Download the PHP package baspa/filament-canary without Composer

On this page you can find all versions of the php package baspa/filament-canary. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package filament-canary

Filament Canary

Latest Version on Packagist Tests PHPStan Code Coverage Total Downloads

A runtime smoke-sweep for your Filament panels. It introspects every panel, resource and page at runtime and asserts the one thing you almost never write tests for: every page mounts for an authorized user, and is denied to guests. No generated files, no drift — new resources are covered automatically, and it runs in CI on every PR.

A canary in the coal mine: if a page starts throwing a 500 or quietly leaks access, the sweep falls over before your users do.

Why this instead of generating test files?

Because generated tests rot. Filament is introspectableFilament::getPanels() → resources → pages — so instead of writing a file per resource that you have to maintain (and that goes stale the moment you add a resource), Canary walks the live route table each run. One sweep covers the whole panel, today and after every refactor.

It is deliberately narrow: it proves pages mount and authorize. It does not submit forms or assert CRUD — that's the genuinely app-specific part you should write by hand.

Why not just ask AI to generate the tests?

You can — an AI agent can even keep generated tests up to date as you build. For the app-specific parts (form validation, business rules) that's a great use of it. The difference isn't "AI can't keep up." It's that "every page still mounts and authorizes" is a standing guarantee that shouldn't depend on someone remembering to ask:

So it's not AI vs. Canary. Use AI for the deep, bespoke tests; let Canary make the one mechanical guarantee — "every page loads and authorizes" — structural instead of dependent on a human-plus-agent getting it right every single time.

Installation

Then let Canary inspect your panels and propose a config for you:

It reads each panel's access gate (the user model's canAccessPanel, plus tenancy) and proposes an acting_as resolver — assignRole('admin') for role gates, a matching email for allowlists, a factory flag for boolean gates, or a plain factory user when it can't tell (clearly marked, for you to adjust). After you confirm, it writes config/filament-canary.php with the proposed closures baked in. Decline, and it just prints the snippet to paste.

Prefer to do it by hand? Publish the config and edit it yourself:

Usage

In your test suite (recommended)

canarySweep() runs the whole sweep and fails the test if any page returned a server error or leaked access to a guest. It returns every result, so you can make extra assertions if you want.

As a CI command

Prints a per-page report and exits non-zero when there are hard failures:

Pass --strict to also fail on needs-auth pages once you've wired up acting_as.

How a page is judged

Result Meaning
passed Authorized user got a 2xx and a guest was denied (redirect / 401 / 403).
failed Server error (5xx), or a guest reached the page (authorization leak). The canary's whole reason for existing.
🔒 needs-auth The resolved user couldn't reach the page (401/403/redirect). Almost always means you need to configure acting_as. Not a hard failure unless --strict.
⏭️ skipped Couldn't be swept automatically — no model factory for a record page, a tenant that needs a resolver, or route parameters Canary can't fill. Always shown with a reason; nothing is silently left untested.

Configuration

By default Canary creates an authorized user via your guard's provider-model factory. When panel access needs a specific user (a role, a flag), give it one:

Per panel:

Tenant-aware panels resolve a tenant the same way (defaults to the tenant-model factory):

Other options: panels.only / panels.except, exclude (resource/page classes), test_guests, strict_authorization, use_transaction. See the published config for details.

Safety

The sweep creates users and records via factories and requests every page as an authenticated user, so it takes two precautions:

What's out of scope (on purpose)

Non-standard authentication

By default Canary authenticates each request by setting the resolved user on the panel's guard. That covers the common case (session/Eloquent guards). It does not fit panels whose access depends on custom state Canary can't see — for example a custom API/SSO guard, or a canAccessPanel() that checks session data rather than the user itself:

For these, swap the requester. Baspa\FilamentCanary\Sweep\Requester is a one-method interface bound in the container, so you can bind your own implementation that establishes auth however your app needs it (seed the session, mint an API token, etc.):

Testing

License

The MIT License (MIT). Please see License File for more information.


All versions of filament-canary with dependencies

PHP Build Version
Package Version
Requires php Version ^8.2
filament/filament Version ^4.0||^5.0
spatie/laravel-package-tools Version ^1.16
illuminate/contracts Version ^11.0||^12.0||^13.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package baspa/filament-canary contains the following files

Loading the files please wait ...