> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coderabbit.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# PHPStan

> CodeRabbit's guide to PHPStan.

[PHPStan](https://phpstan.org/) is a static analysis tool for PHP.

## Files

PHPStan will run on files with the following extensions:

* `.php`

## Configuration

PHPStan supports the following config files:

* `phpstan.neon`
* `phpstan.neon.dist`
* `phpstan.dist.neon`

If no PHPStan config file is found, CodeRabbit writes a temporary config based on the selected review profile.

## What CodeRabbit runs

PHPStan runs in a sandbox with the project config if present. If a project config is present, we parse and validate the config before execution.

## Security policy and restrictions

* We reject `phpstan.neon`/`phpstan.neon.dist` that declare `bootstrapFile` or `bootstrapFiles` to prevent executing arbitrary project bootstrap code.
* Blocked configuration keys include:
  * `bootstrapFiles`
  * `bootstrapFile`

## When we skip PHPStan

CodeRabbit will skip running PHPStan when:

* The config file does not contain a `paths:` parameter.
* The config contains `bootstrapFile` or `bootstrapFiles`.
* PHPStan is already running in GitHub workflows.
* Config parsing fails or appears unsafe.

## Links

* [PHPStan Configuration](https://phpstan.org/config-reference)