CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

Code Documentation Standards

Style PHP 5.0+ Beginner
debt(d5/e3/b5/t5)
d5 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'specialist tool catches it' (d5). The detection_hints list phpcs, phpstan, psalm, and phpdoc — these are specialist static analysis and linting tools that can catch missing docblocks or @param/@return mismatches, but they won't catch the subtler problems like outdated comments contradicting actual code or missing 'why' explanations, which require code review.

e3 Effort Remediation debt — work required to fix once spotted

Closest to 'simple parameterised fix' (e3). The quick_fix describes writing docblocks for public API methods with @param, @return, @throws annotations — a localised but repeated effort across multiple methods. It's more than a one-line patch but doesn't require cross-cutting refactors; it's a pattern applied method by method within a codebase.

b5 Burden Structural debt — long-term weight of choosing wrong

Closest to 'persistent productivity tax' (b5). Documentation standards apply across all contexts (web, cli, queue-worker) and affect every developer on every PR. Poor standards accumulate decay over time — outdated comments, missing architecture decisions — slowing down many work streams, but they don't architecturally define the system's shape the way a core abstraction would.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap' (t5). The misconception field identifies the canonical wrong belief: 'More comments means better documentation.' This is a well-known and documented gotcha — developers commonly write noise comments restating code rather than explaining why, and outdated comments are worse than none. This is a broadly understood trap that most developers eventually learn through experience.

About DEBT scoring → scored by claude-sonnet-4-6 · 2026-05-06 · reviewed by human

Also Known As

PHPDoc standards code comments documentation

TL;DR

When, what, and how to document — the right balance between self-documenting code and explicit documentation for APIs, non-obvious decisions, and complex algorithms.

Explanation

Documentation has levels: code (names, structure), inline comments (why, not what), docblocks (API contracts, @throws, complex types), README (project overview, setup, architecture), ADRs (architectural decisions), and external docs (user-facing). Anti-pattern: comments that restate the code ('increment i by 1 // i++'). Valuable comments: explain why a non-obvious approach was chosen, document known limitations, reference the issue that required a workaround, and explain complex algorithm steps.

Common Misconception

More comments means better documentation — a comment that restates the code adds noise; well-named functions and variables eliminate the need for most comments.

Why It Matters

The most valuable documentation answers 'why' — a comment explaining why a security check exists prevents future developers from removing it as 'unnecessary'.

Common Mistakes

  • Comments that describe what the code does rather than why.
  • Outdated comments that describe old behaviour after refactoring — wrong documentation is worse than none.
  • No README — the most common documentation gap in PHP projects.
  • Architecture decisions undocumented — 'why did we choose this approach?' answered by 'no idea, it was here when I joined'.

Code Examples

✗ Vulnerable 
// Comments that add zero value:
$i++; // Increment i
$users = []; // Initialize array

// Check if user is admin:
if ($user->role === 'admin') {
    // They are admin
}
✓ Fixed 
// Comments that explain why:
// Rate limit to 5 req/min per IP — prevents credential stuffing.
// See: https://security.example.com/incidents/2025-001
if ($rateLimiter->isExceeded($ip)) {
    throw new RateLimitException();
}

// Use bcrypt cost 14 not 12 — server benchmark showed negligible
// difference at 14 but makes offline dictionary attacks 4x slower.
$hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => 14]);
Added 16 Mar 2026
Edited 11 Jun 2026
Views 46

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 0 pings W 1 ping T 0 pings F 0 pings S 0 pings S 1 ping M 0 pings T 0 pings W 0 pings T 1 ping F 1 ping S 2 pings S 3 pings M 1 ping T 1 ping W 0 pings T 1 ping F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 0 pings S 0 pings S 1 ping M 0 pings T 0 pings W
Agents 0
No pings yet today
No pings yesterday
Perplexity 7 Amazonbot 7 Scrapy 7 Ahrefs 6 Google 5 Unknown AI 3 Bing 2 Claude 1 Meta AI 1
Also referenced
PHPDoc / Docblock 49 Architecture Decision Records (ADRs) 48 Missing Class Comments 38 Missing Function Comments 37
How they use it
crawler 35 crawler_json 3 pre-tracking 1
Related categories
general 3k style 2.1k
DEV INTEL Tools & Severity
🟢 Low ⚙ Fix effort: Low
⚡ Quick Fix
Write docblocks for public API methods with @param, @return, @throws — skip obvious private methods; use PHPStan generic annotations @template @psalm-type for complex types
📦 Applies To
PHP 5.0+ web cli queue-worker
🔗 Prerequisites
🔍 Detection Hints
Public methods with no docblock on complex parameters; @param mixed @return mixed hiding types; outdated docblock contradicting actual code
Auto-detectable: ✓ Yes phpcs phpstan psalm phpdoc
⚠ Related Problems
🤖 AI Agent
Confidence: Low False Positives: High ✗ Manual fix Fix: Low Context: File
✓ schema.org compliant