Hamburger Cross Icon
Static Analysis Configured
+
PHP Collector

Static Analysis Configured + PHP Collector

Guardrail Collector Beta Devex Build And Ci

Enforce Static Analysis Configured using data collected by PHP Collector. Automatically check devex build and ci standards on every PR.

Guardrail: Ensures a static analysis tool (PHPStan or Psalm) is configured. Static analysis catches bugs and type errors before runtime.
Data Source: Analyze PHP projects to collect Composer metadata, dependencies, tool configuration (PHPUnit, PHPStan, Psalm, PHP-CS-Fixer, PHPCS), and CI/CD command tracking. Enforce PHP-specific engineering standards.
Get Started View on GitHub

How PHP Collector Powers This Guardrail

The PHP Collector gathers metadata from your languages, build systems. This data flows into Lunar's Component JSON, where the Static Analysis Configured guardrail evaluates it against your standards.

When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement with actionable feedback.

1
PHP Collector Gathers Data Collector
Extracts metadata from code, configs, and tool outputs
2
{ } Component JSON
Data centralized in structured format for evaluation
3
Static Analysis Configured Checks Guardrail
Pass/fail result with actionable feedback in PRs

Quick Start Configuration

Add both the collector and policy to your lunar-config.yml to enable this guardrail.

📄 lunar-config.yml 
# Step 1: Enable the PHP Collector
collectors:
  - uses: github://earthly/lunar-lib/collectors/php@v1.0.5
    # with: ...

# Step 2: Enable the PHP Project Guardrails
policies:
  - uses: github://earthly/lunar-lib/policies/php@v1.0.5
    include: [static-analysis-configured]
    # with: ...

What PHP Collector Collects

This collector gathers the following data that the Static Analysis Configured guardrail evaluates.

Collector ci-before-command

cicd

Records every PHP command executed in CI pipelines along with the PHP runtime version. Writes command strings and version info to .lang.php.cicd for audit trails and build reproducibility analysis.

Collector ci-before-command

composer-cicd

Records every Composer command executed in CI pipelines along with the Composer version. Writes command strings and version info to .lang.php.composer.cicd for audit trails and dependency management.

Collector code

project

Analyzes PHP project structure by detecting composer.json, composer.lock, vendor directory, and tool configuration (PHPUnit, PHPStan, Psalm, PHP-CS-Fixer, PHP_CodeSniffer). Extracts the PHP version constraint. Writes PHP-level metadata to .lang.php and Composer metadata to .lang.php.composer.

Collector code

dependencies

Extracts direct and dev dependencies from composer.json. Captures package name and version constraint for each dependency. Writes the dependency list to .lang.php.dependencies.

View all 5 collectors in PHP Collector

Example Data Flow

Here's an example of the data that PHP Collector writes to the Component JSON, which Static Analysis Configured then evaluates.

{ } component.json From PHP Collector 
{
  "lang": {
    "php": {
      "version": "^8.2",
      "build_systems": ["composer"],
      "phpunit_configured": true,
      "static_analysis_configured": true,
      "static_analysis_tool": "phpstan",
      "code_style_configured": true,
      "code_style_tool": "php-cs-fixer",
      "source": { "tool": "php", "integration": "code" },
      "cicd": {
        "cmds": [
          { "cmd": "php artisan migrate", "version": "8.2.15" }
        ]
      },
      "dependencies": {
        "direct": [
          { "path": "laravel/framework", "version": "^11.0" }
        ],
        "dev": [
          { "path": "phpunit/phpunit", "version": "^11.0" }
        ],
        "source": { "tool": "composer", "integration": "code" }
      },
      "composer": {
        "json_exists": true,
        "lock_exists": true,
        "vendor_exists": false,
        "cicd": {
          "cmds": [
            { "cmd": "composer install --no-dev", "version": "2.7.1" }
          ]
        }
      }
    }
  }
}

Configuration Options

PHP Collector Inputs

Input Required Default Description

PHP Project Guardrails Inputs

Input Required Default Description
min_version Optional 8.1 Minimum required PHP version (e.g., "8.1", "8.2")
min_version_cicd Optional 8.1 Minimum required PHP CI runtime version (e.g., "8.1", "8.2")
min_composer_version Optional 2.6 Minimum required Composer version (e.g., "2.6", "2.7")

Other Guardrails Using PHP Collector

Other guardrails in PHP Project Guardrails that use data from PHP Collector.

Guardrail + PHP
Composer Json Exists

Ensures the project has a composer.json file for dependency management. Reads from...
Guardrail + PHP
Composer Lock Exists

Ensures the project has a composer.lock file for reproducible builds. Reads from...
Guardrail + PHP
Phpunit Configured

Ensures a test framework (PHPUnit) is configured for the project. Testing is essential for...
Guardrail + PHP
Code Style Configured

Ensures a code style tool (PHP-CS-Fixer or PHP_CodeSniffer) is configured. Consistent code style...
View all 8 guardrails in PHP Project Guardrails

Learn More

Guardrail · PHP Project Guardrails Static Analysis Configured View all compatible integrations
Collector PHP Collector View full documentation

Ready to Automate Your Standards?

See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process
check AI agent rules & prompt files
check Post-mortem action items
check Security & compliance policies
check Testing & quality requirements
Automate Now
Paste your AGENTS.md or manual process doc and get guardrails in minutes
Book a Demo