Laravel Rebel Documentation
Laravel Rebel
Centralized documentation for the 22-package padosoft/laravel-rebel-* ecosystem.
This site is intentionally centralized in laravel-rebel-core/docs-site. Every package README points here: https://doc.laravel-rebel.padosoft.com.
laravel-rebel-auth
Package index
| Package | Responsibility | Composer name |
|---|---|---|
laravel-rebel-bridge-passkeys |
WebAuthn passkey step-up driver for Laravel Rebel: bridges spatie/laravel-passkeys into Rebel’s step-up registry, issuing phishing-resistant AAL3 challenges. | padosoft/laravel-rebel-bridge-passkeys |
laravel-rebel-bridge-spatie-otp |
Bridge between spatie/laravel-one-time-passwords and Laravel Rebel: exposes email/SMS OTP as an AAL2 step-up driver with full audit telemetry. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-bridge-spatie-otp |
laravel-rebel-channel-bird |
Bird (formerly MessageBird) provider for Laravel Rebel Channels: phone verification via the Bird Verify API (SMS), plain SMS delivery, and signed delivery-status webhooks. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-channel-bird |
laravel-rebel-channel-discord |
Discord delivery channel for Laravel Rebel Channels: ship security/SOC alerts (anomaly cases, lockouts, high-risk events) and notifications to a Discord channel via webhook. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-channel-discord |
laravel-rebel-channels |
Channel/provider abstraction (SMS/WhatsApp/voice) for Laravel Rebel: verification routing with fallback, cooldown, multi-dimensional rate limiting, and anti toll-fraud/IRSF defences. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-channels |
laravel-rebel-channel-telegram |
Telegram bot delivery channel for Laravel Rebel Channels: deliver OTP codes and security alerts to a Telegram chat. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-channel-telegram |
laravel-rebel-channel-twilio |
Twilio provider for Laravel Rebel Channels: phone verification via Twilio Verify (SMS/WhatsApp/voice), message delivery, and signed delivery-status webhooks. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-channel-twilio |
laravel-rebel-channel-vonage |
Vonage provider for Laravel Rebel Channels: phone verification via Vonage Verify (SMS/voice), plain SMS delivery, and signed delivery-receipt webhooks. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-channel-vonage |
laravel-rebel-core |
Core primitives, value objects and contracts for Laravel Rebel: the enterprise authentication control plane (AAL/AMR assurance, security context, audit, Sanctum tokens, rate-limiting). The entry point of the padosoft/laravel-rebel-* ecosystem. | padosoft/laravel-rebel-core |
laravel-rebel-demo |
Demo / integration application for the padosoft/laravel-rebel-* enterprise authentication suite. | padosoft/laravel-rebel-demo |
laravel-rebel-email-otp |
Enterprise passwordless email-OTP login for Laravel Rebel: anti-enumeration, multi-dimensional rate-limiting, multi-tenant/purpose/risk, Sanctum token issuance. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-email-otp |
laravel-rebel-recovery |
High-assurance account recovery for Laravel Rebel: single-use HMAC-hashed recovery (backup) codes, generated once at enrolment, with anti-ATO checks. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-recovery |
laravel-rebel-sessions |
Device/session registry for Laravel Rebel: session/device tracking, logout-everywhere, refresh-token rotation with reuse detection, and device trust. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-sessions |
laravel-rebel-step-up |
Step-up authentication for Laravel Rebel: confirm an action/purpose with AAL/AMR assurance, risk-based, and PSD2/SCA dynamic linking. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-step-up |
laravel-rebel-admin |
Web Admin Panel (Blade + AJAX + vanilla JS) for Laravel Rebel: a security operations dashboard over the Rebel Admin API. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-admin |
laravel-rebel-admin-api |
Control-plane JSON API for Laravel Rebel: security metrics, audit-event explorer, OTP/step-up funnels, provider health, with permission-gated and tenant-scoped read models. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-admin-api |
laravel-rebel-ai-guard |
Anomaly detection + AI security copilot for Laravel Rebel: deterministic rules detect anomaly cases; the optional AI only explains/suggests (sanitized prompts, no PII/OTP, human review). Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-ai-guard |
laravel-rebel-auth |
Meta-package for the padosoft/laravel-rebel-* enterprise authentication control plane: passwordless email-OTP, passkey-first, risk-based step-up with PSD2/SCA, channels, sessions, recovery, anomaly detection and a web admin panel — installs and ties the whole suite together. | padosoft/laravel-rebel-auth |
laravel-rebel-bot-protection |
Pluggable anti-bot / CAPTCHA gate for Laravel Rebel: server-side verification of Cloudflare Turnstile, Google reCAPTCHA v3 and hCaptcha tokens, fail-closed by default and fully audited. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-bot-protection |
laravel-rebel-bridge-fortify |
Bridge between Laravel Fortify and Laravel Rebel: exposes password-confirm / passkey / TOTP as step-up drivers, maps Fortify events into the Rebel audit trail, and enables passkey-first login. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-bridge-fortify |
laravel-rebel-bridge-laragear-2fa |
Bridge between laragear/two-factor and Laravel Rebel: exposes TOTP as an AAL2 step-up driver, integrates recovery codes, and emits full audit telemetry into the Rebel audit trail. Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-bridge-laragear-2fa |
laravel-rebel-bridge-otpz |
Bridge the benbjurstrom/otpz email one-time-password package into Laravel Rebel step-up. Exposes OTP email magic-code as a step-up driver (AAL2, AMR otp). Part of padosoft/laravel-rebel-*. | padosoft/laravel-rebel-bridge-otpz |
First principles
Laravel Rebel is an enterprise authentication control plane. It separates primitive assurance concepts from delivery channels, step-up decisions, admin operations, AI-assisted investigation, recovery, session governance and framework bridges.
flowchart LR
Core[laravel-rebel-core] --> Email[Email OTP]
Core --> Channels[Channels]
Core --> StepUp[Step-up]
Core --> Sessions[Sessions]
Core --> Recovery[Recovery]
Core --> AdminApi[Admin API]
AdminApi --> Admin[Admin UI]
Channels --> Twilio[Twilio]
Channels --> Vonage[Vonage]
Channels --> Bird[Bird]
Channels --> Telegram[Telegram]
Channels --> Discord[Discord]
StepUp --> Bridges[Fortify / Passkeys / TOTP / OTPZ]
AdminApi --> AiGuard[AI Guard]
Last updated:
Edit this page
Recent commits
