wp-phpstan
Use when configuring, running, or fixing PHPStan static analysis in WordPress projects (plugins/themes/sites): phpstan.neon setup, baselines, WordPress-specific typing, and handling third-party plugin classes.
Best use case
wp-phpstan is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when configuring, running, or fixing PHPStan static analysis in WordPress projects (plugins/themes/sites): phpstan.neon setup, baselines, WordPress-specific typing, and handling third-party plugin classes.
Teams using wp-phpstan should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/wp-phpstan/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How wp-phpstan Compares
| Feature / Agent | wp-phpstan | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when configuring, running, or fixing PHPStan static analysis in WordPress projects (plugins/themes/sites): phpstan.neon setup, baselines, WordPress-specific typing, and handling third-party plugin classes.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# WP PHPStan ## When to use Use this skill when working on PHPStan in a WordPress codebase, for example: - setting up or updating `phpstan.neon` / `phpstan.neon.dist` - generating or updating `phpstan-baseline.neon` - fixing PHPStan errors via WordPress-friendly PHPDoc (REST requests, hooks, query results) - handling third-party plugin/theme classes safely (stubs/autoload/targeted ignores) ## Inputs required - `wp-project-triage` output (run first if you haven't) - Whether adding/updating Composer dev dependencies is allowed (stubs). - Whether changing the baseline is allowed for this task. ## Procedure ### 0) Discover PHPStan entrypoints (deterministic) 1. Inspect PHPStan setup (config, baseline, scripts): - `node skills/wp-phpstan/scripts/phpstan_inspect.mjs` Prefer the repo’s existing `composer` script (e.g. `composer run phpstan`) when present. ### 1) Ensure WordPress core stubs are loaded `szepeviktor/phpstan-wordpress` or `php-stubs/wordpress-stubs` are effectively required for most WordPress plugin/theme repos. Without it, expect a high volume of errors about unknown WordPress core functions. - Confirm the package is installed (see `composer.dependencies` in the inspect report). - Ensure the PHPStan config references the stubs (see `references/third-party-classes.md`). ### 2) Ensure a sane `phpstan.neon` for WordPress projects - Keep `paths` focused on first-party code (plugin/theme directories). - Exclude generated and vendored code (`vendor/`, `node_modules/`, build artifacts, tests unless explicitly analyzed). - Keep `ignoreErrors` entries narrow and documented. See: - `references/configuration.md` ### 3) Fix errors with WordPress-specific typing (preferred) Prefer correcting types over ignoring errors. Common WP patterns that need help: - REST endpoints: type request parameters using `WP_REST_Request<...>` - Hook callbacks: add accurate `@param` types for callback args - Database results and iterables: use array shapes or object shapes for query results - Action Scheduler: type `$args` array shapes for job callbacks See: - `references/wordpress-annotations.md` ### 4) Handle third-party plugin/theme classes (only when needed) When integrating with plugins/themes not present in the analysis environment: - First, confirm the dependency is real (installed/required). - Prefer plugin-specific stubs already used in the repo (common examples: `php-stubs/woocommerce-stubs`, `php-stubs/acf-pro-stubs`). - If PHPStan still cannot resolve classes, add targeted `ignoreErrors` patterns for the specific vendor prefix. See: - `references/third-party-classes.md` ### 5) Baseline management (use as a migration tool, not a trash bin) - Generate a baseline once for legacy code, then reduce it over time. - Do not “baseline” newly introduced errors. See: - `references/configuration.md` ## Verification - Run PHPStan using the discovered command (`composer run ...` or `vendor/bin/phpstan analyse`). - Confirm the baseline file (if used) is included and didn’t grow unexpectedly. - Re-run after changing `ignoreErrors` to ensure patterns are not masking unrelated issues. ## Failure modes / debugging - “Class not found”: - confirm autoloading/stubs, or add a narrow ignore pattern - Huge error counts after enabling PHPStan: - reduce `paths`, add `excludePaths`, start at a lower level, then ratchet up - Inconsistent types around hooks / REST params: - add explicit PHPDoc (see references) rather than runtime guards ## Escalation - If a type depends on a third-party plugin API you can’t confirm, ask for the dependency version or source before inventing types. - If fixing requires adding new Composer dependencies (stubs/extensions), confirm it with the user first.
Related Skills
use-zod
Answer questions about the Zod schema validation library and help build schemas, parsers, refinements, transforms, codecs, and error formatters. Use when developers: (1) ask about Zod APIs like `z.object`, `z.string`, `z.array`, `z.union`, `z.discriminatedUnion`, `parse`, `safeParse`, `z.infer`; (2) define request/response/form schemas in TypeScript; (3) handle `ZodError` or customize error messages; (4) migrate between Zod v3 and v4 (entry-point split, `formatError` → `treeifyError`/`prettifyError`, unified `error` param replacing `message`/`errorMap`). Triggers on: "zod", "z.object", "z.string", "z.array", "z.union", "z.infer", "z.input", "z.output", "ZodError", "$ZodError", "safeParse", "parseAsync", "z.codec", "treeifyError", "prettifyError", "flattenError", "discriminatedUnion", "zod/v4", "zod/v3", "zod/mini", "z.coerce", "superRefine".
workflow
Creates durable, resumable workflows using Vercel's Workflow SDK. Use when building workflows that need to survive restarts, pause for external events, retry on failure, or coordinate multi-step operations over time. Triggers on mentions of "workflow", "durable functions", "resumable", "workflow sdk", "queue", "event", "push", "subscribe", or step-based orchestration.
wpds
Use when building UIs leveraging the WordPress Design System (WPDS) and its components, tokens, patterns, etc.
wp-wpcli-and-ops
Use when working with WP-CLI (wp) for WordPress operations: safe search-replace, db export/import, plugin/theme/user/content management, cron, cache flushing, multisite, and scripting/automation with wp-cli.yml.
wp-rest-api
Use when building, extending, or debugging WordPress REST API endpoints/routes: register_rest_route, WP_REST_Controller/controller classes, schema/argument validation, permission_callback/authentication, response shaping, register_rest_field/register_meta, or exposing CPTs/taxonomies via show_in_rest.
wp-project-triage
Use when you need a deterministic inspection of a WordPress repository (plugin/theme/block theme/WP core/Gutenberg/full site) including tooling/tests/version hints, and a structured JSON report to guide workflows and guardrails.
wp-plugin-development
Use when developing WordPress plugins: architecture and hooks, activation/deactivation/uninstall, admin UI and Settings API, data storage, cron/tasks, security (nonces/capabilities/sanitization/escaping), and release packaging.
wp-playground
Use for WordPress Playground workflows: fast disposable WP instances in the browser or locally via @wp-playground/cli (server, run-blueprint, build-snapshot), auto-mounting plugins/themes, switching WP/PHP versions, blueprints, and debugging (Xdebug).
wp-performance
Use when investigating or improving WordPress performance (backend-only agent): profiling and measurement (WP-CLI profile/doctor, Server-Timing, Query Monitor via REST headers), database/query optimization, autoloaded options, object caching, cron, HTTP API calls, and safe verification.
wp-block-development
Use when developing WordPress (Gutenberg) blocks: block.json metadata, register_block_type(_from_metadata), attributes/serialization, supports, dynamic rendering (render.php/render_callback), deprecations/migrations, viewScript vs viewScriptModule, and @wordpress/scripts/@wordpress/create-block build and test workflows.
wp-abilities-api
Use when working with the WordPress Abilities API (wp_register_ability, wp_register_ability_category, /wp-json/wp-abilities/v1/*, @wordpress/abilities) including defining abilities, categories, meta, REST exposure, and permissions checks for clients.
wordpress-router
Use when the user asks about WordPress codebases (plugins, themes, block themes, Gutenberg blocks, WP core checkouts) and you need to quickly classify the repo and route to the correct workflow/skill (blocks, theme.json, REST API, WP-CLI, performance, security, testing, release packaging).