Summary
Tighten the README's installation and access-control guidance for non-local environments so users understand how to expose Omni safely outside local development.
Why
The current README explains the default viewOmni gate and shows a basic override example, but it still leaves a few important questions open for real deployments:
- how to use Omni behind authentication middleware
- how to think about non-local or staging environments
- how to disable Omni entirely
- how to change the path from
/omni
- how to balance convenience with safety when enabling command-backed actions
Since access control is the most sensitive part of this package, the docs should be extra explicit here.
Current Implementation Notes
Relevant docs/config:
README.md
config/omni.php
src/OmniServiceProvider.php
src/Http/Middleware/AuthorizeOmni.php
The README already covers:
- package installation
- config publishing
- the default
viewOmni gate
- a sample gate override
- middleware configuration at a high level
The missing piece is practical guidance for using Omni anywhere other than a purely local setup.
Proposed Scope
Improve the README with clearer guidance for:
Safe installation and exposure
- local-only usage versus staging/production usage
- requiring authentication middleware in non-local environments
- using a restrictive
viewOmni gate with real application auth logic
- disabling Omni completely with
OMNI_ENABLED=false
Common configuration paths
- changing the URI path with
OMNI_PATH
- layering middleware such as
web and auth
- turning off unfinished modules with feature flags where appropriate
Expectations and guardrails
- explain that Omni includes read-only diagnostics plus a small number of command-backed workflow helpers
- call out that access control should be reviewed before enabling the package outside local development
- add a short example configuration for a safer non-local setup
Acceptance Criteria
- the README includes a practical non-local setup section
- docs clearly explain
viewOmni, middleware, path, and enabled
- docs include at least one safer example for authenticated/admin-only access
- the guidance is clear enough for first-time package users evaluating whether Omni is safe for their environment
Nice To Have
- add a short troubleshooting note for common "why am I getting 403/404?" questions
- include a small "recommended defaults" snippet for staging or internal admin use
Summary
Tighten the README's installation and access-control guidance for non-local environments so users understand how to expose Omni safely outside local development.
Why
The current README explains the default
viewOmnigate and shows a basic override example, but it still leaves a few important questions open for real deployments:/omniSince access control is the most sensitive part of this package, the docs should be extra explicit here.
Current Implementation Notes
Relevant docs/config:
README.mdconfig/omni.phpsrc/OmniServiceProvider.phpsrc/Http/Middleware/AuthorizeOmni.phpThe README already covers:
viewOmnigateThe missing piece is practical guidance for using Omni anywhere other than a purely local setup.
Proposed Scope
Improve the README with clearer guidance for:
Safe installation and exposure
viewOmnigate with real application auth logicOMNI_ENABLED=falseCommon configuration paths
OMNI_PATHwebandauthExpectations and guardrails
Acceptance Criteria
viewOmni,middleware,path, andenabledNice To Have