Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Security Scan Results for PR

Docker Image Scan Results

Source Code Scan Results

🎉 No vulnerabilities found!

Greptile Summary

This PR upgrades PHPStan from v1.12 to v2.1, raises the analysis level to max, and expands coverage from three narrow subdirectories to all of src/, app/, bin/, and tests/. Rather than fixing 95,365 pre-existing errors upfront, a generated baseline (phpstan-baseline.neon) suppresses them, enabling incremental adoption where only new code must be type-clean. This is a well-established strategy for large PHP codebases and the implementation is sound.

Key points:

• phpstan-baseline.neon (83 K lines) uses PHPStan 2.x identifier fields for precise per-file, per-error-kind suppression — a clean snapshot at this point in time.
• The CI rename from check → analyze and the --memory-limit=1G flag are both correct and consistent.
• The app/sdks exclusion from excludePaths was silently dropped; this path is generated by the appwrite/sdk-generator dev dependency and could pollute analysis in local environments where the generator has been run.
• No composer script exists to regenerate the baseline after fixing errors, which may slow developer ergonomics over time.

Confidence Score: 4/5

• Safe to merge — CI infrastructure change with no runtime impact; two minor configuration gaps worth addressing.
• The change is entirely in dev tooling and CI; it has zero impact on production runtime. The baseline approach is correct and well-executed. The two issues flagged (missing app/sdks exclusion, no baseline-regeneration script) are low-severity and easy to address as a follow-up.
• phpstan.neon (dropped app/sdks exclusion) and composer.json (no regeneration script) deserve a quick second look before merge.

Important Files Changed

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant CI as GitHub Actions
    participant Docker as composer:2.8 (Docker)
    participant PHPStan as PHPStan v2.1

    Dev->>CI: Push / open PR
    CI->>Docker: composer install --ignore-platform-reqs
    Docker-->>CI: Dependencies installed (incl. phpstan ^2.0)
    CI->>Docker: composer analyze
    Docker->>PHPStan: phpstan analyse -c phpstan.neon --memory-limit=1G
    PHPStan->>PHPStan: Load phpstan-baseline.neon (95,365 suppressed errors)
    PHPStan->>PHPStan: Analyse src/ app/ bin/ tests/ at level max
    alt No new errors
        PHPStan-->>CI: ✅ Exit 0
    else New errors found (not in baseline)
        PHPStan-->>CI: ❌ Exit 1 — new code is not clean
    end

_{Last reviewed commit: 937d949}

🔄 PHP-Retry Summary

Flaky tests detected across commits:

✨ Benchmark results

• Requests per second: 2,063
• Requests with 200 status code: 371,363
• P99 latency: 0.088831042

⚡ Benchmark Comparison