I created a staging server. I need to give devs access to build our app. It appears sFTP allows full access to all the core files. A rogue dev could edit core files and we would'nt know. Once copied over to the live site, our website would be compromised and hacked.

Cloudways needs to create a setting that allows account owners to configure whether devs have access to CORE app files. IF enabled, anyone with FTP or SSH access should NOT have access to core files of the app.

or ALERT the admin if any changes were made to CORE files. There are hundreds of CORE files in Laravel which do not need to be edited or modified. Collaboration is having proper security policies in place. Else it is a huge problem to collaborate and build a team.