Drupal
AI
min read
Last update on

Code intelligence built around how Drupal actually works

Code intelligence built around how Drupal actually works
Table of contents

Introduction

Most scanners read PHP and stop there. EventHorizon reads the hooks, services, config and caching layers that decide whether a Drupal platform is healthy, and turns the discovery phase of an engagement into a visual, defensible workflow.

Every Drupal engagement opens with the same unglamorous work: understand a codebase you didn't write, find what's slow or unsafe, and work out what a version jump will break. It never ships a feature, but it sets the price of everything after it, and no one puts it on an invoice.

EventHorizon is a QED42 product that turns that phase into a guided, visual workflow. It maps dependencies, performance, security, caching and config automatically, built around how Drupal actually works rather than bolted onto a generic PHP linter. This is the whole story: the problem, how it sees your platform differently, what the engine does, who it's for, and how to get early access.

Key takeaways

  • Drupal-native, not generic. 50+ detectors understand hooks, services, render arrays, cache tags and config.
  • Your code stays yours. Static analysis runs in your engagement; AI is optional and uses your own key.
  • An afternoon, not a sprint. Onboarding, audits and upgrade planning compress from days into hours.

The problem: Drupal discovery is invisible work

A code-smell checker hands one developer a list of terminal warnings nobody reads. The real cost sits one level up, in the four stages every engagement repeats, each of which quietly burns senior time:

  • Inherit. Taking over a project means days of spreadsheet archaeology and grep before the first real decision.
  • Audit. A manual audit eats a sprint, and the findings change depending on who ran them.
  • Upgrade. A 10-to-11 jump is a leap of faith, and one hidden dependency cycle stalls the release.
  • Govern. Platform health is a feeling, and the context that matters lives in one engineer's head.
A new way of seeing your Drupal platform: the whole thing on one map, with the risk marked in red.

The idea behind EventHorizon

A new way of seeing your platform

General tools read PHP well. They stop at Drupal's own constructs, which is exactly where the risk lives. EventHorizon is built the other way round, and two commitments follow from that:

  • Your code stays yours. Static analysis runs within your engagement, never on a shared public service, and needs no AI to work. Turn AI on only when you want to, with your own key and model.
  • Built for Drupal, end to end. Every rule, metric and visualisation is written against hooks, services, config and caching, so the output reads like a senior review rather than a generic report.
EventHorizon dashboard showing an overview of stats and all of the tool options(e

The engine

Point EventHorizon at a repository and it builds the whole picture from static analysis: structure, dependencies, performance hotspots and security posture, explored visually. Three capabilities carry it.

Dependency mindmaps

An interactive, force-directed map of every module, service and hook in the codebase. See the hubs your platform leans on, spot circular dependencies, and read upgrade blast radius at a glance, before you commit a number to a migration.

Circular dependency mindmap tool
Dependency info tool

Performance & security analysis

50+ Drupal-specific static rules, caching detectors and config checks surface the issues audits exist to find, in minutes instead of weeks. Every finding is pinned to an exact file and line, so the fix is a click away from the flag, and identical no matter who runs the scan.

Performance analysis tool
Vulnerability scan tool
Caching suggestions tool

AI on your own key

When you want it, connect your own Gemini, OpenAI or Anthropic key, choose the model, and ask questions answered from your project with source attribution. Leave it off and every analysis still runs as static analysis, so nothing you didn't choose ever touches your code. The headline stays readable either way: one benchmarkable health score, codebase stats, and performance and vulnerability treemaps.

Every scan opens on the headline health, so the first thing you see is where the project stands. Illustrative representation of a demo project.

AI settings page where individuals can bring their own keys

Who it's for

The buyer is the agency delivery lead who owns the estimate and absorbs the invisible cost of discovery on every new project. The same case holds for the enterprise platform owner carrying upgrade risk across many sites. EventHorizon is built for both, and for the developers, tech leads and PMs they hand the work to.

For agencies

Win the pitch with a visual audit instead of a spreadsheet, onboard an inherited project in an afternoon, and deliver the same audit quality on every engagement because the detectors run identically whoever runs them.

For enterprises & large Drupal teams

De-risk every major upgrade and module removal before touching a line, cut the bus-factor with grounded chat on your own key, and watch one benchmarkable health score per codebase, tracked quarter over quarter. Developers and tech leads get findings pinned to file and line; PMs and clients get best-practice posture and risk in plain language.

Proven in the open

EventHorizon shows its working. The evidence is public, and it predates the product:

  • An open-source engine. The analysis core is the EventHorizon CLI, open-sourced for the Drupal community to inspect and run. Anyone can read exactly how each finding is derived before they trust it.
  • On the record. Presented at Oaisys Conf 2025: the story of building a Drupal-native analysis suite and what it surfaces on real codebases.
  • A decade of rescues. Each of the 50+ checks came out of a real QED42 rescue since 2009, a failure mode a textbook linter never learns.

Getting access

EventHorizon is launching soon, exclusively through QED42, and early access is opening in waves. Joining the waitlist puts you in line for a walkthrough on one of your own Drupal codebases, and we'll only email you about EventHorizon. If you run on Drupal and discovery keeps eating time nobody bills for, this is the shortest path to getting it back.

Join the EventHorizon waitlist →

Written by
Editor
No art workers.