opencode-sonarqube 0.2.0 → 0.2.2

package/README.md

@@ -85,36 +85,46 @@ Add these to your `~/.zshrc` or `~/.bashrc` to make them permanent.
 
 ## Configuration
 
-### Using the Configuration Script
+### Environment Variables (Required)
+
+Add these to your `~/.zshrc` or `~/.bashrc`:
 
 ```bash
-./scripts/configure.sh
+export SONAR_HOST_URL="https://your-sonarqube-server.com"
+export SONAR_USER="admin"
+export SONAR_PASSWORD="your-password"
 ```
 
-This interactive script allows you to:
-- Update SonarQube URL
-- Change credentials
-- Test connection
-- Reset project state
-
-### Environment Variables (Required)
-
-| Variable | Description |
-|----------|-------------|
-| `SONAR_HOST_URL` | SonarQube server URL (e.g., `https://sonarqube.example.com`) |
-| `SONAR_USER` | Username for authentication |
-| `SONAR_PASSWORD` | Password for authentication |
+### Plugin Configuration (Optional)
 
-### Default Behavior
+Create `.sonarqube/config.json` in your project root:
 
-The plugin uses these defaults (configurable in future versions):
+```json
+{
+  "level": "enterprise",
+  "autoAnalyze": true,
+  "autoFix": false,
+  "sources": "src",
+  "tests": "tests",
+  "exclusions": "**/node_modules/**,**/dist/**",
+  "newCodeDefinition": "previous_version"
+}
+```
 
-| Setting | Default | Description |
-|---------|---------|-------------|
-| Level | `enterprise` | Strictest quality requirements |
-| Auto-Analyze | `true` | Analyze when AI becomes idle |
-| Auto-Fix | `false` | Don't auto-fix issues |
-| Sources | `src` | Source directory |
+### All Configuration Options
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `level` | `"enterprise"` \| `"standard"` \| `"relaxed"` \| `"off"` | `"enterprise"` | Analysis strictness level |
+| `autoAnalyze` | `boolean` | `true` | Auto-analyze when AI becomes idle |
+| `autoFix` | `boolean` | `false` | Automatically attempt to fix issues |
+| `projectKey` | `string` | auto | SonarQube project key (auto-generated from package.json or directory) |
+| `projectName` | `string` | auto | Display name on SonarQube |
+| `qualityGate` | `string` | `"Sonar way"` | Quality gate to use |
+| `newCodeDefinition` | `"previous_version"` \| `"number_of_days"` \| `"reference_branch"` \| `"specific_analysis"` | `"previous_version"` | How to define 'new code' |
+| `sources` | `string` | `"src"` | Source directories (comma-separated) |
+| `tests` | `string` | - | Test directories (comma-separated) |
+| `exclusions` | `string` | - | File exclusion patterns (glob) |
 
 ### Strictness Levels
 
@@ -125,6 +135,34 @@ The plugin uses these defaults (configurable in future versions):
 | `relaxed` | Only blocker/critical, blocks on blocker |
 | `off` | Plugin disabled |
 
+### Example Configurations
+
+**Enterprise (strictest)**:
+```json
+{
+  "level": "enterprise",
+  "autoAnalyze": true,
+  "autoFix": false
+}
+```
+
+**Standard (balanced)**:
+```json
+{
+  "level": "standard",
+  "autoAnalyze": true,
+  "sources": "src,lib"
+}
+```
+
+**Relaxed (lenient)**:
+```json
+{
+  "level": "relaxed",
+  "autoAnalyze": false
+}
+```
+
 ## Tool Actions (15 total)
 
 The plugin adds a `sonarqube` tool with these actions:
@@ -296,51 +334,23 @@ bun run src/index.ts --status --project-key=my-project
 bun run src/index.ts --setup --force
 ```
 
-## Programmatic API
+## Project State
 
-```typescript
-import { 
-  createSonarQubeAPI, 
-  loadConfig, 
-  getProjectState,
-  runAnalysis,
-  bootstrap 
-} from "opencode-sonarqube";
-
-// Create API client
-const config = loadConfig();
-const state = await getProjectState("./");
-const api = createSonarQubeAPI(config, state);
-
-// Health check
-const health = await api.healthCheck();
-console.log("Healthy:", health.healthy);
-
-// Get issues
-const issues = await api.issues.getFormattedIssues({
-  projectKey: "my-project",
-  severities: ["BLOCKER", "CRITICAL"],
-});
-
-// Get quality gate status
-const status = await api.qualityGate.getStatus("my-project");
-console.log("Status:", status.projectStatus.status);
-
-// Get new code issues only
-const newIssues = await api.issues.search({
-  projectKey: "my-project",
-  inNewCode: true,
-});
-
-// Get worst files for refactoring
-const worstFiles = await api.components.getWorstFiles("my-project", 10);
-
-// Run full analysis
-const result = await runAnalysis(config, state, { projectKey: "my-project" }, "./");
-console.log("Quality Gate:", result.qualityGateStatus);
+The plugin stores project state in `.sonarqube/project.json`:
+
+```json
+{
+  "projectKey": "my-project",
+  "projectToken": "sqp_xxx...",
+  "tokenName": "opencode-my-project-...",
+  "initializedAt": "2024-01-01T00:00:00.000Z",
+  "languages": ["typescript", "javascript"],
+  "qualityGate": "Sonar way",
+  "setupComplete": true
+}
 ```
 
-See [API Documentation](./docs/API.md) for complete reference.
+**Important:** Add `.sonarqube/` to your `.gitignore` - it contains authentication tokens!
 
 ## Documentation
 
@@ -383,16 +393,16 @@ This project maintains enterprise-level quality:
 
 | Metric | Value |
 |--------|-------|
-| Test Coverage | 100% |
+| Test Coverage | 87.9% |
 | Tests | 626 |
 | Bugs | 0 |
 | Vulnerabilities | 0 |
 | Code Smells | 0 |
 | Duplications | 0% |
-| Quality Gate | Passed |
 | Reliability Rating | A |
 | Security Rating | A |
 | Maintainability Rating | A |
+| Lines of Code | ~6,000 |
 
 ## License
 

package/dist/index.js

@@ -19178,33 +19178,43 @@ function generateTokenName(projectKey) {
   const uuid3 = crypto.randomUUID().split("-")[0];
   return `opencode-${projectKey}-${timestamp}-${uuid3}`;
 }
-async function bootstrap(options) {
-  let { config: config2, directory, force = false } = options;
+function isValidDirectory(dir) {
+  return Boolean(dir && dir !== "/" && dir !== "." && dir.length >= 2);
+}
+function resolveDirectoryFromImportMeta() {
   try {
-    const { appendFileSync: appendFileSync4 } = await import("node:fs");
-    appendFileSync4("/tmp/sonarqube-plugin-debug.log", `${new Date().toISOString()} [BOOTSTRAP] Starting bootstrap directory=${directory} config.projectKey="${config2.projectKey || "(empty)"}"
-`);
-  } catch {}
-  if (!directory || directory === "/" || directory === "." || directory.length < 2) {
-    try {
-      const pluginUrl = import.meta.url;
-      const pluginPath = decodeURIComponent(pluginUrl.replace("file://", ""));
-      const pathParts = pluginPath.split("/");
-      const nodeModulesIndex = pathParts.findIndex((p) => p === "node_modules");
-      if (nodeModulesIndex > 0) {
-        const projectPath = pathParts.slice(0, nodeModulesIndex).join("/");
-        if (projectPath && projectPath !== "/" && projectPath.length > 1) {
-          directory = projectPath;
-          try {
-            const { appendFileSync: appendFileSync4 } = await import("node:fs");
-            appendFileSync4("/tmp/sonarqube-plugin-debug.log", `${new Date().toISOString()} [BOOTSTRAP] Fixed directory from import.meta.url: ${directory}
-`);
-          } catch {}
-        }
+    const pluginUrl = import.meta.url;
+    const pluginPath = decodeURIComponent(pluginUrl.replace("file://", ""));
+    const pathParts = pluginPath.split("/");
+    const nodeModulesIndex = pathParts.indexOf("node_modules");
+    if (nodeModulesIndex > 0) {
+      const projectPath = pathParts.slice(0, nodeModulesIndex).join("/");
+      if (isValidDirectory(projectPath)) {
+        return projectPath;
       }
-    } catch {}
+    }
+  } catch {}
+  return null;
+}
+async function generateAnalysisToken(client, tokenName, projectKey) {
+  try {
+    return await client.post("/api/user_tokens/generate", { name: tokenName, type: "PROJECT_ANALYSIS_TOKEN", projectKey });
+  } catch {
+    logger5.warn("PROJECT_ANALYSIS_TOKEN not available, using GLOBAL_ANALYSIS_TOKEN");
+    return await client.post("/api/user_tokens/generate", { name: tokenName, type: "GLOBAL_ANALYSIS_TOKEN" });
   }
-  if (!directory || directory === "/" || directory === "." || directory.length < 2) {
+}
+async function bootstrap(options) {
+  let { config: config2, directory, force = false } = options;
+  logger5.info("Starting bootstrap", { directory, projectKey: config2.projectKey || "(auto)" });
+  if (!isValidDirectory(directory)) {
+    const resolved = resolveDirectoryFromImportMeta();
+    if (resolved) {
+      directory = resolved;
+      logger5.info("Resolved directory from import.meta.url", { directory });
+    }
+  }
+  if (!isValidDirectory(directory)) {
     logger5.error("Invalid directory for bootstrap", { directory });
     return {
       success: false,
@@ -19212,21 +19222,20 @@ async function bootstrap(options) {
       projectToken: "",
       qualityGate: "",
       languages: [],
-      message: `Invalid directory: ${directory}. OpenCode may have passed the wrong working directory.`,
+      message: `Invalid directory: ${directory}`,
       isNewProject: false
     };
   }
-  logger5.info("Starting SonarQube bootstrap", { directory });
   if (!force) {
-    const state2 = await loadProjectState(directory);
-    if (state2?.setupComplete) {
-      logger5.info("Project already bootstrapped", { projectKey: state2.projectKey });
+    const existingState = await loadProjectState(directory);
+    if (existingState?.setupComplete) {
+      logger5.info("Project already bootstrapped", { projectKey: existingState.projectKey });
       return {
         success: true,
-        projectKey: state2.projectKey,
-        projectToken: state2.projectToken,
-        qualityGate: state2.qualityGate,
-        languages: state2.languages,
+        projectKey: existingState.projectKey,
+        projectToken: existingState.projectToken,
+        qualityGate: existingState.qualityGate,
+        languages: existingState.languages,
         message: "Project already configured",
         isNewProject: false
       };
@@ -19239,49 +19248,24 @@ async function bootstrap(options) {
   }
   logger5.info("Connected to SonarQube", { version: health.version });
   const detection = await detectProjectType(directory);
-  logger5.info("Detected project type", { languages: detection.languages });
   const projectKey = config2.projectKey || sanitizeProjectKey(await deriveProjectKey(directory));
   const projectName = config2.projectName || projectKey;
-  logger5.info("Project identification", { projectKey, projectName });
   const projectsApi = new ProjectsAPI(adminClient);
-  let isNewProject = false;
   const exists = await projectsApi.exists(projectKey);
-  if (exists) {
-    logger5.info("Project already exists on SonarQube", { projectKey });
-  } else {
-    logger5.info("Creating new project on SonarQube", { projectKey });
-    await projectsApi.create({
-      projectKey,
-      name: projectName,
-      visibility: "private"
-    });
-    isNewProject = true;
+  const isNewProject = !exists;
+  if (isNewProject) {
+    await projectsApi.create({ projectKey, name: projectName, visibility: "private" });
+    logger5.info("Created new project", { projectKey });
   }
   const tokenName = generateTokenName(projectKey);
-  logger5.info("Generating project token", { tokenName });
-  let tokenResponse;
-  try {
-    tokenResponse = await adminClient.post("/api/user_tokens/generate", {
-      name: tokenName,
-      type: "PROJECT_ANALYSIS_TOKEN",
-      projectKey
-    });
-  } catch {
-    logger5.warn("PROJECT_ANALYSIS_TOKEN not available, using GLOBAL_ANALYSIS_TOKEN");
-    tokenResponse = await adminClient.post("/api/user_tokens/generate", {
-      name: tokenName,
-      type: "GLOBAL_ANALYSIS_TOKEN"
-    });
-  }
+  const tokenResponse = await generateAnalysisToken(adminClient, tokenName, projectKey);
   const qualityGateName = config2.qualityGate ?? QUALITY_GATE_MAPPING[config2.level];
   try {
     await setProjectQualityGate(adminClient, projectKey, qualityGateName);
-    logger5.info("Quality gate configured", { qualityGate: qualityGateName });
   } catch (error45) {
     logger5.warn("Failed to set quality gate", { error: String(error45) });
   }
   await configureProjectSettings(adminClient, projectKey, detection.languages, config2);
-  logger5.info("Project settings configured");
   const state = createInitialState({
     projectKey,
     projectToken: tokenResponse.token,
@@ -19298,7 +19282,7 @@ async function bootstrap(options) {
     projectToken: tokenResponse.token,
     qualityGate: qualityGateName,
     languages: detection.languages,
-    message: isNewProject ? `Created new project '${projectKey}' on SonarQube` : `Configured existing project '${projectKey}'`,
+    message: isNewProject ? `Created new project '${projectKey}'` : `Configured existing project '${projectKey}'`,
     isNewProject
   };
 }
@@ -20112,26 +20096,6 @@ try {
   appendFileSync4("/tmp/sonarqube-plugin-debug.log", `${new Date().toISOString()} [LOAD] Plugin module loaded! CWD=${process.cwd()}
 `);
 } catch {}
-var LOG_FILE4 = "/tmp/sonarqube-plugin-debug.log";
-var debugLog = {
-  _write: (level, msg, extra) => {
-    const timestamp = new Date().toISOString();
-    const logLine = `${timestamp} [${level}] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`;
-    try {
-      appendFileSync4(LOG_FILE4, logLine);
-    } catch {}
-  },
-  info: (msg, extra) => {
-    debugLog._write("INFO", msg, extra);
-  },
-  warn: (msg, extra) => {
-    debugLog._write("WARN", msg, extra);
-  },
-  error: (msg, extra) => {
-    debugLog._write("ERROR", msg, extra);
-  }
-};
 var IGNORED_FILE_PATTERNS2 = [
   /node_modules/,
   /\.git/,
@@ -20173,7 +20137,7 @@ var SonarQubePlugin = async ({ client, directory, worktree }) => {
       const pluginUrl = import.meta.url;
       const pluginPath = decodeURIComponent(pluginUrl.replace("file://", ""));
       const pathParts = pluginPath.split("/");
-      const nodeModulesIndex = pathParts.findIndex((p) => p === "node_modules");
+      const nodeModulesIndex = pathParts.indexOf("node_modules");
       if (nodeModulesIndex > 0) {
         const projectPath = pathParts.slice(0, nodeModulesIndex).join("/");
         if (projectPath && projectPath !== "/" && projectPath.length > 1) {
@@ -20205,98 +20169,69 @@ var SonarQubePlugin = async ({ client, directory, worktree }) => {
   const getConfig = () => pluginConfig;
   const getDirectory = () => effectiveDirectory;
   const loadPluginConfig = async () => {
-    debugLog.info("loadPluginConfig called", { hasExistingConfig: !!pluginConfig });
-    if (pluginConfig) {
-      debugLog.info("Config already loaded, skipping");
+    if (pluginConfig)
       return;
-    }
+    const dir = getDirectory();
+    const sonarConfigPath = `${dir}/.sonarqube/config.json`;
     try {
-      const configPath = `${getDirectory()}/opencode.json`;
-      debugLog.info("Loading config from", { configPath });
-      const configFile = Bun.file(configPath);
+      const configFile = Bun.file(sonarConfigPath);
       if (await configFile.exists()) {
-        pluginConfig = await configFile.json();
-        debugLog.info("Config loaded", { keys: Object.keys(pluginConfig ?? {}) });
-      } else {
-        debugLog.info("No opencode.json found");
+        const config2 = await configFile.json();
+        pluginConfig = { sonarqube: config2 };
+        safeLog(`Config loaded from ${sonarConfigPath}`);
+        return;
       }
-    } catch (error45) {
-      debugLog.warn("Config load error", { error: String(error45) });
-    }
+    } catch {}
+    pluginConfig = {};
+    safeLog("Using environment variables for config");
   };
   const hooks = createHooks(getConfig, getDirectory);
   let currentSessionId;
   let initialCheckDone = false;
+  const buildQualityNotification = (qgStatus, counts, qgFailed) => {
+    const statusEmoji = qgFailed ? "[FAIL]" : "[WARN]";
+    const blockerNote = counts.blocker > 0 ? `**Action Required:** There are BLOCKER issues that should be fixed.
+` : "";
+    return `## SonarQube Status: ${statusEmoji}
+
+**Quality Gate:** ${qgStatus}
+**Outstanding Issues:** ${counts.blocker} blockers, ${counts.critical} critical, ${counts.major} major
+
+${blockerNote}Use \`sonarqube({ action: "issues" })\` to see details or \`sonarqube({ action: "analyze" })\` to re-analyze.`;
+  };
   const performInitialQualityCheck = async (sessionId) => {
-    debugLog.info("=== performInitialQualityCheck START ===", { sessionId, initialCheckDone });
-    if (initialCheckDone) {
-      debugLog.info("Initial check already done, skipping");
+    if (initialCheckDone)
       return;
-    }
     initialCheckDone = true;
     try {
       await loadPluginConfig();
       const sonarConfig = pluginConfig?.["sonarqube"];
-      debugLog.info("Loading SonarQube config", { hasSonarConfig: !!sonarConfig });
       const config2 = loadConfig(sonarConfig);
-      debugLog.info("Config loaded", { hasConfig: !!config2, level: config2?.level });
-      if (!config2 || config2.level === "off") {
-        debugLog.info("Config missing or level=off, skipping");
+      if (!config2 || config2.level === "off")
         return;
-      }
       const dir = getDirectory();
-      debugLog.info("Checking needsBootstrap", { directory: dir });
-      const needsBoot = await needsBootstrap(dir);
-      debugLog.info("needsBootstrap result", { needsBoot });
-      if (needsBoot) {
-        debugLog.info("Bootstrap needed, skipping initial check");
+      if (await needsBootstrap(dir))
         return;
-      }
-      debugLog.info("Loading project state");
       const state = await getProjectState(dir);
-      debugLog.info("Project state loaded", {
-        hasState: !!state,
-        projectKey: state?.projectKey,
-        hasToken: !!state?.projectToken
-      });
-      if (!state || !state.projectKey) {
-        debugLog.info("No state or projectKey, skipping");
+      if (!state?.projectKey)
         return;
-      }
-      debugLog.info("Creating API and fetching quality status", { projectKey: state.projectKey });
       const api2 = createSonarQubeAPI(config2, state);
       const [qgStatus, counts] = await Promise.all([
         api2.qualityGate.getStatus(state.projectKey),
         api2.issues.getCounts(state.projectKey)
       ]);
-      debugLog.info("Quality status fetched", { qgStatus: qgStatus.projectStatus.status, counts });
       const hasIssues = counts.blocker > 0 || counts.critical > 0 || counts.major > 0;
       const qgFailed = qgStatus.projectStatus.status !== "OK";
-      if (hasIssues || qgFailed) {
-        const statusEmoji = qgFailed ? "[FAIL]" : "[WARN]";
-        const notification = `## SonarQube Status: ${statusEmoji}
-
-**Quality Gate:** ${qgStatus.projectStatus.status}
-**Outstanding Issues:** ${counts.blocker} blockers, ${counts.critical} critical, ${counts.major} major
-
-${counts.blocker > 0 ? `**Action Required:** There are BLOCKER issues that should be fixed.
-` : ""}
-Use \`sonarqube({ action: "issues" })\` to see details or \`sonarqube({ action: "analyze" })\` to re-analyze.`;
-        await client.session.prompt({
-          path: { id: sessionId },
-          body: {
-            noReply: true,
-            parts: [{ type: "text", text: notification }]
-          }
-        });
-        await showToast(qgFailed ? "SonarQube: Quality Gate Failed" : "SonarQube: Issues Found", qgFailed ? "error" : "info");
-      }
+      if (!hasIssues && !qgFailed)
+        return;
+      const notification = buildQualityNotification(qgStatus.projectStatus.status, counts, qgFailed);
+      await client.session.prompt({
+        path: { id: sessionId },
+        body: { noReply: true, parts: [{ type: "text", text: notification }] }
+      });
+      await showToast(qgFailed ? "SonarQube: Quality Gate Failed" : "SonarQube: Issues Found", qgFailed ? "error" : "info");
     } catch (error45) {
-      try {
-        const { appendFileSync: appendFileSync5 } = await import("node:fs");
-        appendFileSync5("/tmp/sonarqube-plugin-debug.log", `${new Date().toISOString()} [ERROR] performInitialQualityCheck FAILED: ${error45}
-`);
-      } catch {}
+      safeLog(`performInitialQualityCheck error: ${error45}`);
     }
   };
   const showToast = async (message, variant = "info") => {
@@ -20462,7 +20397,7 @@ ${statusNote}`;
     }
     try {
       const state = await getProjectState(getDirectory());
-      if (!state || !state.projectKey)
+      if (!state?.projectKey)
         return;
       const api2 = createSonarQubeAPI(config2, state);
       const counts = await api2.issues.getCounts(state.projectKey);
@@ -20625,9 +20560,8 @@ Git operation completed with changes. Consider running:
       }
       const dir = getDirectory();
       const state = await getProjectState(dir);
-      if (!state || !state.projectKey) {
+      if (!state?.projectKey)
         return;
-      }
       const api2 = createSonarQubeAPI(config2, state);
       const [qgStatus, counts, newCodeResponse] = await Promise.all([
         api2.qualityGate.getStatus(state.projectKey),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-sonarqube",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "OpenCode Plugin for SonarQube integration - Enterprise-level code quality from the start",
   "type": "module",
   "main": "dist/index.js",
@@ -38,7 +38,7 @@
   "homepage": "https://github.com/mguttmann/opencode-sonarqube#readme",
   "dependencies": {
     "@opencode-ai/plugin": "^1.1.34",
-    "opencode-sonarqube": "0.2.0",
+    "opencode-sonarqube": "0.2.2",
     "zod": "^3.24.0"
   },
   "devDependencies": {