Search by 
adachsoft / php-code-reader
Maintainers
v0.4.0
2026-03-31 12:25 UTC
Requires
- php: >=8.2
- adachsoft/normalized-safe-path: ^0.1.0
- nikic/php-parser: ^5.0
Requires (Dev)
- adachsoft/php-code-style: ^0.4.2
- friendsofphp/php-cs-fixer: ^3.94
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^13.0
- rector/rector: ^2.3
README
A small PHP library for static code reading without executing user code, without runtime reflection in the public API and without exposing the underlying AST structures.
Designed to read PHP source files from external repositories — classes do not need to be loaded by the current PHP process autoloader.
Requirements
- PHP >= 8.2
nikic/php-parseras runtime dependency
Installation
composer require adachsoft/php-code-reader
Quick Start
use AdachSoft\PhpCodeReader\CodeReaderFactory;
use AdachSoft\PhpCodeReader\ReadOptionsDto;
use AdachSoft\PhpCodeReader\VisibilityEnum;
$factory = new CodeReaderFactory();
// Base path defines the sandbox for readable files (must be an existing, readable directory).
// Point it to the root of the external repository you want to read.
$reader = $factory->create('/path/to/external/repo/src');
// Read all classes from a file
$fileDto = $reader->readFile('Some/Subdirectory/SomeClass.php');
// Read a single class by its fully-qualified name.
// The class does NOT need to be loaded by the autoloader — the library resolves
// FQCN to file path by scanning and parsing PHP files in the base directory.
$classFileDto = $reader->readClass('App\SomeNamespace\SomeClass');
// With options: filter by visibility and include inherited members
$options = new ReadOptionsDto(
visibilityMask: VisibilityEnum::PUBLIC->value | VisibilityEnum::PROTECTED->value,
includeInheritance: true,
);
$classFileDto = $reader->readClass('App\SomeNamespace\SomeClass', $options);
How It Works
CodeReaderFactory::create($basePath)validates and resolves the base directory. All file reads are sandboxed to this path — traversal outside it is rejected.readFile()parses the given PHP file using a static AST parser (nikic/php-parser) and returns aPhpFileDtowith all class-like structures found in it.readClass()scans all.phpfiles under the base path, builds an in-memoryFQCN → filemap using AST parsing, then delegates toreadFile(). Noclass_exists()orReflectionClassis used at any point.- When
includeInheritance: trueis set, parent classes and used traits are also resolved from the same FQCN map, enabling full inheritance merging without autoloading. - Method signatures (parameter types and return types), property types and class constant types are read from native PHP type declarations. For class types, fully-qualified class names (FQCN) are returned where possible.
Returned DTOs
| DTO | Description |
|---|---|
PhpFileDto | Top-level result: primary fqcn, filePath, namespace, and list of classes found in the file. |
PhpClassDto | Class metadata: short name, fqcn, filePath, methods, properties and class constants. |
PhpMethodDto | Method metadata: name, visibility, declaring class, static flag, parameters (names and types) and return type. |
PhpPropertyDto | Property metadata: name, visibility, declaring class, static flag and property type. |
PhpConstDto | Class constant metadata: name, visibility, declaring class and constant type. |
DTO Serialization
All public DTOs expose toArray() for stable data serialization.
The serialized payload uses snake_case keys.
Example PhpFileDto::toArray() output
[
'fqcn' => 'App\\SomeNamespace\\SomeClass',
'file_path' => '/path/to/external/repo/src/Some/Subdirectory/SomeClass.php',
'namespace' => 'App\\SomeNamespace',
'classes' => [
[
'name' => 'SomeClass',
'fqcn' => 'App\\SomeNamespace\\SomeClass',
'file_path' => '/path/to/external/repo/src/Some/Subdirectory/SomeClass.php',
'methods' => [
[
'name' => 'someMethod',
'visibility' => 'public',
'declared_in' => 'App\\SomeNamespace\\SomeClass',
'is_static' => false,
'parameters' => [
[
'name' => 'foo',
'type' => 'string',
],
[
'name' => 'bar',
// FQCN for class-typed parameters
'type' => 'App\\SomeNamespace\\SomeDependency',
],
],
// Scalar or FQCN return type, when declared
'return_type' => 'App\\SomeNamespace\\ResultDto',
],
],
'properties' => [
[
'name' => 'someProperty',
'visibility' => 'public',
'declared_in' => 'App\\SomeNamespace\\SomeClass',
'is_static' => true,
// Scalar or FQCN property type, when declared
'type' => 'int',
],
],
'constants' => [
[
'name' => 'SOME_CONST',
'visibility' => 'public',
'declared_in' => 'App\\SomeNamespace\\SomeClass',
// Scalar or FQCN constant type, when declared
'type' => 'string',
],
],
],
],
]
Notes
readClass()accepts a plainstringFQCN (without leading backslash). The class does not need to exist in the current PHP process.readFile()andreadClass()both return properties and methods.- Static metadata is included for both methods and properties.
- Types of method parameters, return types, properties and class constants are read from native type declarations when present.
- For class-typed elements, types are normalized to fully-qualified class names (FQCN) when they can be resolved from the file namespace.
- The public API never returns AST nodes.
CodeReaderinstances must be created viaCodeReaderFactory::create().- File security: symlinks and path traversal sequences that resolve outside the configured base path are rejected.