sonar-sweep 0.1.0 → 0.2.1

package/README.md

@@ -33,7 +33,7 @@ sonar-sweep pr-report <projectKey> <pullRequest> --token <token>
 Or set environment variables:
 
 ```bash
-SONAR_TOKEN=... 
+SONAR_TOKEN=...
 SONAR_BASE_URL=https://sonarcloud.io
 ```
 

package/dist/cli/index.d.mts

@@ -0,0 +1,4 @@
+//#region src/cli/index.d.ts
+declare function run(argv?: Array<string>): Promise<void>;
+//#endregion
+export { run };

package/dist/cli/index.mjs

@@ -0,0 +1,3 @@
+import { t as run } from "../cli-BMrnoS5Q.mjs";
+
+export { run };

package/dist/cli-BMrnoS5Q.mjs

@@ -0,0 +1,650 @@
+import { a as getPullRequestReport, i as getPullRequestIssues, n as getPullRequestReview, o as SonarCloudClient, r as getPullRequestCoverage, t as transitionIssue } from "./issue-transition-B5r9hQVC.mjs";
+import { hideBin } from "yargs/helpers";
+import yargs from "yargs/yargs";
+import { execFileSync } from "node:child_process";
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+
+//#region \0rolldown/runtime.js
+var __defProp = Object.defineProperty;
+var __exportAll = (all, no_symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (!no_symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+
+//#endregion
+//#region src/service/hotspot-transition.ts
+async function reviewHotspot(clientOptions, input) {
+	const hotspotKey = input.hotspotKey.trim();
+	const resolution = input.resolution;
+	const comment = input.comment?.trim();
+	if (!hotspotKey) throw new Error("Missing hotspotKey");
+	if (!resolution) throw new Error("Missing resolution (SAFE, ACKNOWLEDGED, or FIXED)");
+	const validResolutions = [
+		"SAFE",
+		"ACKNOWLEDGED",
+		"FIXED"
+	];
+	if (!validResolutions.includes(resolution)) throw new Error(`Invalid resolution: ${resolution}. Must be one of: ${validResolutions.join(", ")}`);
+	await new SonarCloudClient(clientOptions).changeHotspotStatus(hotspotKey, "REVIEWED", resolution, comment);
+	return {
+		applied: true,
+		hotspotKey,
+		resolution,
+		status: "REVIEWED"
+	};
+}
+
+//#endregion
+//#region src/cli/commands/hotspot-review.ts
+var hotspot_review_exports = /* @__PURE__ */ __exportAll({
+	builder: () => builder$6,
+	command: () => command$6,
+	describe: () => describe$6,
+	handler: () => handler$6
+});
+const command$6 = "hotspot-review <hotspotKey>";
+const describe$6 = "Mark a security hotspot as reviewed (SAFE, ACKNOWLEDGED, or FIXED)";
+function builder$6(yargs) {
+	return yargs.positional("hotspotKey", {
+		coerce: (value) => String(value).trim(),
+		demandOption: "Provide a hotspot key",
+		type: "string"
+	}).option("token", {
+		default: process.env.SONAR_TOKEN,
+		defaultDescription: "SONAR_TOKEN",
+		demandOption: "Provide --token or set SONAR_TOKEN",
+		type: "string"
+	}).option("baseUrl", {
+		alias: ["base-url", "url"],
+		coerce: (value) => String(value).replace(/\/$/, ""),
+		default: process.env.SONAR_BASE_URL ?? "https://sonarcloud.io",
+		defaultDescription: "SONAR_BASE_URL or https://sonarcloud.io",
+		type: "string"
+	}).option("resolution", {
+		alias: "r",
+		choices: [
+			"SAFE",
+			"ACKNOWLEDGED",
+			"FIXED"
+		],
+		default: "SAFE",
+		describe: "Resolution type: SAFE (not a risk), ACKNOWLEDGED (risk accepted), FIXED (code changed)",
+		type: "string"
+	}).option("comment", {
+		alias: "c",
+		describe: "Optional review comment",
+		type: "string"
+	}).option("json", {
+		default: false,
+		describe: "Print raw JSON for automation/agents",
+		type: "boolean"
+	});
+}
+async function handler$6(args) {
+	const result = await reviewHotspot({
+		baseUrl: args.baseUrl,
+		token: args.token
+	}, {
+		comment: args.comment,
+		hotspotKey: args.hotspotKey,
+		resolution: args.resolution
+	});
+	if (args.json) {
+		process.stdout.write(`${JSON.stringify(result, null, 2)}\n`);
+		return;
+	}
+	process.stdout.write(`Reviewed hotspot ${result.hotspotKey} as ${result.resolution}\n`);
+}
+
+//#endregion
+//#region src/cli/commands/issue-accept.ts
+var issue_accept_exports = /* @__PURE__ */ __exportAll({
+	builder: () => builder$5,
+	command: () => command$5,
+	describe: () => describe$5,
+	handler: () => handler$5
+});
+const command$5 = "issue-accept <issueKey>";
+const describe$5 = "Mark a Sonar issue as accepted (transition=accept)";
+function builder$5(yargs) {
+	return yargs.positional("issueKey", {
+		coerce: (value) => String(value).trim(),
+		demandOption: "Provide an issue key",
+		type: "string"
+	}).option("token", {
+		default: process.env.SONAR_TOKEN,
+		defaultDescription: "SONAR_TOKEN",
+		demandOption: "Provide --token or set SONAR_TOKEN",
+		type: "string"
+	}).option("baseUrl", {
+		alias: ["base-url", "url"],
+		coerce: (value) => String(value).replace(/\/$/, ""),
+		default: process.env.SONAR_BASE_URL ?? "https://sonarcloud.io",
+		defaultDescription: "SONAR_BASE_URL or https://sonarcloud.io",
+		type: "string"
+	}).option("comment", {
+		describe: "Optional acceptance comment",
+		type: "string"
+	}).option("json", {
+		default: false,
+		describe: "Print raw JSON for automation/agents",
+		type: "boolean"
+	});
+}
+async function handler$5(args) {
+	const result = await transitionIssue({
+		baseUrl: args.baseUrl,
+		token: args.token
+	}, {
+		comment: args.comment,
+		issueKey: args.issueKey,
+		transition: "accept"
+	});
+	if (args.json) {
+		process.stdout.write(`${JSON.stringify(result, null, 2)}\n`);
+		return;
+	}
+	process.stdout.write(`Accepted issue ${result.issueKey} (${result.transition})\n`);
+}
+
+//#endregion
+//#region src/cli/project-key.ts
+function resolveProjectKey(projectKey) {
+	if (projectKey?.trim()) return projectKey.trim();
+	const sonarPropsPath = join(getGitRoot(), "sonar-project.properties");
+	if (!existsSync(sonarPropsPath)) throw new Error(`Missing projectKey and no sonar-project.properties found at ${sonarPropsPath}. Provide --projectKey explicitly.`);
+	const key = readFileSync(sonarPropsPath, "utf8").match(/^\s*sonar\.projectKey\s*=\s*(.+)\s*$/m)?.[1]?.trim();
+	if (!key) throw new Error(`Could not read sonar.projectKey from ${sonarPropsPath}. Provide --projectKey explicitly.`);
+	return key;
+}
+function getGitRoot() {
+	try {
+		return execFileSync("git", ["rev-parse", "--show-toplevel"], {
+			encoding: "utf8",
+			stdio: [
+				"ignore",
+				"pipe",
+				"ignore"
+			]
+		}).trim();
+	} catch {
+		return process.cwd();
+	}
+}
+
+//#endregion
+//#region src/cli/commands/pr-coverage.ts
+var pr_coverage_exports = /* @__PURE__ */ __exportAll({
+	builder: () => builder$4,
+	command: () => command$4,
+	describe: () => describe$4,
+	handler: () => handler$4
+});
+const command$4 = "pr-coverage <pullRequest> [projectKey]";
+const describe$4 = "List files with low new-code coverage for a pull request";
+function builder$4(yargs) {
+	return yargs.positional("projectKey", {
+		describe: "Sonar project key (optional; auto-detected from sonar-project.properties)",
+		type: "string"
+	}).positional("pullRequest", {
+		coerce: (value) => String(value).trim(),
+		demandOption: "Provide a pull request key/id",
+		type: "string"
+	}).option("token", {
+		default: process.env.SONAR_TOKEN,
+		defaultDescription: "SONAR_TOKEN",
+		demandOption: "Provide --token or set SONAR_TOKEN",
+		type: "string"
+	}).option("baseUrl", {
+		alias: ["base-url", "url"],
+		coerce: (value) => String(value).replace(/\/$/, ""),
+		default: process.env.SONAR_BASE_URL ?? "https://sonarcloud.io",
+		defaultDescription: "SONAR_BASE_URL or https://sonarcloud.io",
+		type: "string"
+	}).option("projectKey", {
+		alias: ["project-key", "k"],
+		describe: "Sonar project key (overrides auto-detection)",
+		type: "string"
+	}).option("threshold", {
+		coerce: (value) => Math.max(0, Math.min(100, Number(value))),
+		default: 80,
+		describe: "Coverage threshold percentage",
+		type: "number"
+	}).option("includePassing", {
+		default: false,
+		describe: "Include files that meet threshold too",
+		type: "boolean"
+	}).option("maxFiles", {
+		alias: ["max", "limit"],
+		coerce: (value) => Math.max(1, Number(value)),
+		default: 20,
+		type: "number"
+	}).option("json", {
+		default: false,
+		describe: "Print raw JSON for automation/agents",
+		type: "boolean"
+	});
+}
+async function handler$4(args) {
+	const projectKey = resolveProjectKey(args.projectKey);
+	const report = await getPullRequestCoverage({
+		baseUrl: args.baseUrl,
+		token: args.token
+	}, {
+		includePassing: args.includePassing,
+		maxFiles: args.maxFiles,
+		projectKey,
+		pullRequest: args.pullRequest,
+		threshold: args.threshold
+	});
+	if (args.json) {
+		process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);
+		return;
+	}
+	process.stdout.write(`Found ${report.files.length} file(s) below ${report.threshold.toFixed(1)}% new-code coverage\n`);
+	for (const file of report.files) process.stdout.write(`- ${file.file}: ${file.coverageOnNewCode.toFixed(1)}% (${file.uncoveredLines}/${file.linesToCover} uncovered lines)\n`);
+	process.stdout.write(`See analysis details: ${report.analysisUrl}\n`);
+}
+
+//#endregion
+//#region src/service/pr-hotspots.ts
+async function getPullRequestHotspots(clientOptions, input) {
+	const projectKey = input.projectKey.trim();
+	const pullRequest = input.pullRequest.trim();
+	const status = input.status ?? "TO_REVIEW";
+	const page = input.page ?? 1;
+	const pageSize = input.pageSize ?? 100;
+	if (!projectKey) throw new Error("Missing projectKey");
+	if (!pullRequest) throw new Error("Missing pullRequest");
+	const baseUrl = (clientOptions.baseUrl ?? "https://sonarcloud.io").replace(/\/$/, "");
+	const response = await new SonarCloudClient(clientOptions).getHotspots(projectKey, pullRequest, status, page, pageSize);
+	const componentMap = /* @__PURE__ */ new Map();
+	for (const component of response.components ?? []) componentMap.set(component.key, component.path ?? component.longName ?? component.key);
+	const hotspots = response.hotspots.map((hotspot) => ({
+		file: extractFilePath(hotspot.component, projectKey, componentMap),
+		key: hotspot.key,
+		line: hotspot.line,
+		message: hotspot.message,
+		resolution: hotspot.resolution,
+		securityCategory: hotspot.securityCategory,
+		status: hotspot.status,
+		vulnerabilityProbability: hotspot.vulnerabilityProbability
+	}));
+	return {
+		analysisUrl: `${baseUrl}/project/security_hotspots?id=${encodeURIComponent(projectKey)}&pullRequest=${encodeURIComponent(pullRequest)}`,
+		hotspots,
+		page: response.paging.pageIndex,
+		pageSize: response.paging.pageSize,
+		projectKey,
+		pullRequest,
+		total: response.paging.total
+	};
+}
+function extractFilePath(componentKey, projectKey, componentMap) {
+	const mappedPath = componentMap.get(componentKey);
+	if (mappedPath) return mappedPath;
+	const prefix = `${projectKey}:`;
+	if (componentKey.startsWith(prefix)) return componentKey.slice(prefix.length);
+	return componentKey;
+}
+
+//#endregion
+//#region src/cli/commands/pr-hotspots.ts
+var pr_hotspots_exports = /* @__PURE__ */ __exportAll({
+	builder: () => builder$3,
+	command: () => command$3,
+	describe: () => describe$3,
+	handler: () => handler$3
+});
+const command$3 = "pr-hotspots <pullRequest> [projectKey]";
+const describe$3 = "Fetch security hotspots for a pull request";
+function builder$3(yargs) {
+	return yargs.positional("projectKey", {
+		describe: "Sonar project key (optional; auto-detected from sonar-project.properties)",
+		type: "string"
+	}).positional("pullRequest", {
+		coerce: (value) => String(value).trim(),
+		demandOption: "Provide a pull request key/id",
+		type: "string"
+	}).option("token", {
+		default: process.env.SONAR_TOKEN,
+		defaultDescription: "SONAR_TOKEN",
+		demandOption: "Provide --token or set SONAR_TOKEN",
+		type: "string"
+	}).option("baseUrl", {
+		alias: ["base-url", "url"],
+		coerce: (value) => String(value).replace(/\/$/, ""),
+		default: process.env.SONAR_BASE_URL ?? "https://sonarcloud.io",
+		defaultDescription: "SONAR_BASE_URL or https://sonarcloud.io",
+		type: "string"
+	}).option("projectKey", {
+		alias: ["project-key", "k"],
+		describe: "Sonar project key (overrides auto-detection)",
+		type: "string"
+	}).option("status", {
+		alias: "s",
+		choices: ["TO_REVIEW", "REVIEWED"],
+		default: "TO_REVIEW",
+		describe: "Filter hotspots by status",
+		type: "string"
+	}).option("page", {
+		alias: "p",
+		coerce: (value) => Math.max(1, Number(value)),
+		default: 1,
+		type: "number"
+	}).option("pageSize", {
+		alias: ["ps", "page-size"],
+		coerce: (value) => Math.min(500, Math.max(1, Number(value))),
+		default: 100,
+		type: "number"
+	}).option("json", {
+		default: false,
+		describe: "Print raw JSON for automation/agents",
+		type: "boolean"
+	});
+}
+async function handler$3(args) {
+	const projectKey = resolveProjectKey(args.projectKey);
+	const result = await getPullRequestHotspots({
+		baseUrl: args.baseUrl,
+		token: args.token
+	}, {
+		page: args.page,
+		pageSize: args.pageSize,
+		projectKey,
+		pullRequest: args.pullRequest,
+		status: args.status
+	});
+	if (args.json) {
+		process.stdout.write(`${JSON.stringify(result, null, 2)}\n`);
+		return;
+	}
+	const statusLabel = args.status === "TO_REVIEW" ? "unreviewed" : "reviewed";
+	process.stdout.write(`Found ${result.total} ${statusLabel} security hotspot(s) for PR ${result.pullRequest} (${result.projectKey})\n`);
+	if (result.hotspots.length === 0) {
+		process.stdout.write(`\nSee analysis details: ${result.analysisUrl}\n`);
+		return;
+	}
+	process.stdout.write("\n");
+	for (const hotspot of result.hotspots) {
+		const location = hotspot.line ? `${hotspot.file}:${hotspot.line}` : hotspot.file;
+		const resolutionInfo = hotspot.resolution ? ` (${hotspot.resolution})` : "";
+		process.stdout.write(`[${hotspot.vulnerabilityProbability}] ${hotspot.key}\n  ${location}\n  ${hotspot.message}${resolutionInfo}\n\n`);
+	}
+	process.stdout.write(`See analysis details: ${result.analysisUrl}\n`);
+}
+
+//#endregion
+//#region src/cli/commands/pr-issues.ts
+var pr_issues_exports = /* @__PURE__ */ __exportAll({
+	builder: () => builder$2,
+	command: () => command$2,
+	describe: () => describe$2,
+	handler: () => handler$2
+});
+const command$2 = "pr-issues <pullRequest> [projectKey]";
+const describe$2 = "Fetch SonarQube Cloud issue details for a pull request";
+function builder$2(yargs) {
+	return yargs.positional("projectKey", {
+		describe: "Sonar project key (optional; auto-detected from sonar-project.properties)",
+		type: "string"
+	}).positional("pullRequest", {
+		coerce: (value) => String(value).trim(),
+		demandOption: "Provide a pull request key/id",
+		type: "string"
+	}).option("token", {
+		default: process.env.SONAR_TOKEN,
+		defaultDescription: "SONAR_TOKEN",
+		demandOption: "Provide --token or set SONAR_TOKEN",
+		type: "string"
+	}).option("baseUrl", {
+		alias: ["base-url", "url"],
+		coerce: (value) => String(value).replace(/\/$/, ""),
+		default: process.env.SONAR_BASE_URL ?? "https://sonarcloud.io",
+		defaultDescription: "SONAR_BASE_URL or https://sonarcloud.io",
+		type: "string"
+	}).option("projectKey", {
+		alias: ["project-key", "k"],
+		describe: "Sonar project key (overrides auto-detection)",
+		type: "string"
+	}).option("page", {
+		alias: "p",
+		coerce: (value) => Math.max(1, Number(value)),
+		default: 1,
+		type: "number"
+	}).option("pageSize", {
+		alias: ["ps", "page-size"],
+		coerce: (value) => Math.min(500, Math.max(1, Number(value))),
+		default: 100,
+		type: "number"
+	}).option("json", {
+		default: false,
+		describe: "Print raw JSON for automation/agents",
+		type: "boolean"
+	});
+}
+async function handler$2(args) {
+	const projectKey = resolveProjectKey(args.projectKey);
+	const report = await getPullRequestIssues({
+		baseUrl: args.baseUrl,
+		token: args.token
+	}, {
+		page: args.page,
+		pageSize: args.pageSize,
+		projectKey,
+		pullRequest: args.pullRequest
+	});
+	if (args.json) {
+		process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);
+		return;
+	}
+	process.stdout.write(`Found ${report.total} open issue(s) in new code for PR ${report.pullRequest} (${report.projectKey})\n`);
+	if (report.issues.length === 0) {
+		process.stdout.write(`See analysis details: ${report.analysisUrl}\n`);
+		return;
+	}
+	for (const issue of report.issues) {
+		const location = issue.line ? `${issue.file}:${issue.line}` : issue.file;
+		process.stdout.write(`- [${issue.issueStatus}] ${issue.severity} ${issue.type} ${issue.rule} ${location} - ${issue.message}\n`);
+	}
+	process.stdout.write(`See analysis details: ${report.analysisUrl}\n`);
+}
+
+//#endregion
+//#region src/cli/commands/pr-report.ts
+var pr_report_exports = /* @__PURE__ */ __exportAll({
+	builder: () => builder$1,
+	command: () => command$1,
+	describe: () => describe$1,
+	handler: () => handler$1
+});
+const command$1 = "pr-report <pullRequest> [projectKey]";
+const describe$1 = "Fetch SonarQube Cloud details for a pull request";
+function builder$1(yargs) {
+	return yargs.positional("projectKey", {
+		describe: "Sonar project key (optional; auto-detected from sonar-project.properties)",
+		type: "string"
+	}).positional("pullRequest", {
+		coerce: (value) => String(value).trim(),
+		demandOption: "Provide a pull request key/id",
+		type: "string"
+	}).option("token", {
+		default: process.env.SONAR_TOKEN,
+		defaultDescription: "SONAR_TOKEN",
+		demandOption: "Provide --token or set SONAR_TOKEN",
+		type: "string"
+	}).option("baseUrl", {
+		alias: ["base-url", "url"],
+		coerce: (value) => String(value).replace(/\/$/, ""),
+		default: process.env.SONAR_BASE_URL ?? "https://sonarcloud.io",
+		defaultDescription: "SONAR_BASE_URL or https://sonarcloud.io",
+		type: "string"
+	}).option("projectKey", {
+		alias: ["project-key", "k"],
+		describe: "Sonar project key (overrides auto-detection)",
+		type: "string"
+	}).option("json", {
+		default: false,
+		describe: "Print raw JSON for automation/agents",
+		type: "boolean"
+	});
+}
+async function handler$1(args) {
+	const projectKey = resolveProjectKey(args.projectKey);
+	const report = await getPullRequestReport({
+		baseUrl: args.baseUrl,
+		token: args.token
+	}, {
+		projectKey,
+		pullRequest: args.pullRequest
+	});
+	if (args.json) {
+		process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);
+		return;
+	}
+	const qualityGate = report.qualityGateStatus === "OK" ? "Quality Gate passed" : `Quality Gate failed (${report.qualityGateStatus})`;
+	process.stdout.write(`${qualityGate}\n\n`);
+	if (report.failingQualityGateConditions.length > 0) {
+		process.stdout.write("Quality Gate Conditions\n");
+		for (const condition of report.failingQualityGateConditions) {
+			const metric = formatMetricLabel(condition.metricKey);
+			const threshold = condition.errorThreshold ?? "n/a";
+			const actual = condition.actualValue ?? "n/a";
+			process.stdout.write(`- ${metric}: actual=${actual}, threshold=${condition.comparator} ${threshold}\n`);
+		}
+		process.stdout.write("\n");
+	}
+	process.stdout.write("Issues\n");
+	process.stdout.write(`- ${report.issueCounts.newIssues} New issues\n`);
+	process.stdout.write(`- ${report.issueCounts.acceptedIssues} Accepted issues\n\n`);
+	process.stdout.write("Measures\n");
+	process.stdout.write(`- ${report.measures.securityHotspots} Security Hotspots\n`);
+	process.stdout.write(`- ${report.measures.coverageOnNewCode.toFixed(1)}% Coverage on New Code\n`);
+	process.stdout.write(`- ${report.measures.duplicationOnNewCode.toFixed(1)}% Duplication on New Code\n\n`);
+	process.stdout.write(`See analysis details: ${report.analysisUrl}\n`);
+}
+function formatMetricLabel(metricKey) {
+	switch (metricKey) {
+		case "new_coverage": return "Coverage on New Code";
+		case "new_duplicated_lines_density": return "Duplication on New Code";
+		case "new_security_hotspots_reviewed": return "Security Hotspots Reviewed on New Code";
+		case "new_reliability_rating": return "Reliability Rating on New Code";
+		case "new_security_rating": return "Security Rating on New Code";
+		case "new_maintainability_rating": return "Maintainability Rating on New Code";
+		default: return metricKey;
+	}
+}
+
+//#endregion
+//#region src/cli/commands/pr-review.ts
+var pr_review_exports = /* @__PURE__ */ __exportAll({
+	builder: () => builder,
+	command: () => command,
+	describe: () => describe,
+	handler: () => handler
+});
+const command = "pr-review <pullRequest> [projectKey]";
+const describe = "Review Sonar pull request issues with code context snippets";
+function builder(yargs) {
+	return yargs.positional("projectKey", {
+		describe: "Sonar project key (optional; auto-detected from sonar-project.properties)",
+		type: "string"
+	}).positional("pullRequest", {
+		coerce: (value) => String(value).trim(),
+		demandOption: "Provide a pull request key/id",
+		type: "string"
+	}).option("token", {
+		default: process.env.SONAR_TOKEN,
+		defaultDescription: "SONAR_TOKEN",
+		demandOption: "Provide --token or set SONAR_TOKEN",
+		type: "string"
+	}).option("baseUrl", {
+		alias: ["base-url", "url"],
+		coerce: (value) => String(value).replace(/\/$/, ""),
+		default: process.env.SONAR_BASE_URL ?? "https://sonarcloud.io",
+		defaultDescription: "SONAR_BASE_URL or https://sonarcloud.io",
+		type: "string"
+	}).option("projectKey", {
+		alias: ["project-key", "k"],
+		describe: "Sonar project key (overrides auto-detection)",
+		type: "string"
+	}).option("contextLines", {
+		alias: ["context", "C"],
+		coerce: (value) => Math.max(0, Number(value)),
+		default: 3,
+		type: "number"
+	}).option("page", {
+		alias: "p",
+		coerce: (value) => Math.max(1, Number(value)),
+		default: 1,
+		type: "number"
+	}).option("pageSize", {
+		alias: ["ps", "page-size"],
+		coerce: (value) => Math.min(500, Math.max(1, Number(value))),
+		default: 20,
+		type: "number"
+	}).option("json", {
+		default: false,
+		describe: "Print raw JSON for automation/agents",
+		type: "boolean"
+	});
+}
+async function handler(args) {
+	const projectKey = resolveProjectKey(args.projectKey);
+	const report = await getPullRequestReview({
+		baseUrl: args.baseUrl,
+		token: args.token
+	}, {
+		contextLines: args.contextLines,
+		page: args.page,
+		pageSize: args.pageSize,
+		projectKey,
+		pullRequest: args.pullRequest
+	});
+	if (args.json) {
+		process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);
+		return;
+	}
+	process.stdout.write(`Found ${report.total} open issue(s) in new code for PR ${report.pullRequest} (${report.projectKey})\n\n`);
+	for (const issue of report.issues) {
+		const location = issue.line ? `${issue.file}:${issue.line}` : issue.file;
+		process.stdout.write(`[${issue.issueStatus}] ${issue.severity} ${issue.type} ${issue.rule} ${location}\n${issue.message}\n`);
+		process.stdout.write(`Issue URL: ${issue.issueUrl}\n`);
+		if (issue.snippet) {
+			process.stdout.write("Context:\n");
+			for (const line of issue.snippet.lines) {
+				const marker = line.highlight ? ">" : " ";
+				process.stdout.write(`${marker} ${line.line.toString().padStart(4, " ")} | ${line.text}\n`);
+			}
+		} else if (issue.sourceError) process.stdout.write(`Context unavailable: ${issue.sourceError}\n`);
+		process.stdout.write("\n");
+	}
+	process.stdout.write(`See analysis details: ${report.analysisUrl}\n`);
+}
+
+//#endregion
+//#region src/cli/index.ts
+async function run(argv = process.argv) {
+	await yargs(hideBin(argv)).scriptName("sonar-sweep").env("SONAR").command(hotspot_review_exports).command(issue_accept_exports).command(pr_coverage_exports).command(pr_hotspots_exports).command(pr_issues_exports).command(pr_report_exports).command(pr_review_exports).demandCommand(1, "Provide a command").strict().help().fail((message, error, yargsInstance) => {
+		if (error) {
+			process.stderr.write(`${error.message}\n`);
+			process.exit(1);
+		}
+		process.stderr.write(`${message}\n`);
+		yargsInstance.showHelp();
+		process.exit(1);
+	}).parseAsync();
+}
+
+//#endregion
+export { run as t };

package/dist/cli.d.mts

@@ -0,0 +1 @@
+export { };

package/dist/cli.mjs

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+import { t as run } from "./cli-BMrnoS5Q.mjs";
+
+//#region src/cli.ts
+try {
+	await run(process.argv);
+} catch (error) {
+	const message = error instanceof Error ? error.message : String(error);
+	process.stderr.write(`${message}\n`);
+	process.exit(1);
+}
+
+//#endregion
+export {  };