VOOZH about

URL: https://deepwiki.com/auth0/wordpress/4.3-code-quality-tools

⇱ Code Quality Tools | auth0/wordpress | DeepWiki

Loading...
Loading...
Menu

Code Quality Tools

Purpose and Scope

This document covers the code quality assurance tools integrated into the Auth0 WordPress plugin development workflow. These tools enforce code standards, detect potential bugs through static analysis, and automate refactoring tasks. The focus is on PHPStan, Psalm, PHP-CS-Fixer, and Rector, along with the composite test command that orchestrates all quality checks.

For information about the testing framework (Pest), see Testing Framework. For details about the build process that packages the plugin for distribution, see Build and Packaging.

Quality Tools Overview

The plugin integrates four primary code quality tools, each serving a distinct purpose in the development workflow:

ToolPurposeComposer Script
PHPStanStatic type analysis with strict rules and WordPress-specific checkscomposer phpstan
PsalmAlternative static analysis with auto-fixing capabilitiescomposer psalm
PHP-CS-FixerCode style enforcement and automatic formattingcomposer phpcs
RectorAutomated refactoring and code modernizationcomposer rector

All tools can be executed together using the composite command: composer test

Sources: composer.json42-59 composer.json97-117

Development Workflow Integration

The quality tools are integrated at multiple stages of the development process, from local development through continuous integration:



Sources: composer.json97-117




Static Analysis: PHPStan


PHPStan provides static type analysis for PHP code, catching type errors, undefined variables, and incorrect method calls before runtime. The plugin uses PHPStan with strict rules and WordPress-specific extensions.


PHPStan Configuration


The plugin includes three PHPStan-related packages:


    

  • phpstan/phpstan - Core static analyzer
    • 

  • phpstan/phpstan-strict-rules - Additional strict type checking rules
    • 

  • szepeviktor/phpstan-wordpress - WordPress-specific PHPStan extensions for understanding WordPress core functions and hooks
    • 



Running PHPStan




The phpstan script executes: @php vendor/bin/phpstan analyze composer.json105


PHPStan analyzes the src/ directory and reports:


    

  • Type mismatches and incorrect type hints
    • 

  • Calls to undefined methods or properties
    • 

  • Unreachable code and dead code paths
    • 

  • WordPress-specific issues (incorrect hook usage, deprecated functions)
    • 



Sources: composer.json51-52 composer.json56 composer.json105




Static Analysis: Psalm


Psalm is an alternative static analysis tool that provides similar functionality to PHPStan but with different heuristics and capabilities. The plugin uses both tools to maximize error detection coverage.


Psalm Capabilities


Psalm offers:


    

  • Type inference and checking
    • 

  • Taint analysis for security vulnerabilities
    • 

  • Auto-fixing capabilities via Psalter
    • 



Running Psalm




The Psalm scripts composer.json106-107:


    

  • psalm: @php vendor/bin/psalm
    • 

  • psalm:fix: @php vendor/bin/psalter --issues=all
    • 



The psalm:fix command automatically applies fixes for issues that Psalm can resolve, such as adding missing type declarations or correcting incorrect type hints.


Sources: composer.json57 composer.json106-107




Code Style Enforcement: PHP-CS-Fixer


PHP-CS-Fixer enforces consistent code style across the codebase by automatically formatting code according to defined rules. This ensures all contributors follow the same coding standards.


PHP-CS-Fixer Usage




The PHP-CS-Fixer scripts composer.json103-104:


    

  • phpcs: @php vendor/bin/php-cs-fixer fix --dry-run --diff - Shows what would be changed without modifying files
    • 

  • phpcs:fix: @php vendor/bin/php-cs-fixer fix - Applies formatting changes
    • 



The --diff flag displays exactly what changes would be made, making it easy to review style violations before committing.


Configuration


PHP-CS-Fixer reads its configuration from .php-cs-fixer.php or .php-cs-fixer.dist.php in the project root (not shown in provided files). This configuration defines:


    

  • PSR-12 compliance rules
    • 

  • Additional WordPress-specific formatting
    • 

  • File and directory exclusions
    • 



Sources: composer.json46 composer.json103-104




Refactoring Tools: Rector


Rector performs automated refactoring and code modernization, enabling safe large-scale code transformations. It can upgrade code to use newer PHP features, apply design patterns, and enforce architectural rules.


Rector Configuration


The plugin uses Rector version 0.17.0 composer.json54 with a specific pinned version to ensure consistent behavior across environments.


Running Rector




The Rector scripts composer.json108-109:


    

  • rector: @php vendor/bin/rector process src --dry-run - Shows potential refactorings without applying them
    • 

  • rector:fix: @php vendor/bin/rector process src - Applies refactoring transformations
    • 



Rector analyzes only the src/ directory, focusing on the plugin's source code rather than vendor dependencies or tests.


Rector Capabilities


Rector can:


    

  • Upgrade PHP syntax to use modern features
    • 

  • Apply type declarations based on docblocks
    • 

  • Refactor deprecated function calls
    • 

  • Enforce architectural patterns
    • 



Sources: composer.json54 composer.json108-109




Composite Test Command


The test script provides a single command that executes all quality checks in sequence, providing comprehensive validation:




Execution Flow


The composite command runs tools in this order composer.json110-116:




If any tool fails, the remaining checks are not executed. This fail-fast approach ensures developers address issues immediately.


Composite Command Definition


composer.json110-116:




The test command orchestrates all quality assurance checks, making it the primary validation command for CI/CD pipelines and pre-commit hooks.


Sources: composer.json110-116




Tool Configuration Files


Each quality tool reads its configuration from dedicated files in the project root:





































ToolConfiguration FilePurpose
PHPStanphpstan.neon or phpstan.neon.distAnalysis rules, ignored paths, WordPress stubs
Psalmpsalm.xml or psalm.xml.distError levels, plugin configuration, source paths
PHP-CS-Fixer.php-cs-fixer.php or .php-cs-fixer.dist.phpCoding style rules, file finders
Rectorrector.phpRefactoring rules, PHP version targets
PHPUnit/Pestphpunit.xml.distTest configuration (see Testing Framework)


The phpunit.xml.dist file phpunit.xml.dist1-26 defines code coverage reporting and test source directories:




Sources: phpunit.xml.dist1-26




Quality Tool Dependencies


The following diagram shows the development dependencies that provide quality assurance capabilities:




Sources: composer.json42-59




Command Reference


Quick Reference Table



































































CommandScriptDry RunPurpose
composer testCompositeN/ARun all quality checks
composer pestcomposer.json99NoExecute unit tests
composer phpstancomposer.json105YesAnalyze with PHPStan
composer psalmcomposer.json106YesAnalyze with Psalm
composer psalm:fixcomposer.json107NoAuto-fix Psalm issues
composer rectorcomposer.json108YesCheck refactoring
composer rector:fixcomposer.json109NoApply refactoring
composer phpcscomposer.json103YesCheck code style
composer phpcs:fixcomposer.json104NoFix code style


Direct Execution


All tools can be executed directly via their binaries in vendor/bin/:




Sources: composer.json97-117




Integration with CI/CD


The composer test command is designed for continuous integration pipelines. Its fail-fast behavior and comprehensive validation make it suitable for:


    

  • Pre-commit hooks (via git hooks)
    • 

  • Pull request validation
    • 

  • Automated build pipelines
    • 

  • Release verification
    • 



The command's zero-configuration execution (all settings in composer.json and dedicated config files) ensures consistent behavior across development, CI, and production environments.


Sources: composer.json110-116




Best Practices


Local Development Workflow


    

  1. 

    Before committing:
    

    

    2. 

  2. 

    During development:
    

      

    • Run individual tools for faster feedback
      • 

    • Use dry-run modes to preview changes
      • 

    • Fix issues incrementally rather than in bulk
      • 

    

    3. 

  3. 

    Before pushing:
    

      

    • Always run composer test to ensure all checks pass
      • 

    • Review Rector suggestions for potential improvements
      • 

    • Ensure PHPStan and Psalm report no errors
      • 

    

    4. 



Tool Precedence


When tools report conflicting issues:


    

  1. Fix Pest test failures first (functional correctness)
    2. 

  2. Address PHPStan/Psalm errors (type safety)
    3. 

  3. Apply Rector suggestions (code quality)
    4. 

  4. Fix PHP-CS-Fixer style issues last (cosmetic)
    5. 



Sources: composer.json110-116