The Case for Strict PHPStan Baselines in Enterprise Codebases

Modernizing a legacy PHP application presents a paradox: you critically need strict static analysis to prevent future bugs, but turning on a tool like PHPStan immediately throws 5,000 errors, completely breaking the CI pipeline. During a recent stabilization project on an enterprise platform ( rlh-core ), we faced exactly this. The codebase had excellent business logic but was rife with missing return types, empty variable checks ( empty($message) rather than strict null checks), and loosely defined arrays. The Impossible Migration The naive approach is to halt feature development for a month and force the team to fix all 5,000 errors until PHPStan returns green. From a business perspective, this is financial suicide. The alternative is to leave PHPStan disabled, allowing the technical debt to accumulate. The "Baseline" Deployment Strategy To enforce future quality while respecting past debt, we implemented the PHPStan Baseline pattern. 1. Generating the Debt Ledger We configured PHPSt