kwtsms-wordpress/phpstan.neon at main · boxlinknet/kwtsms-wordpress · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
includes:
    - phpstan-baseline.neon
    - vendor/szepeviktor/phpstan-wordpress/extension.neon

parameters:
    level: 5
    paths:
        - includes/
        - admin/
        - wp-kwtsms.php
        - uninstall.php

    excludePaths:
        - vendor/
        - tests/ (?)

    bootstrapFiles:
        # WordPress stubs — also loaded by szepeviktor extension.neon, but
        # explicit here so our bootstrap below can safely depend on them.
        - vendor/php-stubs/wordpress-stubs/wordpress-stubs.php
        # Plugin constants (KWTSMS_OTP_DIR, KWTSMS_OTP_URL, COOKIEHASH, COOKIEPATH).
        - phpstan-bootstrap.php

    dynamicConstantNames:
        # Plugin constants — value depends on install path at runtime.
        - KWTSMS_OTP_DIR
        - KWTSMS_OTP_URL
        # COOKIEHASH is derived from siteurl at runtime.
        - COOKIEHASH

    # Suppress "ignored pattern never matched" noise for optional-dependency rules.
    reportUnmatchedIgnoredErrors: false

    ignoreErrors:
        # ── Admin view files (PHP includes in class method scope) ─────────────
        # PHP allows included files to access protected (and private) instance
        # properties when the include runs inside a class method. PHPStan
        # cannot model this correctly, so we suppress it for the admin views.
        -
            message: '#^Access to protected property KwtSMS_Admin::\$plugin\.$#'
            paths:
                - admin/views/
        # View templates are require'd inside class methods, so $this is
        # always defined at runtime. PHPStan analyses them in isolation.
        -
            message: '#^Variable \$this might not be defined\.$#'
            paths:
                - admin/views/

        # ── Intentional return; after wp_send_json_error / success ────────────
        # wp_send_json_error() calls wp_die() which never returns. PHPStan
        # (via szepeviktor extension) marks our guard return; as unreachable.
        # These returns are intentional: they prevent fallthrough in test
        # environments where wp_die() may be mocked.
        -
            message: '#^Unreachable statement - code above always terminates\.$#'
            paths:
                - includes/class-kwtsms-plugin.php
                - includes/class-kwtsms-woo.php
                - includes/integrations/class-kwtsms-woo-metabox.php
                - includes/integrations/class-kwtsms-woo-stock.php
                - admin/class-kwtsms-admin.php

        # ── View files: defensive ?? on variables injected by the caller ─────
        # These variables are set by the caller before include. PHPStan analyses
        # the view in isolation and incorrectly believes they are always set.
        # Also covers defensive guards on array shapes and isset/empty checks.
        -
            message: '#^Variable \$.+ on left side of \?\? always exists and is not nullable\.$#'
            paths:
                - includes/views/
                - admin/views/
        -
            message: '#^Offset .+ on .+ always exists and is not (nullable|falsy)\.$#'
            paths:
                - admin/views/
        -
            message: '#^Left side of && is always true\.$#'
            paths:
                - admin/views/

        # ── PHPDoc-driven type narrowing false positives ───────────────────────
        # PHPStan correctly identifies that the PHPDoc-declared type is already
        # narrow, but these checks exist as defence-in-depth runtime guards.
        - '#^Call to function is_wp_error\(\) with WP_Error will always evaluate to true\.$#'
        - '#^Call to function is_int\(\) with int will always evaluate to true\.$#'

        # ── Unused parameter intentional for DI parity ────────────────────────
        -
            message: '#^Constructor of class KwtSMS_(GravityForms|NinjaForms) has an unused parameter \$_settings\.$#'

        # ── WooCommerce (optional dependency) ──────────────────────────────────
        # WC classes and functions are only available when WooCommerce is active.
        - '#^(Class|Parameter .+ has invalid type) WC_(Order|Checkout|Session|Cart|Product|Coupon)\b#'
        - '#^Call to method .+ on an unknown class WC_(Order|Checkout|Session|Cart|Product|Coupon)\b#'
        - '#^Instantiated class WC_Coupon not found\.#'
        - '#^Function (wc_(get_order|get_product|get_customer_last_order|price|add_notice|get_order_status_name|get_cart_url|get_products|get_page_id)|get_woocommerce_currency) not found\.#'

        # ── Elementor Pro (optional dependency) ────────────────────────────────
        - '#ElementorPro#'

        # ── CF7 (optional dependency) ──────────────────────────────────────────
        - '#WPCF7_#'
        - '#^Call to function is_a\(\) with WPCF7_#'

        # ── WPForms (optional dependency) ──────────────────────────────────────
        - '#WPForms#'
        - '#wpforms_#'

        # ── Gravity Forms (optional dependency) ────────────────────────────────
        - '#GFForms|GFAPI|GF_Fields#'

        # ── Ninja Forms (optional dependency) ──────────────────────────────────
        - '#Ninja_Forms#'

        # ── Multivendor plugins (optional dependencies) ─────────────────────────
        # Dokan, WCFM, and WC Vendors are only present when the respective plugin
        # is active. method_exists guards are defensive and can never be resolved
        # statically.
        - '#WCV_Vendors#'
        - '#^Call to function method_exists\(\) with .WCV_Vendors.#'
        - '#^Call to function (dokan|wcfm)#'