1. Go to this page and download the library: Download padosoft/laravel-rebel-core library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
padosoft / laravel-rebel-core example snippets
// config/rebel-core.php
'audit' => [
'mode' => 'queue', // 'sync' (default) | 'queue'
'connection' => 'redis', // null = the app's default queue connection
'queue' => 'rebel-audit', // a dedicated queue is nice for Horizon dashboards
],
// config/rebel-core.php
'peppers' => [
1 => env('REBEL_PEPPER_V1'),
2 => env('REBEL_PEPPER_V2'), // new secret
],
'pepper_current' => 2, // new hashes use v2; the old ones (v1) remain verifiable
use Padosoft\Rebel\Core\Assurance\Aal;
use Padosoft\Rebel\Core\Assurance\AssuranceLevel;
$emailOtp = new AssuranceLevel(Aal::Aal1, phishingResistant: false, amr: ['otp', 'email']);
$passkey = new AssuranceLevel(Aal::Aal2, phishingResistant: true, amr: ['webauthn']);
// An action that
use Padosoft\Rebel\Core\Context\SecurityContext;
use Padosoft\Rebel\Core\Contracts\KeyedHasher;
$ctx = SecurityContext::fromRequest($request, app(KeyedHasher::class))
->withGuard('customers')
->withPurpose('customer-login')
->withIdentifier($email);
// $ctx->ipHmac / $ctx->userAgentHash are already hashed (never in cleartext)
use Padosoft\Rebel\Core\Audit\AuditEvent;
use Padosoft\Rebel\Core\Audit\AuthEventType;
use Padosoft\Rebel\Core\Contracts\AuditLogger;
app(AuditLogger::class)->record(new AuditEvent(
type: AuthEventType::EmailOtpVerified->value,
guard: 'customers',
identifierHmac: $h->hash, keyVersion: $h->keyVersion,
purpose: 'customer-login',
aal: Aal::Aal1, amr: ['otp', 'email'],
metadata: ['otp' => '123456'], // ← will be stored as "[REDACTED]"
));
use Padosoft\Rebel\Core\Tenancy\CurrentTenant;
app(CurrentTenant::class)->set('site-it'); // usually done by the TenantResolver/middleware
// All Rebel models with BelongsToTenant now filter and stamp tenant_id = 'site-it'
use Padosoft\Rebel\Core\Clock\FakeClock;
use Psr\Clock\ClockInterface;
$clock = new FakeClock(new DateTimeImmutable('2026-01-01 10:00:00'));
app()->instance(ClockInterface::class, $clock);
$clock->advance(600); // simulates +10 minutes (useful to test OTP/step-up expirations)