@outcomeeng/spx 0.5.3 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -29,7 +29,9 @@ npm install -g @outcomeeng/spx
29
29
  git clone https://github.com/outcomeeng/spx.git
30
30
  cd spx
31
31
  pnpm install && pnpm run build
32
- pnpm link --global
32
+ pnpm add -g . # `pnpm link --global` was removed in pnpm 11
33
+ # first run on a machine: if `pnpm add -g .` fails with a global-bin-directory error,
34
+ # run `pnpm setup`, restart your shell, then re-run `pnpm add -g .`
33
35
  ```
34
36
 
35
37
  ## Usage
@@ -110,7 +112,8 @@ git clone https://github.com/outcomeeng/spx.git
110
112
  cd spx
111
113
  pnpm install
112
114
  pnpm run build
113
- pnpm link --global # Optional: makes 'spx' available in your shell
115
+ pnpm add -g . # optional: makes 'spx' available in your shell (`pnpm link --global` was removed in pnpm 11)
116
+ # if `pnpm add -g .` fails with a global-bin-directory error, run `pnpm setup`, restart your shell, then re-run it
114
117
  ```
115
118
 
116
119
  ### Build and Test
@@ -148,6 +151,18 @@ pnpm run validate:published # Packaged executable validation; requires dist/cl
148
151
 
149
152
  `pnpm run publish:check` is the required pre-publish gate. It runs source validation, builds `dist/`, runs the test suite, and then runs `node bin/spx.js validation all --scope production` against the built executable.
150
153
 
154
+ ### Code Quality (SonarCloud)
155
+
156
+ SonarCloud analyzes the repository through server-side [automatic analysis](https://docs.sonarsource.com/sonarcloud/advanced-setup/automatic-analysis/) on every push to `main` and every pull request, so there is no analysis step in the GitHub Actions workflows. The `.sonarcloud.properties` file at the repository root is its only required artifact; it pins the Python analysis target for the single Python test fixture so analysis does not warn about defaulting to all Python 3 versions.
157
+
158
+ `.mcp.json` registers a SonarQube MCP server so agents can query the project's findings — quality gate, issues, coverage, duplication, and dependency risks. It complements the `sonarqube@claude-plugins-official` plugin enabled in `.claude/settings.json`: the plugin supplies the SonarQube skills (`/sonar-quality-gate`, `/sonar-analyze`, `/sonar-coverage`, `/sonar-duplication`, `/sonar-dependency-risks`), and this MCP server gives those skills and any MCP-aware agent access to the project's SonarCloud data — the two are complementary, not alternatives. To activate it, install the [`sonar` CLI](https://cli.sonarqube.com) from SonarSource's official instructions onto `PATH`, ensure a container runtime (Docker, Podman, or Nerdctl) is running — `sonar run mcp` starts the server in a container — and authenticate to the `outcomeeng` SonarCloud organization:
159
+
160
+ ```bash
161
+ sonar auth login -o outcomeeng # opens a browser; the token is stored in the OS keychain
162
+ ```
163
+
164
+ Until then the MCP server entry is inert: it does not affect builds, tests, or validation.
165
+
151
166
  ## CI/CD
152
167
 
153
168
  The project uses GitHub Actions for continuous integration and publishing: