Ask Claude to Write Custom PHPStan Rules for Your Codebase
PHPStan catches bugs at analysis time, but the real power comes from custom rules that enforce your team's conventions. Writing them by hand means wrestling with the AST — or you can just ask Claude.
Write a custom PHPStan rule that forbids calling $model->save()
directly inside a controller. All persistence should go through
a repository or service class. Include the PHPStan extension
config to register it.
Claude generates a complete rule class extending PHPStan\Rules\Rule, with proper node visitor logic, error messages, and the phpstan.neon config to wire it up:
// src/PHPStan/NoDirectSaveInControllerRule.php
class NoDirectSaveInControllerRule implements Rule
{
public function getNodeType(): string
{
return MethodCall::class;
}
public function processNode(Node $node, Scope $scope): array
{
// Claude handles the AST inspection logic
}
}
You can ask for Larastan-specific rules too:
Write a Larastan rule that flags any Eloquent query inside a
Blade view file. Queries should only run in controllers or
dedicated query classes.
Need to enforce naming conventions, ban specific function calls, or require certain return types? Just describe the rule in plain English and Claude writes the visitor, the tests, and the config.
Codify your team's standards into static analysis rules — Claude handles the AST complexity.
Log in to leave a comment.
The /security-review command scans your uncommitted changes for injection vectors, auth gaps, hardcoded secrets, and other common vulnerabilities.
The SessionStart hook fires when any session begins or resumes, making it ideal for loading environment variables and running one-time setup scripts.
Ask Claude to write property-based tests for your functions using fast-check — it identifies the mathematical invariants in your code and generates tests that cover inputs you'd never enumerate by hand.