What's new in v0.1.0

v0.1.0 May 20, 2026

First tracked release. Early beta. Earlier history not recorded — see git log for changes prior to release-tracker adoption.

Browser Console — Documentation

Filament Carousel Filament Comments Filament Gantt Filament Gantt Lite Filament Media Panel Base Browser Console System Tools Project Essentials Filament Diagrammer Filament Workflow Filament DAM Laravel Feedback Filament Reviews Release Tracker

Browser Console

Sponsor

A web-based Artisan console, shell terminal, log viewer, and debug tool for Laravel — accessible from your browser, no database required.

❤️ Sponsor this project — If Browser Console saves you time, consider sponsoring on GitHub to support ongoing development.

Features

  • Artisan Commands — Run any artisan command with auto-complete reference panel
  • Shell Terminal — Execute shell commands (git, composer, php, system tools) with real-time streaming output
  • Log Viewer — Browse, filter, and download Laravel logs by level
  • Debug Tool — Ray-like console() helper for inspecting variables with color coding, labels, and table views
  • Deployment Guide — Step-by-step deployment reference panel with one-click command execution
  • No Database Required — File-based sessions, works in maintenance mode
  • Secure — Bcrypt password hashing, session timeout, rate limiting, IP whitelisting, custom auth gate
  • Zero Build Step — Tailwind CSS via CDN, no npm/vite required

Requirements

  • PHP 8.2+
  • Laravel 11 or 12
  • Livewire 3.x

Installation

Publish the config file:

Create your console credentials:

Visit /console in your browser.

Configuration

After publishing, the config file is at config/browser-console.php:

Environment Variables

Add these to your .env file (or use browser-console:create):

Usage

Artisan Tab

Type any artisan command or click one from the reference panel:

Commands run as isolated subprocesses — no risk of corrupting the web response.

Shell Tab

Execute whitelisted shell commands:

Allowed commands: composer, git, php, ls, pwd, whoami, readlink, cat, mkdir, chmod, ln, df, du, head, tail, wc, find, which

Shell operators (;, &&, |, >, etc.) are blocked for security.

Logs Tab

  • Browse Laravel log entries with level filtering (debug, info, warning, error, critical)
  • Configurable line count (50, 100, 200, 500)
  • Download or clear log files

Debug Tab

Add console() calls anywhere in your Laravel code:

Available colors: ->green(), ->blue(), ->orange(), ->red(), ->purple()

Available methods: ->label(string), ->table(), ->color(string)

Debug entries are written to storage/logs/console-debug.log as NDJSON and auto-pruned at 500KB.

Security

Authentication

  • Bcrypt hashing — Passwords are stored as bcrypt hashes (never plaintext)
  • Session timeout — Auto-logout after 30 minutes of inactivity (configurable)
  • Rate limiting — 600 requests/minute by default (configurable)
  • CSRF protection — Standard Laravel web middleware

IP Whitelisting

Restrict console access to specific IPs:

Leave empty to allow all IPs.

Custom Auth Gate

Bypass the built-in password auth with your own logic:

When the gate returns true, the login form is skipped entirely.

Middleware Exclusion

Exclude app-specific middleware from console routes:

Shell Command Security

  • Allowlist-only — Only whitelisted base commands can run
  • No shell operators;, &&, |, >, backticks, $() are all blocked
  • Dangerous pattern blockingrm, git push, git reset --hard, directory traversal, /etc/, etc.
  • No variable expansion$VAR and ~ are blocked

Artisan Commands

Troubleshooting

If /console returns a 500 error or doesn't load after deploying, use the built-in diagnostics page (bcd.php) to find the exact cause.

Diagnostics Page (bcd.php)

During installation (php artisan browser-console:install), you'll be asked whether to publish the diagnostics page to public/bcd.php. It works without Laravel — even when the framework itself fails to start.

Visit https://your-domain.com/bcd.php and authenticate with your console password.

The page checks:

  • PHP Environment — Version, required extensions, proc_open() availability
  • Laravel Structure.env, APP_KEY, vendor directory, config/route caches
  • File Permissionsstorage/, bootstrap/cache/, public/, and all subdirectories
  • Browser Console Package — Installation, config, credentials, Livewire, .htaccess
  • Laravel Boot Test — Attempts to bootstrap Laravel and shows the exact exception

Authentication: The diagnostics page requires the BROWSER_CONSOLE_PASSWORD from your .env file. If no password is set, the page is locked entirely.

CLI Diagnostics

If you have SSH access, run comprehensive diagnostics from the terminal:

This checks PHP environment, Laravel structure, file permissions, session & CSRF configuration, middleware stack (global + web group), session file read/write, CSRF token roundtrip, PHP settings (post_max_size, gc_maxlifetime, etc.), HTTPS & reverse proxy detection, cookie encryption order, and OPcache settings.

Use --fix to auto-repair common issues (directory permissions, cache clearing, missing files):

Managing bcd.php

To publish it later (or re-publish after removal):

Uninstalling

Before removing the package, clean up published files:

You may also want to remove the .env variables (BROWSER_CONSOLE_USER, BROWSER_CONSOLE_PASSWORD, etc.).

How It Works

The console uses file-based sessions (not your database session driver) with a separate cookie (browser-console-session). This means:

  • Works without a database connection
  • Works in maintenance mode
  • Does not interfere with your main app's sessions
  • Artisan commands run as isolated subprocesses via Symfony\Process

Testing

License

The MIT License (MIT). Please see License File for more information.

Powered by Codenzia
✓ Thanks! We read every message.