Every request in a multi-tenant SaaS needs to answer a dozen questions before your controller runs. Which company context? Is the session valid? Is the user banned? Has the subscription expired? Should the screen be locked? What language? I built Kohana.io - a production CRM/ERP - and ended up with 11 custom middlewares and 6 traits. Not because I wanted to over-engineer, but because each one solved a recurring problem. Now I'm extracting them into LaraFoundry , an open-source SaaS framework for Laravel. This post covers the full middleware stack, all custom traits, and the design decisions behind them. The Middleware Stack Order matters. Here's the complete stack with execution sequence: 1. HandleInertiaRequests → shares props with Vue frontend 2. SetActiveCompanyMiddleware → resolves company context 3. UpdateLastSessionActivity → tracks activity + device info 4. AddLinkHeadersForPreloadedAssets → HTTP/2 push 5. StoreIntendedUrl → saves URL for post-auth redirects 6. SetLocale → detects language 7.…