anousss007 / vigilance
A driver-agnostic control center for Laravel queues, jobs, commands and the scheduler. Monitor what ran (with parameters), see failures, and dispatch jobs or run artisan commands manually from a self-contained dashboard.
Maintainers
Requires
- php: ^8.2
- illuminate/bus: ^12.0 || ^13.0
- illuminate/console: ^12.0 || ^13.0
- illuminate/contracts: ^12.0 || ^13.0
- illuminate/database: ^12.0 || ^13.0
- illuminate/queue: ^12.0 || ^13.0
- illuminate/support: ^12.0 || ^13.0
- livewire/livewire: ^3.5 || ^4.0
- symfony/process: ^7.0 || ^8.0
Requires (Dev)
- larastan/larastan: ^3.0
- laravel/pint: ^1.18
- orchestra/testbench: ^10.0 || ^11.0
- pestphp/pest: ^3.0 || ^4.0
- pestphp/pest-plugin-laravel: ^3.0 || ^4.0
Suggests
- ext-redis: For the write-behind 'redis' APM ingest driver (vigilance:apm-work).
- aws/aws-sdk-php: Lets vigilance:supervise auto-scale an SQS connection by ApproximateNumberOfMessages.
- pda/pheanstalk: Lets vigilance:supervise auto-scale a beanstalkd connection by tube backlog (queue depth).
- predis/predis: Alternative pure-PHP Redis client for the 'redis' APM ingest driver.
README
A driver-agnostic control center for Laravel queues, jobs, commands and the scheduler.
See what ran β with the parameters it ran with β whether it failed, and dispatch jobs or run artisan commands manually from a self-contained dashboard. Think "Horizon, but for every queue driver, plus commands, plus a manual control plane" β and built to run in production, not just locally.
π Documentation & guide β anousss007.github.io/laravel-vigilance
Published on Packagist. The capture, storage, manual-control, metrics, tracing and worker-supervisor layers are covered by tests β including a real multi-process supervisor chaos battery validated across the
database,redis,sqsandbeanstalkddrivers (autoscaling, crash-recovery, graceful shutdown, zero orphans). The dashboard ships as a standalone Livewire UI (no Filament required).
Why Vigilance (and how it differs from Telescope / Horizon)
| Horizon | Telescope | Vigilance | |
|---|---|---|---|
| Queue drivers | Redis only | all | all (database, Redis, SQS, Beanstalkd, sync) |
| Jobs | β | β | β (full queued β running β done/failed lifecycle) |
| Artisan commands | β | β (view) | β (capture and run manually) |
| Scheduler monitoring | β | partial | β (late / failed / grace) |
| Manual dispatch of jobs | β | β | β (typed form from the constructor) |
| Run arbitrary commands from UI | β | β | β (allowlisted) |
| Error tracking (grouped issues) | β | β (view) | β (web Β· queue Β· command Β· browser, fingerprinted inbox) |
| Whole-app APM + per-route percentiles | β | β | β (p50/p95/p99, Apdex, error rate) |
| Real User Monitoring (Core Web Vitals) | β | β | β (LCP/INP/CLS/FCP/TTFB + JS errors) |
| SLOs + error budgets | β | β | β (burn-rate alerts) |
| Trace-correlated log explorer | β | β (view) | β (searchable, linked to traces) |
| Custom business metrics | β | β | β (one-line API + dashboard) |
| Release health / deploy gating | β | β | β (before/after regression guard + rollback alert) |
| Anomaly detection | β | β | β (dynamic baselines, not fixed thresholds) |
| Alerting | β | β | β (mail Β· Slack Β· Discord Β· Teams Β· webhooks + incidents) |
| Production-oriented | β | β (debug tool) | β (see below) |
Built for production
Telescope is a fantastic local debugging assistant, but it observes your whole app (requests, queries, cache, models, jobs, β¦), records everything by default, stores it verbatim with no size caps and no native sampling β which is why its own docs tell you to neuter it in production. Vigilance is deliberately narrow (only jobs / commands / scheduler) and bounded by design:
- One row per run, updated through its lifecycle β not a row per event.
- Sampling decided at dispatch time: a sampled-out successful job costs zero database writes. Failures are always captured regardless of the sample rate.
- Size caps on parameters, exception traces and command output (configurable truncation).
- Secret redaction by key name (
password,token, β¦) before anything is stored. - Separate database connection supported, to keep monitoring writes off your primary connection.
- Capture is wrapped in a guard β a monitoring error can never break the host application.
- Master switch + per-type toggles + exclusion list and a
ShouldNotBeMonitoredmarker. - Retention/pruning via
vigilance:prune, plus ring-buffered metric snapshots. - Secure-by-default dashboard (local-only until you explicitly authorize access).
Whole-app APM (optional)
On top of jobs/commands/scheduler, Vigilance includes a production-first APM
layer β servers (CPU/memory/disk), slow requests, slow queries, slow outgoing
HTTP, cache hit-rate, exceptions and per-user usage β on the APM dashboard
page. It covers the same ground as Laravel Pulse, but driver-agnostic and with no
extra infrastructure: recorders capture cheaply (~9 Β΅s/record), defer the heavy
work, and flush after the response is sent, so there is zero request latency.
A clean Ingest export seam lets you fan the same telemetry out to an external
APM (the groundwork for a Laravel Nightwatch integration).
Run the heartbeat on each app server and read the full design in docs/apm.md:
php artisan vigilance:check
Tracing (optional, off by default)
For the deep dive, Vigilance can record a per-request / per-job waterfall β every query, cache op and outgoing HTTP call inside a single request, with timings β on the Traces page. It's the self-hosted equivalent of a hosted APM's trace view.
Because full traces are heavy, tracing is off by default and engineered to
stay cheap: spans are collected in a ~2 Β΅s in-memory push and the trace is
persisted only if it's slow, errored, or sampled β so at millions of queries
you store a tiny fraction, never everything, and the write happens after the
response is sent. Enable with VIGILANCE_TRACING=true; see
docs/tracing.md.
Observability suite
On top of capture, APM and tracing, Vigilance is a full front-to-back observability platform. Each layer keeps the same production-first posture (captured cheaply, flushed after the response, sampled and bounded) and lands on its own dashboard page. Full guide in docs/observability.md.
| Feature | Page | What it gives you |
|---|---|---|
| Issues β unified error tracking | /vigilance/issues |
Every exception (web Β· queue Β· command Β· Vigilance::report() Β· browser) fingerprinted into a grouped inbox with stacktrace, context, occurrence sparkline, assign/ack/mute/resolve |
| Routes β per-route performance | /vigilance/routes |
Throughput, error rate, Apdex and exact p50/p95/p99 latency per route |
| Web Vitals β RUM | /vigilance/vitals |
Core Web Vitals (LCP/INP/CLS/FCP/TTFB) + JS errors from real visitors via the @vigilanceRum beacon |
| SLOs β error budgets | /vigilance/slos |
Availability / latency objectives vs. an error budget, with a short-window burn-rate alert |
| Incidents β alerting depth | /vigilance/incidents |
Fired alerts persisted as incidents (open β auto-resolved) with level, occurrences and MTTR; channels for Discord / Teams / generic webhooks |
| Releases β deploy health | /vigilance/releases |
Each deploy's error-rate / latency / throughput after vs. before, with a healthy/degraded/regressed verdict; a bad deploy fires a rollback-ready alert |
| Custom Metrics β business KPIs | /vigilance/custom-metrics |
Vigilance::increment() / gauge() β auto-discovered counter & gauge cards with sparklines |
| Logs β explorer | /vigilance/logs |
Searchable application logs correlated to the trace that emitted them |
use Vigilance\Vigilance; Vigilance::increment('signups'); // custom counter Vigilance::gauge('cart_value', $cart->total()); // custom gauge
{{-- drop in your layout <head> after VIGILANCE_RUM=true to collect Web Vitals --}} @vigilanceRum
Requirements
- PHP 8.2+
- Laravel 12 or 13
- Livewire 3.5+ or 4 (pulled in automatically)
Installation
composer require anousss007/vigilance php artisan vigilance:install # publishes config + prints next steps php artisan migrate # migrations are auto-loaded
Lock down the dashboard (it is local-only until you do this) β in any service provider's boot():
use Vigilance\Vigilance; Vigilance::auth(fn ($request) => in_array($request->user()?->email, [ 'you@example.com', ]));
Authorization also flows through Laravel's Gate, so if you already grant access with a Gate::before rule (e.g. "admins can do anything") or prefer the gate idiom, just define a viewVigilance ability β exactly like Horizon's viewHorizon / Telescope's viewTelescope:
use Illuminate\Support\Facades\Gate; Gate::define('viewVigilance', fn ($user) => $user->isAdmin());
Schedule maintenance (in routes/console.php or your Kernel):
use Illuminate\Support\Facades\Schedule; Schedule::command('vigilance:prune')->daily(); Schedule::command('vigilance:snapshot')->everyFiveMinutes(); Schedule::command('vigilance:schedule-sync')->hourly();
The dashboard is then at /vigilance (configurable).
Heads-up β
webmiddleware: the dashboard inheritsconfig('vigilance.middleware'), which defaults to['web']. If yourwebgroup appends global redirects (locale prefixing like/{locale}/β¦, maintenance/teaser pages, forced auth), they will rewrite or 404 the dashboard URL β the same caveat Horizon, Pulse and Telescope carry. Either addvigilanceto that middleware's skip-list, or setvigilance.middlewareto a trimmed stack (e.g.['web']minus the redirect, or just[\Illuminate\Session\Middleware\StartSession::class, β¦]) so the dashboard isn't subject to app-wide request rewriting.
How capture works
Vigilance injects a correlation id into each job's payload at dispatch (Queue::createPayloadUsing) and listens to the framework's queue events (JobProcessing, JobProcessed, JobFailed, JobReleasedAfterException). Because it reacts to runtime events and persists to its own tables, it is completely driver-agnostic β the same code tracks a job whether it ran on sync, database, redis, sqs or beanstalkd.
Artisan commands are captured via CommandStarting / CommandFinished (name, arguments, options, exit code, duration). The scheduler is tracked via ScheduledTask* events, which keep a per-task monitor up to date (last run, duration, lateness, failures).
Manual control (dispatch jobs / run commands)
The dashboard can dispatch jobs and run artisan commands with user-supplied parameters. Because that is effectively remote code execution, it is off by default (like the read-only posture of Horizon / Telescope / Pulse). Opt in with VIGILANCE_CONTROL_ENABLED=true, then govern it with an allowlist (config/vigilance.php β control):
- Jobs β
modeofmarker(only jobs implementingVigilance\Contracts\Dispatchable),list(explicit classes),discover(allShouldQueueinpaths), orall. The dispatch form is generated by reflecting the job's constructor (scalars, enums, dates and Eloquent models viaModel::findOrFail). Indiscovermode, hide a job with side effects by implementingVigilance\Contracts\ShouldNotBeDispatchedManually. - Commands β
modeoflist(allow names/wildcards) orall. Adenylist (destructive commands likemigrate:fresh,db:wipe,tinker, β¦) always wins, as do Vigilance's ownvigilance:*commands.vigilance:doctorreports any allowlisted command that was overridden this way, so a dropped entry is never silent.
Every manual dispatch / command run / retry is written to an audit log (who ran what, with which parameters).
Opt a job in to manual dispatch:
use Vigilance\Contracts\Dispatchable; class ProcessPodcast implements ShouldQueue, Dispatchable { public static string $vigilanceLabel = 'Process a podcast'; public function __construct(public Podcast $podcast, public bool $notify = true) {} }
Configuration
See config/vigilance.php β every option is documented inline. Highlights:
enabled,path,domain,middlewarestorage.connectionβ dedicate a DB connectioncapture.sample_rateβ fraction of successful runs to keep (failures always kept)capture.store_parameters,capture.store_for_retry, size capsexcept.jobs/except.commandsβ exclusionscontrol.jobs/control.commandsβ manual-control allowlistsredactβ secret key namesretention.days/retention.failed_daysβ pruning windowsnotifications.mail/slack/discord/teams/webhooksβ where alerts are deliveredissuesβ unified error tracking (sample rate, request-input capture, ignore list)rumβ Real User Monitoring (enable, throttle, JS-error capture)slosβ service-level objectives + error budgets (define your own)logsβ trace-correlated log explorer (enable, min level, sample, retention)alertsβ rule engine + incident tracking (per-rule thresholds,incidents)release_healthβ deploy-regression guard (comparison window, thresholds)releaseβ current release identifier (tags issues + deploy markers)ignore_pathsβ exclude noisy endpoints (/admin/*, β¦) from all telemetryrum.symbolicateβ symbolicate RUM JS errors against uploaded source maps
Recommended production profile
VIGILANCE_SAMPLE_RATE=0.1 # keep 10% of successes; 100% of failures VIGILANCE_DB_CONNECTION=monitoring # optional dedicated connection VIGILANCE_RETENTION_DAYS=7
Alerting
Vigilance evaluates rule-based alerts at vigilance:snapshot time β queue
backlog, failure-rate, exception spikes, slow-request rate, overdue/failed
scheduled tasks (a dead-man's-switch), SLO burn rate, new & regressed
issues, metric anomalies (dynamic baselines) and bad deploys (release
regression) β each throttled per key. Alerts route to email, Slack, Discord, Microsoft Teams and any
number of generic webhooks (PagerDuty, Opsgenie, β¦) straight from .env
(no service provider required):
VIGILANCE_ALERT_EMAILS=ops@example.com,cto@example.com # single or comma-separated VIGILANCE_SLACK_WEBHOOK=https://hooks.slack.com/services/β¦ VIGILANCE_DISCORD_WEBHOOK=https://discord.com/api/webhooks/β¦ VIGILANCE_TEAMS_WEBHOOK=https://outlook.office.com/webhook/β¦ VIGILANCE_ALERT_WEBHOOKS=https://events.pagerduty.com/β¦,https://β¦ # one or comma-separated
Fired alerts are persisted as incidents (opened on first fire, auto-resolved
when the alert stops recurring), tracked with occurrence counts and MTTR on
the Incidents page. You're notified once when an incident opens (and
again only if it escalates or recurs) β a sustained condition like a breaching
SLO won't email you every window. Set alerts.renotify_minutes for periodic
reminders while an incident stays open.
Prefer code? Set them in a service provider's boot() β an explicit call
overrides the .env values:
use Vigilance\Vigilance; Vigilance::routeMailNotificationsTo(['ops@example.com', 'cto@example.com']); Vigilance::routeSlackNotificationsTo('https://hooks.slack.com/services/β¦'); // β¦or route alerts anywhere (PagerDuty, SMS, a custom Notification, β¦): Vigilance::alertUsing(fn ($alert) => $team->notify(new QueueAlert($alert)));
If no mail recipient and no Slack webhook is configured, alerting stays silent
(nothing is sent). Tune the rules and thresholds under notifications /
alerts in config/vigilance.php.
Commands
Setup & maintenance
| Command | Purpose |
|---|---|
vigilance:install |
Publish config, optionally migrate, print next steps (--provider also publishes the gate stub) |
vigilance:doctor |
Diagnose the install and surface common misconfigurations |
vigilance:prune |
Delete old runs (--days, --failed-days, --dry-run) and trim snapshots |
vigilance:snapshot |
Capture a throughput/runtime/wait-time metric snapshot |
vigilance:schedule-sync |
Sync defined scheduled tasks into monitors (--keep-old) |
vigilance:deploy |
Record a deployment marker (--release, --commit) β feeds release health |
vigilance:sourcemaps |
Upload JS source maps (--release, --prune) so RUM browser errors are symbolicated |
Worker supervision β the Horizon replacement (optional, works on any queue driver)
| Command | Purpose |
|---|---|
vigilance:supervise |
Run & auto-scale your queue workers (replaces queue:work). --once / --max-time=N for bounded/test runs |
vigilance:status |
Show running supervisors and their workers |
vigilance:pause / vigilance:continue |
Pause / resume all supervisors |
vigilance:restart |
Gracefully restart all workers (e.g. after a deploy) |
vigilance:terminate |
Gracefully stop the supervisor and all its workers |
APM heartbeat & uptime
| Command | Purpose |
|---|---|
vigilance:check |
Capture server stats + flush APM telemetry every second β the heartbeat. Runs as a daemon; --once for cron/testing |
vigilance:apm-work |
Drain buffered telemetry into storage for the redis write-behind ingest (--once) |
vigilance:health |
Ping the configured uptime URLs and record availability + latency |
For a production cutover from Horizon, run vigilance:supervise as your long-running worker process (under systemd / Supervisor / your platform's process manager) in place of php artisan horizon, and run vigilance:check as the APM heartbeat on each app server.
Schema & terminology
A few column/term names differ from the prose, worth knowing if you query the tables directly:
vigilance_runs.connection_nameholds the queue connection;vigilance_supervisors.connectionis the same concept on the supervisor table.- Failure grouping is stored as
vigilance_failure_groups.signature(the "fingerprint") with anoccurrencescount. vigilance_supervisorsuses a natural key onname(no surrogateid).
AI-assisted development (Laravel Boost)
Vigilance ships first-class Laravel Boost
support. In any project that uses Boost, php artisan boost:install (and
boost:update) automatically loads Vigilance's AI guidelines and installs a
vigilance-development agent skill β so your coding agent (Claude Code,
Cursor, Copilot, β¦) already knows Vigilance's conventions: securing the dashboard
with viewVigilance, the Dispatchable / ShouldNotBeMonitored markers, the
driver-agnostic worker supervisor, .env alert routing, APM/tracing and more.
Nothing to wire up β the guidelines live in
resources/boost/guidelines/core.blade.php and the skill in
resources/boost/skills/vigilance-development/.
Testing
composer install ./vendor/bin/pest
CI runs the suite against SQLite, PostgreSQL 16 and MySQL/MariaDB 11.4 (the
storage layer's per-driver SQL β generated key-hash columns, upserts, LIKE
escaping β is exercised on each). Point the suite at a real engine locally with
VIGILANCE_TEST_DB=pgsql (or mysql) plus the usual DB_* env vars.
License
MIT.