withRouting( web: __DIR__.'/../routes/web.php', api: __DIR__.'/../routes/api.php', commands: __DIR__.'/../routes/console.php', health: '/up', ) ->withMiddleware(function (Middleware $middleware): void { $middleware->alias([ 'auth.device' => \App\Http\Middleware\AuthenticateDevice::class, ]); // Excluir CSRF para el webhook de Gitea (autenticado por HMAC) $middleware->validateCsrfTokens(except: [ 'webhook/*', ]); }) ->withExceptions(function (Exceptions $exceptions): void { $exceptions->shouldRenderJsonWhen( fn (Request $request) => $request->is('api/*') || $request->is('api/device/*'), ); })->create();