Hihaho PHPStan rules

A set of PHPStan rules that enforce Hihaho's Laravel guidelines at analyse time. They flag invade() calls in app code, facade aliases outside Blade, and stray debug helpers (dump, dd, ray, and friends) left behind in production or test paths.

If you want the auto-fix counterparts for class-naming and route-group conventions, see hihaho/rector-rules.

Requirements

PHP 8.3 or higher
PHPStan 2.1 or higher
Laravel 11.31, 12.x, or 13.x (via illuminate/support)

Installation

composer require --dev hihaho/phpstan-rules

If you have phpstan/extension-installer, that's it. The rules register themselves.

Without it, include the extension in your phpstan.neon:

includes:
    - vendor/hihaho/phpstan-rules/extension.neon

Rules

`NoInvadeInAppCode`

Flags invade() calls inside App\. invade is a test helper for reaching into private state; it has no place in production code. Also flags \Livewire\invade() in any namespace; if you need invade, use the global one from spatie/invade.

namespace App\Services;

invade($user)->privateMethod(); // reported

Identifiers: hihaho.generic.noInvadeInAppCode, hihaho.generic.disallowedUsageOfLivewireInvade

`OnlyAllowFacadeAliasInBlade`

Short facade aliases belong in Blade. In PHP, use the fully qualified facade so imports stay explicit.

use Route;                            // reported
use Illuminate\Support\Facades\Route; // fine

Identifier: hihaho.generic.onlyAllowFacadeAliasInBlade

Debug rules

Three rules that together keep debug calls out of App\ and Tests\:

Rule	Targets	Examples
`NoDebugInNamespaceRule`	Global debug functions	`dump()`, `dd()`, `ddd()`, `ray()`, `print_r()`, `var_dump()`
`ChainedNoDebugInNamespaceRule`	Method chains on Laravel types	`collect()->dump()`, `$builder->dd()`
`StaticChainedNoDebugInNamespaceRule`	Static calls on Laravel facades	`Http::dump()`, `Cache::dd()`

The chained and static rules use PHPStan reflection to narrow matches: they only flag methods declared by (or proxied through) the Illuminate\ namespace, so your own domain classes with a ->dump() method stay clean.

Identifiers: hihaho.debug.noDebugIn{App,Tests}, hihaho.debug.noChainedDebugIn{App,Tests}, hihaho.debug.noStaticChainedDebugIn{App,Tests}

Testing

composer test

Before opening a PR, run the full pipeline (Pint, Rector, PHPStan, tests):

composer qa

Changelog

See CHANGELOG.md for release notes.

Contributing

See CONTRIBUTING.md.

Security

Please email security@hihaho.com instead of filing a public issue.

Credits

License

MIT. See LICENSE.md.

Name		Name	Last commit message	Last commit date
Latest commit History 114 Commits
.ai		.ai
.cache		.cache
.claude		.claude
.github		.github
src		src
tests/Rules		tests/Rules
.editorconfig		.editorconfig
.gitattributes		.gitattributes
.gitignore		.gitignore
.mcp.json		.mcp.json
AGENTS.md		AGENTS.md
CHANGELOG.md		CHANGELOG.md
CLAUDE.md		CLAUDE.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE.md		LICENSE.md
README.md		README.md
UPGRADING.md		UPGRADING.md
composer.json		composer.json
extension.neon		extension.neon
phpstan-baseline.neon		phpstan-baseline.neon
phpstan.neon.dist		phpstan.neon.dist
phpunit.xml.dist		phpunit.xml.dist
pint.json		pint.json
rector.php		rector.php

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Hihaho PHPStan rules

Requirements

Installation

Rules

`NoInvadeInAppCode`

`OnlyAllowFacadeAliasInBlade`

Debug rules

Testing

Changelog

Contributing

Security

Credits

License

About

Uh oh!

Releases 11

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Hihaho PHPStan rules

Requirements

Installation

Rules

NoInvadeInAppCode

OnlyAllowFacadeAliasInBlade

Debug rules

Testing

Changelog

Contributing

Security

Credits

License

About

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases 11

Uh oh!

Contributors

Uh oh!

Languages

`NoInvadeInAppCode`

`OnlyAllowFacadeAliasInBlade`