Rate limiting is one of those things everyone knows they should do and nobody enjoys configuring by hand. Claude can analyse your API routes and propose a complete throttling strategy.
cat routes/api.php | claude "Add appropriate rate limiting to these routes. Authentication endpoints should be stricter than read endpoints. Use named rate limiters defined in RouteServiceProvider and explain your reasoning."
Claude will define named limiters in RateLimiter::for() blocks and apply them per route group — not just slap a generic throttle:60,1 on everything.
// In RouteServiceProvider
RateLimiter::for('login', function (Request $request) {
return Limit::perMinute(5)->by($request->ip());
});
RateLimiter::for('api', function (Request $request) {
return $request->user()
? Limit::perMinute(120)->by($request->user()->id)
: Limit::perMinute(30)->by($request->ip());
});
You can push further: ask Claude to add custom throttle response messages, different limits per user plan, or exponential backoff headers.
Turn rate limiting from an afterthought into a deliberate security layer.
Log in to leave a comment.
Set up Claude Code as an automated reviewer in your CI pipeline — on every pull request, it reads the diff, checks for bugs, security issues, missing tests, and convention violations, then posts its findings as a PR comment. Your human reviewers get a head start because the obvious issues are already flagged before they look.
Before deploying, tell Claude to read your project — migrations, environment variables, queue workers, scheduled tasks, caching, third-party integrations — and generate a deployment checklist that's specific to your app. Not a generic "did you run migrations?" list, but one that knows YOUR infrastructure and catches the things YOUR deploy can break.
Instead of writing a README from memory or copying a template, tell Claude to read your project and generate one that's actually accurate — real setup instructions from your config, real architecture from your directory structure, real API examples from your routes, and real prerequisites from your dependency files.