figlabhq/phpcs-check-fix
phpcs-check-fix/SKILL.md
Fix PHP coding style issues using PHPCS and PHPCBF. Use this skill whenever the user mentions PHPCS, code style, coding standard, cs:fix, cs:check, PHP formatting, or asks to fix/check PHP code style. Also activate when you notice PHP files have been modified and need style compliance, or when a CI PHPCS check has failed.
$ install --global
skillsauthnpx skillsauth add figlabhq/agent-skills phpcs-check-fixInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 4:11 PM26.3s1 file scanned
SKILL.md
- name:
- phpcs-check-fix
- description:
- Fix PHP coding style issues using PHPCS and PHPCBF. Use this skill whenever the user mentions PHPCS, code style, coding standard, cs:fix, cs:check, PHP formatting, or asks to fix/check PHP code style. Also activate when you notice PHP files have been modified and need style compliance, or when a CI PHPCS check has failed.
PHPCS Check and Fix
This project uses PHP CodeSniffer (PHPCS) with the FigLab Coding Standard (which extends the IxDF Coding Standard, built on PSR + Slevomat rules). The config lives in phpcs.xml at the project root.
Commands
- Auto-fix:
composer cs:fix— runs PHPCBF to automatically fix what it can - Check:
composer cs:check— runs PHPCS to report remaining violations
Workflow
Follow this exact sequence:
-
Run
composer cs:fixto auto-fix as many issues as possible. This handles spacing, bracket placement, import ordering, and other mechanical fixes. -
Run
composer cs:checkto see what remains. Parse the output carefully — it shows the file path, line number, error type, and the sniff name (e.g.,SlevomatCodingStandard.Complexity.Cognitive.ComplexityTooHigh). -
Fix remaining issues manually, one by one. The approach depends on the violation type — see the section below.
-
Re-run
composer cs:checkafter manual fixes to confirm everything passes. If new issues appear, fix those too.
Handling Common Remaining Issues
After composer cs:fix, these are the violations that typically need manual attention:
Cognitive Complexity (SlevomatCodingStandard.Complexity.Cognitive.ComplexityTooHigh)
The project has a warning threshold of 7 and an error threshold of 10.
- If the method is only slightly over the threshold (e.g., complexity 8-11 on a method that's inherently branchy), add an inline ignore directive on the line above the method declaration:
// phpcs:ignore SlevomatCodingStandard.Complexity.Cognitive.ComplexityTooHigh
public function handleComplexScenario(): void
{
// ...
}
- If the method is significantly over (complexity 12+), consider refactoring: extract helper methods, use early returns, or simplify conditional logic. Only add the ignore directive if refactoring would make the code less readable.
Missing Type Hints
Add proper PHP type declarations. Use union types (string|int) or nullable types (?string) where appropriate. For arrays, add PHPDoc with array shape when the structure is known:
/** @param array{name: string, email: string} $data */
public function process(array $data): void
Function/Class Length
If a function or class is too long, look for opportunities to extract methods or break the class into smaller focused classes. For test files, these rules are already excluded in phpcs.xml.
Unused Function Parameters
Already excluded for Policy classes and factories in phpcs.xml. For other files, either use the parameter or prefix with underscore if it's required by a parent signature.
Line Length
The limit is 160 characters (absolute max 200). Break long lines at logical points — method chains, array entries, or string concatenation.
Scoping to Specific Files
When you only changed a few files, you can target the check to just those files instead of the entire project:
vendor/bin/phpcs --standard=phpcs.xml path/to/File.php
vendor/bin/phpcbf --standard=phpcs.xml path/to/File.php
This is faster than running the full project scan. Use this when fixing style issues in files you've just edited.
CI Integration
The GitHub Actions workflow (.github/workflows/phpcs.yml) runs on every push:
- Auto-fixes with
composer cs:fixand commits the result - Runs
composer cs:check— failures show as annotations in the PR
So if you fix everything locally, CI will pass cleanly.
Related Skills
figlabhq/owasp-security
development
VerifiedTrustedCommunity
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).
4SKILL.mdUpdated May 27, 2026
figlabhq/code-convention
development
VerifiedTrustedCommunity
Apply battle-tested code conventions when writing or modifying code in Laravel/PHP projects (with React/TypeScript frontend support). Use this skill whenever the user is writing a new feature, refactoring existing code, creating a controller/action/migration/model/test, or asks 'how should I structure this', 'what's the convention for X', 'is this the right pattern'. Also use proactively before producing non-trivial code so the output follows conventions the first time instead of needing rewrites.
4SKILL.mdUpdated May 27, 2026
figlabhq/research
development
VerifiedTrustedCommunity
Deep research before planning. Launches parallel agents to search docs, web, and codebase, then synthesizes findings into actionable context.
2SKILL.mdUpdated Apr 25, 2026
figlabhq/refine-tests
testing
VerifiedTrustedCommunity
Critically review and refine tests generated during a coding session. Use this skill when the user asks to review tests, clean up tests, refine tests, prune tests, improve test quality, or remove useless/low-value tests. Also use when the user says 'review my tests', 'clean up tests', or mentions test quality after a coding session.
2SKILL.mdUpdated Apr 25, 2026