PHP lint: POST {code}, get the bugs back with line numbers. Deterministic static analysis — code is never executed, no AI. Catches SQL injection (request data interpolated into query strings), the removed mysql_* API, unbalanced braces, '+' string concat, = vs == in conditions, type-juggling loose comparisons, eval/extract on request data, unused variables, leftover var_dump. Understands PHP tags, heredocs, interpolation. Max 128 KB.