Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From drupal-dev-framework
Validates Drupal PHP, CSS, and JS against coding standards, SOLID/DRY principles, security practices before commits. Enforces Gate 1 quality gates using checklists and git diff.
npx claudepluginhub camoa/claude-skills --plugin drupal-dev-frameworkHow this skill is triggered — by the user, by Claude, or both
Slash command
/drupal-dev-framework:code-pattern-checkerThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Validate code against Drupal standards and best practices.
Automatically checks code against PHPCS, ESLint, WordPress Coding Standards, or Drupal Coding Standards. Useful for code style and standards compliance questions.
Enforces Drupal 10/11 coding standards using PHPCS, PHPStan, naming conventions, validation commands, PHPDoc rules, and anti-pattern fixes. Use for code reviews, static analysis, and pre-commit checks.
Runs code quality audits, security scans, test coverage, SOLID/DRY checks, and lints for Drupal (PHPStan, PHPMD, Psalm, Semgrep, Trivy, Gitleaks) and Next.js (ESLint, Jest, Semgrep, Trivy, Gitleaks) projects.
Share bugs, ideas, or general feedback.
Validate code against Drupal standards and best practices.
Load these before checking code:
| Reference | Checks |
|---|---|
references/solid-drupal.md | SOLID principles |
references/dry-patterns.md | DRY patterns |
dev-guides: drupal/security/ | Security practices (online) |
dev-guides: drupal/sdc/ + drupal/js-development/ | CSS/JS/SDC standards (online) |
references/quality-gates.md | Gate 1 requirements |
For security and frontend checks, WebFetch from
https://camoa.github.io/dev-guides/instead of reading bundled files.
Activate when you detect:
/drupal-dev-framework:validate commandtask-completer skillThis skill enforces Gate 1: Code Standards from references/quality-gates.md.
Code CANNOT be committed until Gate 1 passes.
Ask if not clear:
Which files should I check?
1. All changed files (git diff)
2. Specific file(s)
3. All files in a component
Your choice:
Use Bash with git diff --name-only to get changed files if option 1.
Use Read on each file. For each, check:
PHP Files:
SOLID Principles (references/solid-drupal.md):
\Drupal::service() in new code (BLOCKING)DRY Check (references/dry-patterns.md):
Security (dev-guides drupal/security/):
CSS/SCSS (dev-guides drupal/sdc/ + drupal/js-development/):
!important (BLOCKING)@extend (BLOCKING)Suggest running (user executes):
# PHP CodeSniffer
ddev exec vendor/bin/phpcs --standard=Drupal,DrupalPractice {path}
# PHPStan (if configured)
ddev exec vendor/bin/phpstan analyze {path}
# SCSS Lint (if applicable)
npm run lint:scss
Format output as:
## Code Check: {file or component}
### Status: PASS / ISSUES FOUND
### Standards Check
| Check | Status | Notes |
|-------|--------|-------|
| PSR-12 | PASS | - |
| Docblocks | ISSUE | Missing on processData() |
| Type hints | PASS | - |
### SOLID Principles
| Principle | Status |
|-----------|--------|
| Single Responsibility | PASS |
| Dependency Inversion | PASS |
### Security
| Check | Status | Notes |
|-------|--------|-------|
| SQL Injection | PASS | Uses query builder |
| XSS | PASS | Output escaped |
| Access Control | ISSUE | Missing on /admin/custom route |
### DRY Check
| Issue | Location |
|-------|----------|
| Duplicate logic | lines 45-52 and 78-85 |
### Issues to Fix (Priority Order)
1. **Security**: Add access check to admin route
2. **Standards**: Add docblock to processData()
3. **DRY**: Extract duplicate logic to private method
### Recommendation
- [ ] Fix security issue before merge
- [ ] Other issues: fix now or create follow-up task
Approved for commit: NO (fix security first) / YES
For each issue, offer to help:
Issue: Missing docblock on processData()
Suggested fix:
/**
* Process the input data and return results.
*
* @param array $data
* The input data array.
*
* @return array
* The processed results.
*/
Apply this fix? (yes/no/skip)
STOP and wait for user: