opencode-sonarqube 0.3.0 → 1.2.0

package/README.md

@@ -4,7 +4,7 @@ OpenCode Plugin for SonarQube integration - Enterprise-level code quality from t
 
 [![Coverage](https://img.shields.io/badge/coverage-100%25-brightgreen)](https://sonarqube.example.com)
 [![Quality Gate](https://img.shields.io/badge/quality%20gate-passed-brightgreen)](https://sonarqube.example.com)
-[![Tests](https://img.shields.io/badge/tests-626%20passing-brightgreen)](https://sonarqube.example.com)
+[![Tests](https://img.shields.io/badge/tests-625%20passing-brightgreen)](https://sonarqube.example.com)
 [![License](https://img.shields.io/badge/license-MIT-blue)](./LICENSE)
 
 ## Features
@@ -125,6 +125,11 @@ Create `.sonarqube/config.json` in your project root:
 | `sources` | `string` | `"src"` | Source directories (comma-separated) |
 | `tests` | `string` | - | Test directories (comma-separated) |
 | `exclusions` | `string` | - | File exclusion patterns (glob) |
+| `analyzeBeforeCommit` | `boolean` | `true` | Run analysis before git commit |
+| `blockCommit` | `boolean` | `false` | Block commit if blocking issues exist |
+| `blockPush` | `boolean` | `false` | Block push if blocking issues exist |
+| `blockingSeverity` | `"BLOCKER"` \| `"CRITICAL"` \| `"MAJOR"` | `"CRITICAL"` | Minimum severity that blocks operations |
+| `fixBeforeCommit` | `boolean` | `false` | Attempt auto-fix before commit |
 
 ### Strictness Levels
 
@@ -238,7 +243,8 @@ The plugin automatically handles many scenarios without user intervention:
 |-----------|-------------------|
 | `git pull` / `git merge` | Suggests checking for new issues |
 | `git checkout` (with changes) | Suggests running analysis |
-| `git commit` (enterprise mode) | Warns if BLOCKER/CRITICAL issues exist |
+| `git commit` (enterprise mode) | Warns/blocks if BLOCKER/CRITICAL issues exist |
+| `git push` (enterprise mode) | Warns/blocks if BLOCKER/CRITICAL issues exist |
 | `git push` | Shows notification that code was pushed |
 
 ### System Prompt Injection
@@ -467,17 +473,61 @@ This project maintains enterprise-level quality:
 
 | Metric | Value |
 |--------|-------|
-| Test Coverage | 87.9% |
-| Tests | 626 |
+| Test Coverage | 100% |
+| Tests | 625 |
 | Bugs | 0 |
 | Vulnerabilities | 0 |
 | Code Smells | 0 |
+| Security Hotspots | 0 (reviewed) |
 | Duplications | 0% |
 | Reliability Rating | A |
 | Security Rating | A |
 | Maintainability Rating | A |
 | Lines of Code | ~6,000 |
 
+## CI/CD Pipeline
+
+All builds, tests, and releases are automated via GitHub Actions.
+
+### Pipeline Stages
+
+```
+┌─────────────┐     ┌─────────────────────┐     ┌─────────────────┐
+│   Build &   │────▶│  SonarQube Quality  │────▶│  Publish to npm │
+│    Test     │     │       Gate          │     │  (tags only)    │
+└─────────────┘     └─────────────────────┘     └─────────────────┘
+```
+
+1. **Build & Test**: Type check, unit tests, build
+2. **Quality Gate**: SonarQube analysis must pass (0 bugs, 0 vulnerabilities, 0 code smells)
+3. **Publish**: Only on version tags, only if quality gate passes
+
+### Creating a Release
+
+```bash
+# 1. Update version in package.json
+npm version patch   # 0.3.0 → 0.3.1
+# or: npm version minor  # 0.3.0 → 0.4.0
+# or: npm version major  # 0.3.0 → 1.0.0
+
+# 2. Push code and tag
+git push && git push --tags
+```
+
+The pipeline will automatically:
+- Run all tests
+- Check SonarQube quality gate
+- Publish to npm (if quality gate passes)
+- Create GitHub release
+
+### Required GitHub Secrets
+
+| Secret | Description |
+|--------|-------------|
+| `NPM_TOKEN` | npm access token with publish permissions |
+| `SONAR_TOKEN` | SonarQube token for analysis |
+| `SONAR_HOST_URL` | SonarQube server URL |
+
 ## License
 
 MIT

package/dist/index.js

@@ -1,20 +1,5 @@
 import { createRequire } from "node:module";
-var __create = Object.create;
-var __getProtoOf = Object.getPrototypeOf;
 var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __toESM = (mod, isNodeMode, target) => {
-  target = mod != null ? __create(__getProtoOf(mod)) : {};
-  const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
-  for (let key of __getOwnPropNames(mod))
-    if (!__hasOwnProp.call(to, key))
-      __defProp(to, key, {
-        get: () => mod[key],
-        enumerable: true
-      });
-  return to;
-};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, {
@@ -4072,7 +4057,12 @@ var init_types2 = __esm(() => {
     newCodeDefinition: exports_external2.enum(["previous_version", "number_of_days", "reference_branch", "specific_analysis"]).default("previous_version").describe("How to define 'new code' for analysis"),
     sources: exports_external2.string().default("src").describe("Source directories to analyze"),
     tests: exports_external2.string().optional().describe("Test directories"),
-    exclusions: exports_external2.string().optional().describe("File exclusion patterns")
+    exclusions: exports_external2.string().optional().describe("File exclusion patterns"),
+    analyzeBeforeCommit: exports_external2.boolean().default(true).describe("Run analysis before git commit"),
+    blockCommit: exports_external2.boolean().default(false).describe("Block commit if BLOCKER/CRITICAL issues exist"),
+    blockPush: exports_external2.boolean().default(false).describe("Block push if BLOCKER/CRITICAL issues exist"),
+    blockingSeverity: exports_external2.enum(["BLOCKER", "CRITICAL", "MAJOR"]).default("CRITICAL").describe("Minimum severity that blocks operations"),
+    fixBeforeCommit: exports_external2.boolean().default(false).describe("Attempt auto-fix before commit")
   });
   ProjectStateSchema = exports_external2.object({
     projectKey: exports_external2.string(),
@@ -4120,7 +4110,6 @@ var init_types2 = __esm(() => {
 });
 
 // src/utils/state.ts
-import { appendFileSync as appendFileSync2 } from "node:fs";
 function getStatePath(directory) {
   return `${directory}/${STATE_DIR}/${STATE_FILE}`;
 }
@@ -4133,27 +4122,14 @@ async function hasProjectState(directory) {
 }
 async function loadProjectState(directory) {
   const statePath = getStatePath(directory);
-  const stack = new Error().stack?.split(`
-`).slice(1, 5).join(" <- ") || "no stack";
-  logger4.info(">>> loadProjectState called", { directory, statePath, caller: stack });
   const exists = await Bun.file(statePath).exists();
-  logger4.info("State file exists check", { exists, statePath });
   if (!exists) {
-    logger4.info("No project state file found", { directory, statePath });
     return null;
   }
   try {
     const content = await Bun.file(statePath).text();
-    logger4.info("State file content loaded", { contentLength: content.length });
     const data = JSON.parse(content);
-    logger4.info("State file parsed", { keys: Object.keys(data) });
     const state = ProjectStateSchema.parse(data);
-    logger4.info("<<< loadProjectState success", {
-      projectKey: state.projectKey,
-      projectKeyLength: state.projectKey?.length,
-      hasToken: !!state.projectToken,
-      tokenLength: state.projectToken?.length
-    });
     return state;
   } catch (error45) {
     logger4.error("Failed to load project state", {
@@ -4212,43 +4188,14 @@ ${entry}
   await Bun.write(gitignorePath, newContent);
   logger4.info("Added SonarQube exclusion to .gitignore");
 }
-var DEBUG2, LOG_FILE2 = "/tmp/sonarqube-plugin-debug.log", logger4, STATE_DIR = ".sonarqube", STATE_FILE = "project.json";
+var logger4, STATE_DIR = ".sonarqube", STATE_FILE = "project.json";
 var init_state = __esm(() => {
   init_types2();
-  DEBUG2 = process.env["SONARQUBE_DEBUG"] === "true";
   logger4 = {
-    info: (msg, extra) => {
-      if (!DEBUG2)
-        return;
-      try {
-        appendFileSync2(LOG_FILE2, `${new Date().toISOString()} [STATE] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-      } catch {}
-    },
-    warn: (msg, extra) => {
-      if (!DEBUG2)
-        return;
-      try {
-        appendFileSync2(LOG_FILE2, `${new Date().toISOString()} [STATE-WARN] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-      } catch {}
-    },
-    error: (msg, extra) => {
-      if (!DEBUG2)
-        return;
-      try {
-        appendFileSync2(LOG_FILE2, `${new Date().toISOString()} [STATE-ERROR] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-      } catch {}
-    },
-    debug: (msg, extra) => {
-      if (!DEBUG2)
-        return;
-      try {
-        appendFileSync2(LOG_FILE2, `${new Date().toISOString()} [STATE-DEBUG] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-      } catch {}
-    }
+    info: (_msg, _extra) => {},
+    warn: (_msg, _extra) => {},
+    error: (_msg, _extra) => {},
+    debug: (_msg, _extra) => {}
   };
 });
 
@@ -16574,34 +16521,10 @@ function tool(input) {
 tool.schema = exports_external;
 // src/utils/config.ts
 init_types2();
-import { appendFileSync } from "node:fs";
-var DEBUG = process.env["SONARQUBE_DEBUG"] === "true";
-var LOG_FILE = "/tmp/sonarqube-plugin-debug.log";
 var configLogger = {
-  info: (msg, extra) => {
-    if (!DEBUG)
-      return;
-    try {
-      appendFileSync(LOG_FILE, `${new Date().toISOString()} [CONFIG] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-    } catch {}
-  },
-  warn: (msg, extra) => {
-    if (!DEBUG)
-      return;
-    try {
-      appendFileSync(LOG_FILE, `${new Date().toISOString()} [CONFIG-WARN] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-    } catch {}
-  },
-  error: (msg, extra) => {
-    if (!DEBUG)
-      return;
-    try {
-      appendFileSync(LOG_FILE, `${new Date().toISOString()} [CONFIG-ERROR] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-    } catch {}
-  }
+  info: (_msg, _extra) => {},
+  warn: (_msg, _extra) => {},
+  error: (_msg, _extra) => {}
 };
 var DEFAULT_CONFIG = {
   level: "enterprise",
@@ -17122,13 +17045,6 @@ class SonarQubeClient {
     if (requestBody) {
       headers["Content-Type"] = "application/x-www-form-urlencoded";
     }
-    if (process.env["SONARQUBE_DEBUG"] === "true") {
-      try {
-        const { appendFileSync: appendFileSync2 } = await import("node:fs");
-        appendFileSync2("/tmp/sonarqube-plugin-debug.log", `${new Date().toISOString()} [API] >>> ${method} ${endpoint} ${JSON.stringify({ url: url2, params, hasBody: !!body, bodyKeys: body ? Object.keys(body) : [] })}
-`);
-      } catch {}
-    }
     try {
       const response = await fetch(url2, {
         method,
@@ -19144,27 +19060,10 @@ function shouldBlockOnResult(result, level) {
 // src/bootstrap/index.ts
 init_types2();
 init_state();
-import { appendFileSync as appendFileSync3 } from "node:fs";
-var LOG_FILE3 = "/tmp/sonarqube-plugin-debug.log";
 var logger5 = {
-  info: (msg, extra) => {
-    try {
-      appendFileSync3(LOG_FILE3, `${new Date().toISOString()} [BOOTSTRAP] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-    } catch {}
-  },
-  warn: (msg, extra) => {
-    try {
-      appendFileSync3(LOG_FILE3, `${new Date().toISOString()} [BOOTSTRAP-WARN] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-    } catch {}
-  },
-  error: (msg, extra) => {
-    try {
-      appendFileSync3(LOG_FILE3, `${new Date().toISOString()} [BOOTSTRAP-ERROR] ${msg} ${extra ? JSON.stringify(extra) : ""}
-`);
-    } catch {}
-  }
+  info: (_msg, _extra) => {},
+  warn: (_msg, _extra) => {},
+  error: (_msg, _extra) => {}
 };
 var QUALITY_GATE_MAPPING = {
   enterprise: "Sonar way",
@@ -19231,11 +19130,9 @@ async function bootstrap(options) {
     const resolved = resolveDirectoryFromImportMeta();
     if (resolved) {
       directory = resolved;
-      logger5.info("Resolved directory from import.meta.url", { directory });
     }
   }
   if (!isValidDirectory(directory)) {
-    logger5.error("Invalid directory for bootstrap", { directory });
     return {
       success: false,
       projectKey: "",
@@ -19421,14 +19318,6 @@ function formatActionPrompt(result, config2) {
 }
 function createIdleHook(getConfig, getDirectory) {
   return async function handleSessionIdle() {
-    if (process.env["SONARQUBE_DEBUG"] === "true") {
-      try {
-        const { appendFileSync: appendFileSync4 } = await import("node:fs");
-        const dir = getDirectory();
-        appendFileSync4("/tmp/sonarqube-plugin-debug.log", `${new Date().toISOString()} [IDLE-HOOK] getDirectory()=${dir}
-`);
-      } catch {}
-    }
     const rawConfig = getConfig()?.["sonarqube"];
     const config2 = loadConfig(rawConfig);
     if (!isAnalysisEnabled(config2)) {
@@ -20113,28 +20002,11 @@ function getSeveritiesFromLevel(level) {
 }
 
 // src/index.ts
-import { appendFileSync as appendFileSync4 } from "node:fs";
-var DEBUG3 = process.env["SONARQUBE_DEBUG"] === "true";
-var LOG_FILE4 = "/tmp/sonarqube-plugin-debug.log";
-if (DEBUG3) {
-  try {
-    const moduleLoadId = Math.random().toString(36).substring(7);
-    appendFileSync4(LOG_FILE4, `${new Date().toISOString()} [LOAD] Module loaded! id=${moduleLoadId} cwd=${process.cwd()} import.meta.url=${import.meta.url}
-`);
-  } catch {}
-}
+import { readFileSync, writeFileSync } from "node:fs";
 var SHARED_STATE_FILE = "/tmp/sonarqube-plugin-shared-state.json";
-var globalSafeLog = (msg) => {
-  if (!DEBUG3)
-    return;
-  try {
-    appendFileSync4(LOG_FILE4, `${new Date().toISOString()} [GLOBAL] ${msg}
-`);
-  } catch {}
-};
 var readSharedState = () => {
   try {
-    const content = __require("fs").readFileSync(SHARED_STATE_FILE, "utf-8");
+    const content = readFileSync(SHARED_STATE_FILE, "utf-8");
     return JSON.parse(content);
   } catch {
     return { sessionToDirectory: {}, registeredDirectories: [], lastUpdated: "" };
@@ -20143,16 +20015,13 @@ var readSharedState = () => {
 var writeSharedState = (state) => {
   try {
     state.lastUpdated = new Date().toISOString();
-    __require("fs").writeFileSync(SHARED_STATE_FILE, JSON.stringify(state, null, 2));
-  } catch (e) {
-    globalSafeLog(`Failed to write shared state: ${e}`);
-  }
+    writeFileSync(SHARED_STATE_FILE, JSON.stringify(state, null, 2));
+  } catch {}
 };
 var mapSessionToDirectory = (sessionId, directory) => {
   const state = readSharedState();
   state.sessionToDirectory[sessionId] = directory;
   writeSharedState(state);
-  globalSafeLog(`Mapped session ${sessionId} to ${directory}`);
 };
 var getDirectoryForSession = (sessionId) => {
   const state = readSharedState();
@@ -20164,7 +20033,6 @@ var registerDirectory = (directory) => {
     state.registeredDirectories.push(directory);
     writeSharedState(state);
   }
-  globalSafeLog(`Registered directory: ${directory}, total: ${state.registeredDirectories.length}`);
 };
 var IGNORED_FILE_PATTERNS2 = [
   /node_modules/,
@@ -20182,19 +20050,7 @@ function shouldIgnoreFile2(filePath) {
   return IGNORED_FILE_PATTERNS2.some((pattern) => pattern.test(filePath));
 }
 var SonarQubePlugin = async ({ client, directory, worktree }) => {
-  const safeLog = (msg) => {
-    if (!DEBUG3)
-      return;
-    try {
-      appendFileSync4(LOG_FILE4, `${new Date().toISOString()} [PLUGIN] ${msg}
-`);
-    } catch {}
-  };
-  safeLog(`=== PLUGIN START ===`);
-  safeLog(`  directory param: "${directory}"`);
-  safeLog(`  worktree param: "${worktree}"`);
-  safeLog(`  process.cwd(): "${process.cwd()}"`);
-  safeLog(`  import.meta.url: "${import.meta.url}"`);
+  const safeLog = (_msg) => {};
   const pluginImportUrl = import.meta.url;
   const resolveDirectoryFromImportUrl = () => {
     try {
@@ -20212,26 +20068,16 @@ var SonarQubePlugin = async ({ client, directory, worktree }) => {
   };
   const resolveValidDirectory = () => {
     const fromImportUrl = resolveDirectoryFromImportUrl();
-    if (fromImportUrl) {
-      safeLog(`USING import.meta.url derived path=${fromImportUrl}`);
+    if (fromImportUrl)
       return fromImportUrl;
-    }
-    if (worktree && worktree !== "/" && worktree.length > 1) {
-      safeLog(`USING worktree=${worktree}`);
+    if (worktree && worktree !== "/" && worktree.length > 1)
       return worktree;
-    }
-    if (directory && directory !== "/" && directory.length > 1) {
-      safeLog(`USING directory=${directory}`);
+    if (directory && directory !== "/" && directory.length > 1)
       return directory;
-    }
     const cwd = process.cwd();
-    if (cwd && cwd !== "/" && cwd.length > 1) {
-      safeLog(`USING cwd=${cwd}`);
+    if (cwd && cwd !== "/" && cwd.length > 1)
       return cwd;
-    }
-    const homeDir = process.env["HOME"] || "/Users";
-    safeLog(`FALLBACK home=${homeDir}`);
-    return homeDir;
+    return process.env["HOME"] || "/Users";
   };
   const effectiveDirectory = resolveValidDirectory();
   safeLog(`FINAL effectiveDirectory=${effectiveDirectory}`);
@@ -20484,44 +20330,120 @@ Issues: ${issues.blocker} blockers, ${issues.critical} critical, ${issues.major}
 
 ${statusNote}`;
   };
-  const handlePreCommitCheck = async (output) => {
+  const sendAutoFixPrompt = async (analysisResult) => {
+    await client.session.prompt({
+      path: { id: currentSessionId },
+      body: {
+        parts: [{
+          type: "text",
+          text: `## SonarQube: Auto-Fix Required
+
+Found blocking issues before commit. Attempting automatic fix...
+
+${formatAnalysisResult(analysisResult)}
+
+Please fix these issues and then try committing again.`
+        }]
+      }
+    });
+    await showToast("SonarQube: Fixing issues before commit...", "info");
+  };
+  const sendBlockingMessage = async (issues, shouldBlock, autoFixAvailable) => {
+    const statusText = shouldBlock ? "Commit Blocked" : "Pre-Commit Warning";
+    const labelText = shouldBlock ? "BLOCKED" : "WARNING";
+    const actionText = shouldBlock ? "Commit is blocked until these issues are fixed." : "Consider fixing these before committing.";
+    const autoFixHint = autoFixAvailable ? '\nOr run `sonarqube({ action: "analyze", fix: true })` to auto-fix.' : "";
+    const warningMessage = `## SonarQube: ${statusText}
+
+**${labelText}:** Found ${issues.blocker} BLOCKER and ${issues.critical} CRITICAL issues.
+
+${actionText}
+
+Run \`sonarqube({ action: "issues", severity: "critical" })\` to see details.${autoFixHint}`;
+    await client.session.prompt({
+      path: { id: currentSessionId },
+      body: { noReply: !shouldBlock, parts: [{ type: "text", text: warningMessage }] }
+    });
+    const toastMessage = shouldBlock ? "SonarQube: Commit BLOCKED - fix issues first" : "SonarQube: Issues found";
+    await showToast(toastMessage, "error");
+    return warningMessage;
+  };
+  const checkExistingIssuesAndBlock = async (api2, projectKey, operationType, blockingSeverity, shouldBlock) => {
+    const counts = await api2.issues.getCounts(projectKey);
+    const hasBlockingIssues = checkBlockingIssues(counts, blockingSeverity);
+    if (!hasBlockingIssues || !shouldBlock) {
+      return { block: false };
+    }
+    const opName = operationType === "commit" ? "Commit" : "Push";
+    const message = `## SonarQube: ${opName} Blocked
+
+**BLOCKED:** There are ${counts.blocker} BLOCKER, ${counts.critical} CRITICAL, and ${counts.major} MAJOR issues.
+
+Fix these issues before ${operationType === "commit" ? "committing" : "pushing"}.`;
+    await client.session.prompt({
+      path: { id: currentSessionId },
+      body: { noReply: true, parts: [{ type: "text", text: message }] }
+    });
+    await showToast(`SonarQube: ${operationType} BLOCKED`, "error");
+    return { block: true, message };
+  };
+  const handleGitOperationCheck = async (output, operationType) => {
     const args = output.args;
     const command = args?.command ?? "";
-    if (!/git\s+commit\b/.test(command) || /--amend/.test(command)) {
-      return;
-    }
+    const isCommit = /git\s+commit\b/.test(command) && !/--amend/.test(command);
+    const isPush = /git\s+push\b/.test(command);
+    const isMatchingOperation = operationType === "commit" && isCommit || operationType === "push" && isPush;
+    if (!isMatchingOperation)
+      return { block: false };
     await loadPluginConfig();
     const sonarConfig = pluginConfig?.["sonarqube"];
     const config2 = loadConfig(sonarConfig);
-    if (config2?.level !== "enterprise") {
-      return;
-    }
+    if (!config2 || config2.level === "off")
+      return { block: false };
+    const { analyzeBeforeCommit = true, blockCommit = false, blockPush = false } = config2;
+    const { fixBeforeCommit = false, blockingSeverity = "CRITICAL", autoFix = false } = config2;
+    const shouldBlock = operationType === "commit" && blockCommit || operationType === "push" && blockPush;
     try {
-      const state = await getProjectState(getDirectory());
+      const dir = getDirectory();
+      const state = await getProjectState(dir);
       if (!state?.projectKey)
-        return;
+        return { block: false };
       const api2 = createSonarQubeAPI(config2, state);
-      const counts = await api2.issues.getCounts(state.projectKey);
-      if (counts.blocker > 0 || counts.critical > 0) {
-        await client.session.prompt({
-          path: { id: currentSessionId },
-          body: {
-            noReply: true,
-            parts: [{
-              type: "text",
-              text: `## SonarQube: Pre-Commit Warning
-
-**IMPORTANT:** There are ${counts.blocker} BLOCKER and ${counts.critical} CRITICAL issues.
-
-Enterprise quality standards require these to be fixed before committing.
-
-Run \`sonarqube({ action: "issues", severity: "critical" })\` to see details.`
-            }]
-          }
-        });
-        await showToast("SonarQube: Fix critical issues before commit", "error");
-      }
-    } catch {}
+      if (operationType === "push" || !analyzeBeforeCommit) {
+        return checkExistingIssuesAndBlock(api2, state.projectKey, operationType, blockingSeverity, shouldBlock);
+      }
+      await showToast("SonarQube: Running pre-commit analysis...", "info");
+      const analysisResult = await runAnalysis(config2, state, { projectKey: state.projectKey }, dir);
+      if (analysisResult.qualityGateStatus === "OK") {
+        await showToast("SonarQube: Quality check passed!", "success");
+        return { block: false };
+      }
+      const hasBlockingIssues = checkBlockingIssues(analysisResult.issues, blockingSeverity);
+      if (!hasBlockingIssues) {
+        await showToast("SonarQube: Quality check passed!", "success");
+        return { block: false };
+      }
+      if (fixBeforeCommit && autoFix) {
+        await sendAutoFixPrompt(analysisResult);
+        return { block: shouldBlock, message: "SonarQube is fixing issues. Please wait and try again." };
+      }
+      const warningMessage = await sendBlockingMessage(analysisResult.issues, shouldBlock, autoFix);
+      return { block: shouldBlock, message: warningMessage };
+    } catch {
+      return { block: false };
+    }
+  };
+  const checkBlockingIssues = (issues, threshold) => {
+    switch (threshold) {
+      case "BLOCKER":
+        return issues.blocker > 0;
+      case "CRITICAL":
+        return issues.blocker > 0 || issues.critical > 0;
+      case "MAJOR":
+        return issues.blocker > 0 || issues.critical > 0 || issues.major > 0;
+      default:
+        return issues.blocker > 0 || issues.critical > 0;
+    }
   };
   const logSonarQubeResult = async (input, output) => {
     if (input.tool !== "sonarqube")
@@ -20640,7 +20562,20 @@ Git operation completed with changes. Consider running:
       }
       const isBashTool = input.tool === "bash" || input.tool === "mcp_bash";
       if (isBashTool && currentSessionId) {
-        await handlePreCommitCheck(output);
+        const args = output.args;
+        const command = args?.command ?? "";
+        if (/git\s+commit\b/.test(command) && !/--amend/.test(command)) {
+          const result = await handleGitOperationCheck(output, "commit");
+          if (result.block) {
+            safeLog(`Commit blocked by quality gate`);
+          }
+        }
+        if (/git\s+push\b/.test(command)) {
+          const result = await handleGitOperationCheck(output, "push");
+          if (result.block) {
+            safeLog(`Push blocked by quality gate`);
+          }
+        }
       }
     }, "tool.execute.before"),
     "tool.execute.after": safeAsync(async (input, output) => {
@@ -20944,6 +20879,9 @@ if (isDirectCLI) {
   await executeCLI();
 }
 export {
+  runCLI,
+  executeCLI,
   src_default as default,
-  SonarQubePlugin
+  SonarQubePlugin,
+  CLI_HELP
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-sonarqube",
-  "version": "0.3.0",
+  "version": "1.2.0",
   "description": "OpenCode Plugin for SonarQube integration - Enterprise-level code quality from the start",
   "type": "module",
   "main": "dist/index.js",