app/Providers/AppServiceProvider.php (3 hunks)
• app/Providers/Tools/TelescopeServiceProvider.php (1 hunks)
• bootstrap/providers.php (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• app/Providers/Tools/TelescopeServiceProvider.php
• bootstrap/providers.php

🧰 Additional context used

🧬 Code graph analysis (1)

app/Providers/AppServiceProvider.php (1)

app/Providers/Tools/TelescopeServiceProvider.php (2)

• TelescopeServiceProvider (13-75)
• register (18-32)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Perform Rector Check / Run
• GitHub Check: Perform Pest Tests / Run

🔇 Additional comments (2)

app/Providers/AppServiceProvider.php (2)

22-22: LGTM!

The method call follows the established pattern used for Debugbar registration.

---

75-80: The code is correct and follows official Laravel best practices.

The isLocal() restriction is the intended architecture for local-only Telescope installation. By default, the Telescope dashboard is only accessible in the local environment. Any filtering or gating logic in the custom TelescopeServiceProvider serves as secondary safeguards, not as evidence that the provider should be registered outside local environments.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

config/telescope.php (1)

196-199: Consider adjusting log level based on environment needs.

The level is set to 'error', meaning only error-level and above logs will be captured. While this reduces noise, it may limit debugging capabilities since debug, info, and warning logs won't be recorded.

If more verbose logging is needed during development, consider making this configurable:

 LogWatcher::class => [
     'enabled' => env('TELESCOPE_LOG_WATCHER', true),
-    'level' => 'error',
+    'level' => env('TELESCOPE_LOG_LEVEL', 'error'),
 ],

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0002d93 and 6cc5f3a.

📒 Files selected for processing (1)

• config/telescope.php (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Perform Pest Tests / Run

🔇 Additional comments (2)

config/telescope.php (2)

38-38: LGTM! Safe default for production.

The master switch correctly defaults to false, ensuring Telescope is disabled in production unless explicitly enabled via the TELESCOPE_ENABLED environment variable.

---

156-229: Comprehensive watcher configuration.

The watchers are well-configured with appropriate options for each type. Key highlights:

• Individual environment variable toggles for granular control
• Reasonable defaults for slow query threshold (100ms) and response size limit (64KB)
• ignore_packages enabled for Gate and Query watchers to reduce framework noise

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

app/Providers/Tools/TelescopeServiceProvider.php (1)

23-23: Consider using underscore prefix for intentionally unused parameter.

The filter allows all entries, so the $entry parameter is intentionally unused. Using $_ convention makes this explicit and silences static analysis warnings.

-        Telescope::filter(fn (IncomingEntry $entry) => true);
+        Telescope::filter(fn (IncomingEntry $_) => true);

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6cc5f3a and 9d9de28.

📒 Files selected for processing (2)

• app/Providers/AppServiceProvider.php (3 hunks)
• app/Providers/Tools/TelescopeServiceProvider.php (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• app/Providers/AppServiceProvider.php

🧰 Additional context used

🪛 GitHub Actions: Continuous Integration

app/Providers/Tools/TelescopeServiceProvider.php

[error] 37-37: TypeError: Return value must be of type bool, string returned in canBoot(). The method returns config('telescope.enabled'), which yields a string. Ensure it returns a boolean.

🪛 PHPMD (2.15.0)

app/Providers/Tools/TelescopeServiceProvider.php

23-23: Avoid unused parameters such as '$entry'. (undefined)

(UnusedFormalParameter)

🔇 Additional comments (3)

app/Providers/Tools/TelescopeServiceProvider.php (3)

26-33: LGTM!

The boot guard pattern using canBoot() is clean and allows conditional Telescope activation.

---

43-56: LGTM!

The logic correctly hides sensitive request details in non-local environments while allowing full visibility locally for debugging. The hidden parameters and headers are appropriate for security.

---

63-66: LGTM!

The gate logic is now correct and properly restricts Telescope access to admin users.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

app/Providers/Tools/TelescopeServiceProvider.php (1)

20-20: Remove commented code.

The commented Telescope::night() line should either be uncommented if the dark theme is desired or removed entirely.

Apply this diff to remove the commented code:

-        // Telescope::night();

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9d9de28 and 48595db.

📒 Files selected for processing (3)

• app/Providers/Tools/TelescopeServiceProvider.php (1 hunks)
• mise.toml (1 hunks)
• phpunit.xml (0 hunks)

💤 Files with no reviewable changes (1)

• phpunit.xml

🧰 Additional context used

🧬 Code graph analysis (1)

app/Providers/Tools/TelescopeServiceProvider.php (2)

app/Providers/AppServiceProvider.php (2)

• register (19-23)
• boot (28-34)

app-modules/user/src/Models/User.php (1)

• isAdmin (57-60)

🪛 PHPMD (2.15.0)

app/Providers/Tools/TelescopeServiceProvider.php

23-23: Avoid unused parameters such as '$entry'. (undefined)

(UnusedFormalParameter)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Perform Pest Tests / Run

🔇 Additional comments (5)

app/Providers/Tools/TelescopeServiceProvider.php (4)

26-33: LGTM!

The boot guard pattern correctly prevents Telescope from initializing when disabled via configuration.

---

35-38: LGTM!

The use of config()->boolean() correctly handles type casting and resolves the previous TypeError issue.

---

45-47: Clarify the environment-specific sensitive data handling approach.

A previous comment suggested removing local environment checks to "enable production," but the current implementation only hides sensitive details in non-local environments. While this approach is reasonable for debugging locally, it contradicts the earlier feedback.

Consider whether sensitive data should be masked consistently across all environments for better security practices, or document why local environments are exempt.

---

63-66: LGTM!

The gate authorization logic correctly restricts Telescope access to admin users. The previous critical issue with the empty array check has been properly resolved.

mise.toml (1)

3-3: PHP 8.4 compatibility is already ensured through the existing composer.json constraint (^8.3), which permits PHP 8.4. No deprecated PHP features were found in the codebase that would cause issues with PHP 8.4. The .each() calls detected are Laravel Collection methods, not the deprecated PHP function. No further action needed.