phpcs / phpstan Support

GitAuto runs PHP_CodeSniffer (phpcs/phpcbf) and PHPStan on every PHP file in a pull request as part of the quality verification pipeline. phpcbf autoformats fixable style violations and the agent commits the result. phpcs surfaces remaining lint findings. phpstan runs static analysis on the same set of files. The PHP path runs alongside the existing JavaScript/TypeScript path so a mixed repo gets both checks without configuration.

PHP Projects Need PHP-Aware Checks

Generated PHP code frequently has lint and static-analysis issues that block CI - inconsistent indentation, missing return types, references to symbols that don't exist, dead branches after type narrowing. These issues are trivial for a language-aware tool to catch but invisible to a model writing PHP from training data. Without a PHP-specific check, the agent commits code that fails the project's existing CI on the next push, costing review cycles.

Running phpcs/phpcbf and phpstan as part of the same gate that already enforces ESLint, Prettier, and tsc for JavaScript/TypeScript projects gives PHP repos parity: style and trivial structure issues are autofixed and committed by the agent; unfixable lint and static-analysis errors come back in the verification result so the agent retries before the human sees the PR.

Why Models Need a PHP Static Checker

Models generate PHP that's syntactically valid against a generic grammar, not against your project's specific phpcs ruleset, return-type rules, or autoload map. A test that looks correct can fail because of namespace resolution, an unused import, a method-name convention, or a return type that doesn't match the interface. The only way to know is to run the tools the project already trusts. Benchmarks rarely run phpcs or phpstan, so model output isn't penalized for these failures during training.

How It Works

GitAuto detects phpcs by checking for phpcs.xml, phpcs.xml.dist, .phpcs.xml, or .phpcs.xml.dist. phpstan is detected by phpstan.neon, phpstan.neon.dist, or phpstan.dist.neon. If a project has neither, the PHP path is skipped silently - no false errors against repos that don't use these tools.

Tool binaries are looked up in vendor/bin/ first, then in vendor-bin/*/vendor/bin/ for projects using the bamarni/composer-bin-plugin layout (where dev tools are isolated under a separate composer bucket, often pinned to a different PHP version than the runtime). Binaries are invoked through php -d error_reporting=E_ALL&~E_DEPRECATED so PHP 8.x running PHP 7.x-era code doesn't emit deprecation noise that would corrupt JSON output.

The file-extension filter for phpcs/phpcbf includes .php and .inc, matching phpcs's documented defaults - some PHP repos hold significant source code in .inc files that would otherwise be silently skipped. phpstan is filtered to .php only, since phpstan rejects unknown extensions at the CLI argument check unless its config explicitly opts in.

phpcs and phpstan output is parsed from JSON (--report=json for phpcs, --error-format=json for phpstan) and surfaced to the agent in the same shape as ESLint and tsc results, so the same retry and self-review logic applies regardless of language.

Related Features

• Formatting - the JavaScript/TypeScript counterpart that runs Prettier
• Linting - the JavaScript/TypeScript counterpart that runs ESLint
• Type Checking - the TypeScript counterpart that runs tsc
• PHPUnit Support - runs PHP test suites in the same pipeline