opencode-sonarqube 1.5.1 → 2.0.1

package/dist/index.js

@@ -4039,7 +4039,7 @@ var init_types2 = __esm(() => {
     projectName: exports_external2.string().optional().describe("SonarQube project display name"),
     qualityGate: exports_external2.string().optional().describe("Quality gate to use"),
     newCodeDefinition: exports_external2.enum(["previous_version", "number_of_days", "reference_branch", "specific_analysis"]).default("previous_version").describe("How to define 'new code' for analysis"),
-    sources: exports_external2.string().default("src").describe("Source directories to analyze"),
+    sources: exports_external2.string().optional().describe("Source directories to analyze (auto-detected if not set)"),
     tests: exports_external2.string().optional().describe("Test directories"),
     exclusions: exports_external2.string().optional().describe("File exclusion patterns")
   });
@@ -4234,7 +4234,8 @@ async function deriveProjectKey(directory) {
   return `project-${Date.now()}`;
 }
 function sanitizeProjectKey(input) {
-  return input.toLowerCase().replaceAll(/[^a-z0-9-_]/g, "-").replaceAll(/-+/g, "-").replaceAll(/(?:^-)|(?:-$)/g, "").slice(0, 400);
+  const sanitized = input.toLowerCase().replaceAll(/[^a-z0-9-_]/g, "-").replaceAll(/-+/g, "-").replaceAll(/(?:^-)|(?:-$)/g, "").slice(0, 400);
+  return sanitized || "project";
 }
 var configLogger, DEFAULT_CONFIG;
 var init_config = __esm(() => {
@@ -4244,8 +4245,7 @@ var init_config = __esm(() => {
   DEFAULT_CONFIG = {
     level: "enterprise",
     autoAnalyze: true,
-    newCodeDefinition: "previous_version",
-    sources: "src"
+    newCodeDefinition: "previous_version"
   };
 });
 
@@ -4422,11 +4422,29 @@ function getSubdirectories(path) {
     const output = result.stdout.toString().trim();
     if (!output)
       return [];
+    const SKIP_DIRS = new Set([
+      "node_modules",
+      "dist",
+      "build",
+      "out",
+      "coverage",
+      ".next",
+      ".nuxt",
+      ".output",
+      "target",
+      "__pycache__",
+      ".venv",
+      "venv",
+      "vendor",
+      "tmp",
+      ".turbo",
+      ".cache"
+    ]);
     return output.split(`
 `).filter((name) => {
       if (name.startsWith("."))
         return false;
-      if (name === "node_modules")
+      if (SKIP_DIRS.has(name))
         return false;
       return directoryExists(`${path}/${name}`);
     });
@@ -4576,7 +4594,7 @@ async function generatePropertiesContent(options, config2, directory) {
   if (detection.languages.includes("go")) {
     lines.push("", "# Go", "sonar.go.coverage.reportPaths=coverage.out");
   }
-  lines.push("", "# Analysis Settings", "sonar.sourceEncoding=UTF-8", "sonar.scm.provider=git", `sonar.cpd.exclusions=${getTestPatterns(detection.languages)}`, "sonar.coverage.exclusions=src/bootstrap/index.ts,src/index.ts,src/scanner/runner.ts,src/tools/handlers/setup.ts,src/cli.ts");
+  lines.push("", "# Analysis Settings", "sonar.sourceEncoding=UTF-8", "sonar.scm.provider=git", `sonar.cpd.exclusions=${getTestPatterns(detection.languages)}`);
   if (options.additionalProperties) {
     lines.push("", "# Additional Properties");
     for (const [key, value] of Object.entries(options.additionalProperties)) {
@@ -19401,7 +19419,7 @@ function extractTaskId(output) {
   return altMatch?.[1];
 }
 function sanitizeArgValue(value) {
-  return value.replaceAll(/[;&|`$(){}[\]<>\\'"!\n\r]/g, "");
+  return value.replaceAll(/[\n\r]/g, "");
 }
 async function runScanner(config3, state, options, directory) {
   const dir = directory ?? process.cwd();
@@ -19441,7 +19459,7 @@ async function runScanner(config3, state, options, directory) {
       stderr: "pipe",
       env: {
         ...process.env,
-        NODE_OPTIONS: "--max-old-space-size=4096"
+        NODE_OPTIONS: `${process.env["NODE_OPTIONS"] ?? ""} --max-old-space-size=4096`.trim()
       }
     });
     const stdout = await new Response(proc.stdout).text();
@@ -19917,9 +19935,118 @@ function createHandlerContext(config3, state, projectKey, directory) {
 // src/tools/handlers/setup.ts
 init_bootstrap();
 init_detection();
-init_logger();
 import { mkdir } from "node:fs/promises";
-var logger8 = new Logger("sonarqube-handler-setup");
+
+// src/scanner/config/validation.ts
+init_logger();
+init_patterns();
+init_detection();
+var logger8 = new Logger("config-validation");
+function sourcesNeedRepair(sources) {
+  if (!sources)
+    return false;
+  const parts = sources.split(",").map((s) => s.trim());
+  return parts.some((part) => MONOREPO_PATTERNS.includes(part));
+}
+async function validateAndRepairConfig(directory) {
+  const configPath = `${directory}/.sonarqube/config.json`;
+  const repairs = [];
+  try {
+    const file2 = Bun.file(configPath);
+    if (!await file2.exists()) {
+      return { valid: true, repairs };
+    }
+    const config3 = await file2.json();
+    let changed = false;
+    if (config3.sources && sourcesNeedRepair(config3.sources)) {
+      const oldSources = config3.sources;
+      const newSources = detectSourceDirectories(directory);
+      if (newSources !== oldSources) {
+        config3.sources = newSources;
+        changed = true;
+        repairs.push(`Updated sources: "${oldSources}" → "${newSources}" (avoid scanning build artifacts)`);
+      }
+    }
+    if (config3.sources === "" || config3.sources === ".") {
+      const detected = detectSourceDirectories(directory);
+      if (detected !== ".") {
+        config3.sources = detected;
+        changed = true;
+        repairs.push(`Detected sources: "${detected}"`);
+      }
+    }
+    if (changed) {
+      await Bun.write(configPath, JSON.stringify(config3, null, 2));
+      logger8.info("Repaired config.json", { repairs });
+    }
+    return { valid: !changed, repairs };
+  } catch (error45) {
+    logger8.warn("Could not validate config.json", { error: error45 });
+    return { valid: true, repairs };
+  }
+}
+async function validateAndRepairProperties(directory) {
+  const propertiesPath = `${directory}/sonar-project.properties`;
+  const repairs = [];
+  try {
+    const file2 = Bun.file(propertiesPath);
+    if (!await file2.exists()) {
+      return { valid: true, repairs };
+    }
+    let content = await file2.text();
+    let changed = false;
+    const sourcesRegex = /^sonar\.sources=(.+)$/m;
+    const sourcesMatch = sourcesRegex.exec(content);
+    if (sourcesMatch) {
+      const currentSources = sourcesMatch[1];
+      if (sourcesNeedRepair(currentSources)) {
+        const newSources = detectSourceDirectories(directory);
+        if (newSources !== currentSources) {
+          content = content.replace(sourcesRegex, `sonar.sources=${newSources}`);
+          changed = true;
+          repairs.push(`Updated sonar.sources: "${currentSources}" → "${newSources}"`);
+        }
+      }
+    }
+    const testsRegex = /^sonar\.tests=(.+)$/m;
+    const testsMatch = testsRegex.exec(content);
+    if (testsMatch) {
+      const currentTests = testsMatch[1];
+      if (sourcesNeedRepair(currentTests)) {
+        const newTests = detectSourceDirectories(directory);
+        if (newTests !== currentTests) {
+          content = content.replace(testsRegex, `sonar.tests=${newTests}`);
+          changed = true;
+          repairs.push(`Updated sonar.tests: "${currentTests}" → "${newTests}"`);
+        }
+      }
+    }
+    if (changed) {
+      await Bun.write(propertiesPath, content);
+      logger8.info("Repaired sonar-project.properties", { repairs });
+    }
+    return { valid: !changed, repairs };
+  } catch (error45) {
+    logger8.warn("Could not validate sonar-project.properties", { error: error45 });
+    return { valid: true, repairs };
+  }
+}
+async function validateAndRepairAll(directory) {
+  const configResult = await validateAndRepairConfig(directory);
+  const propertiesResult = await validateAndRepairProperties(directory);
+  const allRepairs = [...configResult.repairs, ...propertiesResult.repairs];
+  const allValid = configResult.valid && propertiesResult.valid;
+  if (allRepairs.length > 0) {
+    logger8.info("Config validation completed with repairs", {
+      repairCount: allRepairs.length
+    });
+  }
+  return { valid: allValid, repairs: allRepairs };
+}
+
+// src/tools/handlers/setup.ts
+init_logger();
+var logger9 = new Logger("sonarqube-handler-setup");
 async function handleSetup(config3, directory, force = false) {
   const result = await bootstrap({ config: config3, directory, force });
   if (!result.success) {
@@ -19930,7 +20057,12 @@ ${result.message}`;
   const sonarqubeDir = `${directory}/.sonarqube`;
   const configPath = `${sonarqubeDir}/config.json`;
   const configExists = await Bun.file(configPath).exists();
-  if (!configExists) {
+  if (configExists) {
+    const validation = await validateAndRepairAll(directory);
+    if (validation.repairs.length > 0) {
+      logger9.info("Repaired existing config", { repairs: validation.repairs });
+    }
+  } else {
     await mkdir(sonarqubeDir, { recursive: true });
     const detectedSources = detectSourceDirectories(directory);
     const defaultConfig = {
@@ -19940,7 +20072,7 @@ ${result.message}`;
       newCodeDefinition: "previous_version"
     };
     await Bun.write(configPath, JSON.stringify(defaultConfig, null, 2));
-    logger8.info("Created default config.json", { path: configPath });
+    logger9.info("Created default config.json", { path: configPath });
   }
   const lines = [
     "## SonarQube Project Initialized",
@@ -19960,56 +20092,38 @@ ${result.message}`;
 `);
 }
 // src/tools/handlers/analyze.ts
-var COVERAGE_EXCLUDED_FILES = [
-  "src/bootstrap/index.ts",
-  "src/index.ts",
-  "src/scanner/runner.ts",
-  "src/tools/handlers/setup.ts",
-  "src/cli.ts",
-  "src/utils/config.ts",
-  "src/utils/shared-state.ts"
-];
-async function filterLcovForCoverage(directory) {
-  const lcovPath = `${directory}/coverage/lcov.info`;
-  try {
-    const content = await Bun.file(lcovPath).text();
-    const lines = content.split(`
-`);
-    const filteredLines = [];
-    let skipCurrentFile = false;
-    for (const line of lines) {
-      if (line.startsWith("SF:")) {
-        const filePath = line.substring(3);
-        skipCurrentFile = COVERAGE_EXCLUDED_FILES.some((excluded) => filePath.endsWith(excluded) || filePath.includes(`/${excluded}`));
-      }
-      if (!skipCurrentFile) {
-        filteredLines.push(line);
-      }
-      if (line === "end_of_record") {
-        skipCurrentFile = false;
-      }
-    }
-    await Bun.write(lcovPath, filteredLines.join(`
-`));
-  } catch {}
-}
 async function handleAnalyze(ctx, args) {
   const { config: config3, state, projectKey, directory } = ctx;
   const projectName = config3.projectName ?? projectKey;
-  await filterLcovForCoverage(directory);
-  const coverageExclusions = COVERAGE_EXCLUDED_FILES.map((f) => `**/${f.split("/").pop()}`).join(",");
+  const validation = await validateAndRepairAll(directory);
+  let effectiveSources = config3.sources;
+  let effectiveTests = config3.tests;
+  if (validation.repairs.length > 0) {
+    try {
+      const repairedConfig = await Bun.file(`${directory}/.sonarqube/config.json`).json();
+      effectiveSources = repairedConfig.sources ?? effectiveSources;
+      effectiveTests = repairedConfig.tests ?? effectiveTests;
+    } catch {}
+  }
   const result = await runAnalysis(config3, state, {
     projectKey,
     projectName,
-    sources: config3.sources,
-    tests: config3.tests,
-    exclusions: config3.exclusions,
-    additionalProperties: {
-      "sonar.coverage.exclusions": coverageExclusions,
-      "sonar.javascript.lcov.reportPaths": "coverage/lcov.info"
-    }
+    sources: effectiveSources,
+    tests: effectiveTests,
+    exclusions: config3.exclusions
   }, directory);
-  let output = formatAnalysisResult(result);
+  let output = "";
+  if (validation.repairs.length > 0) {
+    output += `### Config Auto-Repair
+`;
+    for (const repair of validation.repairs) {
+      output += `- ${repair}
+`;
+    }
+    output += `
+`;
+  }
+  output += formatAnalysisResult(result);
   if (args.fix && result.formattedIssues.length > 0) {
     output += formatFixSuggestions(result.formattedIssues);
   }
@@ -20368,7 +20482,7 @@ Run \`sonarqube({ action: "analyze" })\` to generate metrics.`));
   return output;
 }
 // src/tools/sonarqube.ts
-var logger9 = new Logger("sonarqube-tool");
+var logger10 = new Logger("sonarqube-tool");
 var SonarQubeToolArgsSchema = exports_external2.object({
   action: exports_external2.enum(["analyze", "issues", "newissues", "status", "init", "setup", "validate", "hotspots", "duplications", "rule", "history", "profile", "branches", "metrics", "worstfiles"]).describe("Action to perform: analyze (run scanner), issues (all issues), newissues (only new code issues), status (quality gate), init/setup (initialize), validate (enterprise check), hotspots (security review), duplications (code duplicates), rule (explain rule), history (past analyses), profile (quality profile), branches (branch status), metrics (detailed metrics), worstfiles (files with most issues)"),
   scope: exports_external2.enum(["all", "new", "changed"]).optional().default("all").describe("Scope of analysis: all files, only new code, or changed files"),
@@ -20384,26 +20498,23 @@ async function executeSonarQubeTool(args, context) {
   const config3 = loadConfig(context.config);
   if (!config3) {
     return formatError2(ErrorMessages.configurationMissing("SonarQube configuration not found.", [
-      "Set environment variables: SONAR_HOST_URL and SONAR_TOKEN",
+      "Set environment variables: SONAR_HOST_URL, SONAR_USER, and SONAR_PASSWORD",
       "Or create a .sonarqube/config.json file in your project",
       "Or add plugin configuration in opencode.json"
     ]) + `
 
 Required environment variables:
 - SONAR_HOST_URL (e.g., https://sonarqube.company.com)
-- SONAR_TOKEN (analysis token)
-
-Optional:
-- SONAR_USER
-- SONAR_PASSWORD`);
+- SONAR_USER (e.g., admin)
+- SONAR_PASSWORD (password or token)`);
   }
-  logger9.info(`Executing SonarQube tool: ${args.action}`, { directory });
+  logger10.info(`Executing SonarQube tool: ${args.action}`, { directory });
   try {
     if (args.action === "init" || args.action === "setup") {
       return await handleSetup(config3, directory, args.force);
     }
     if (await needsBootstrap(directory)) {
-      logger9.info("First run detected, running bootstrap");
+      logger10.info("First run detected, running bootstrap");
       const { bootstrap: bootstrap2 } = await Promise.resolve().then(() => (init_bootstrap(), exports_bootstrap));
       const setupResult = await bootstrap2({ config: config3, directory });
       if (!setupResult.success) {
@@ -20411,7 +20522,7 @@ Optional:
 
 ${setupResult.message}`);
       }
-      logger9.info("Bootstrap completed", { projectKey: setupResult.projectKey });
+      logger10.info("Bootstrap completed", { projectKey: setupResult.projectKey });
     }
     const state = await getProjectState(directory);
     if (!state) {
@@ -20451,7 +20562,7 @@ ${setupResult.message}`);
     }
   } catch (error45) {
     const errorMessage = error45 instanceof Error ? error45.message : String(error45);
-    logger9.error(`Tool execution failed: ${errorMessage}`);
+    logger10.error(`Tool execution failed: ${errorMessage}`);
     return formatError2(ErrorMessages.apiError(args.action, errorMessage, config3.url));
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-sonarqube",
-  "version": "1.5.1",
+  "version": "2.0.1",
   "description": "OpenCode Plugin for SonarQube integration - Enterprise-level code quality from the start",
   "type": "module",
   "main": "dist/index.js",