PHPackages mrezdev/laravel-talkto - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Queues & Workers](/categories/queues) 4. / 5. mrezdev/laravel-talkto ActiveLibrary[Queues & Workers](/categories/queues) mrezdev/laravel-talkto ====================== Reliable Laravel service-to-service messaging with signed outbox/inbox envelopes, idempotency, retries, callbacks, observability, and security audit tooling. v0.4.1(today)00MITPHPPHP ^8.2CI passing Since Jun 18Pushed todayCompare [ Source](https://github.com/mrezdev/laravel-talkto)[ Packagist](https://packagist.org/packages/mrezdev/laravel-talkto)[ RSS](/packages/mrezdev-laravel-talkto/feed)WikiDiscussions main Synced today READMEChangelog (6)Dependencies (10)Versions (6)Used By (0) Laravel Talkto ============== [](#laravel-talkto) Laravel Talkto is a generic Laravel package for secure service-to-service command delivery. It gives Laravel applications a common transport layer for signed envelopes, outbox/inbox persistence, handler execution, retries, attempts, dead letters, idempotency, replay protection, source action lifecycle hooks, and signed result callbacks. The package intentionally stops at the communication boundary. Host applications keep their own domain rules, model lookups, validation, writes, dashboards, rollout decisions, and callback side effects. What Laravel Talkto Is ---------------------- [](#what-laravel-talkto-is) Laravel Talkto helps one Laravel app send a command to another Laravel app, persist the lifecycle on both sides, run an approved receiver handler, and record enough state for retries and operations. It is useful when service communication needs to be signed, replay-aware, idempotent, observable, and recoverable without copying the same transport code into every application. ``` flowchart LR A["Source app"] --> B["Signed command envelope"] B --> C["Target receive route"] C --> D["Inbox message + handler"] D --> E["Result object"] E -. "Signed result callback" .-> A ``` Loading When To Use It -------------- [](#when-to-use-it) - You have two or more Laravel services exchanging commands. - You need HMAC signing, timestamp checks, and payload hashes. - You want outbox/inbox records for message lifecycle and operator review. - You need idempotency and duplicate message protection. - You want retry, dead-letter, and report commands around message state. - You want package-owned transport behavior while host code owns business behavior. When Not To Use It ------------------ [](#when-not-to-use-it) - You only need an in-process service class call. - You need a general event bus, stream processor, or pub/sub platform. - You need the package to own host-specific business dashboards or operational policy. - You want the package to own host domain logic, permissions, or data mapping. - You want the package to decide what callback results mean for host business side effects. Core Features ------------- [](#core-features) - Signed command envelopes with HMAC SHA-256. - Payload hashing and timestamp tolerance checks. - Optional v2 signatures with nonce support. - Outbox/inbox persistence on `talkto_messages`. - Attempt and lifecycle event tracking. - Incoming command handler contracts and registry. - Outgoing target config, aliases, and registry. - Source action lifecycle wrapping for outgoing flows. - Idempotency and replay protection using the message ledger. - Retry/backoff state and retry command. - Dead Letter Queue storage and reprocess command. - Read-only metrics, health summaries, report command, and message trace command. - Optional Talkto Panel for local message inspection, trace, safe retry/reprocess actions, and connection health. - Read-only security audit command and centralized redaction. - Signed result callback sender and receiver runtime, with contracts that hosts can override. Optional Talkto Panel --------------------- [](#optional-talkto-panel) Laravel Talkto includes an optional Blade/Tailwind operations panel. It is disabled by default and can show local message history, detail/trace views, safe retry and dead-letter reprocess actions, passive connection health, and optional active health checks for configured health URLs. ``` TALKTO_PANEL_ENABLED=true TALKTO_PANEL_PREFIX=admin/talkto TALKTO_PANEL_AUTHORIZATION_ENABLED=true TALKTO_PANEL_GATE=viewTalktoPanel ``` The panel does not require Livewire, Vue, React, Inertia, Filament, or required frontend JavaScript. See [docs/panel.md](docs/panel.md) for setup, security defaults, view publishing, payload visibility, and production guidance. 60-Second Architecture Overview ------------------------------- [](#60-second-architecture-overview) 1. The source app creates a durable outgoing `TalktoMessage`. 2. The package builds and signs an envelope for the configured target service. 3. The target app verifies the signature, timestamp, target service, command allowlist, and payload hash. 4. The target app stores an incoming message and queues handler processing. 5. The configured handler returns a `TalktoIncomingCommandResult`. 6. The package updates message status, attempts, events, retry state, and DLQ state. 7. The destination can send a signed result callback to the source through `ResultCallbackSenderContract`. Routes and migrations are disabled by default. Hosts opt in only after confirming route ownership and table ownership. Requirements ------------ [](#requirements) - PHP `^8.2` - Laravel components compatible with `^12.0|^13.0` - A queue worker for asynchronous send and receive jobs - A database connection for package message tables when package migrations are enabled - Shared secrets configured per service pair Installation ------------ [](#installation) ``` composer require mrezdev/laravel-talkto php artisan vendor:publish --tag=laravel-talkto-config php artisan vendor:publish --tag=laravel-talkto-migrations ``` Short publish tags are also available: ``` php artisan vendor:publish --tag=talkto-config php artisan vendor:publish --tag=talkto-migrations ``` Review the published config before enabling package routes or migrations. 5-Minute Quickstart ------------------- [](#5-minute-quickstart) Install and publish: ``` composer require mrezdev/laravel-talkto php artisan vendor:publish --tag=talkto-config php artisan vendor:publish --tag=talkto-migrations ``` Set the local service name: ``` TALKTO_SERVICE=source-service TALKTO_ROUTES_ENABLED=false TALKTO_MIGRATIONS_ENABLED=false ``` Configure one outgoing target: ``` 'outgoing' => [ 'target-service' => [ 'url' => env('TALKTO_TARGET_SERVICE_URL', 'https://target.example.test'), 'endpoint' => '/api/talkto/receive', 'secret' => env('TALKTO_TO_TARGET_SERVICE_SECRET'), 'mode' => 'reliable', ], ], ``` Configure one incoming command handler on the receiving app: ``` 'incoming' => [ 'source-service' => [ 'secret' => env('TALKTO_FROM_SOURCE_SERVICE_SECRET'), // Missing or empty allowed_commands rejects all commands. 'allowed_commands' => [ 'domain.command' => [ 'driver' => 'handler', 'handler' => App\Talkto\Handlers\DomainCommandHandler::class, 'idempotency' => 'required', ], ], ], ], ``` Incoming command allowlists are fail-closed: a command is accepted only when it is explicitly listed under the source service. Use `allow_all_commands => true` only for trusted/internal development cases. Create a small generic handler: ```