@jonathan0823/pi-sonarqube
v0.7.0
Published
SonarQube extension for Pi — run local analysis and browse issues.
Maintainers
Readme
pi-sonarqube
A Pi extension to run local SonarQube analysis and browse the resulting issues — all from within Pi.
Requirements
- Pi installed
- A running SonarQube server (e.g.
http://localhost:9000) sonar-scanneravailable in$PATH
Install
pi install npm:@jonathan0823/pi-sonarqubeOr add it to your settings.json:
{
"packages": ["npm:@jonathan0823/pi-sonarqube"]
}Then /reload in Pi.
Quick start
1. Init project config
Inside a project directory, run:
/sonarqube initFor monorepos, you can point at a path directly:
/sonarqube init apps/web
/sonarqube init apps/apiPi will ask you for:
- SonarQube server URL (prefilled with
http://localhost:9000) - Project key (default: derived from directory name)
- Token (optional, used when your server requires auth)
The config is saved to <project>/.pi/sonarqube.json.
2. Run analysis
/sonarqube analyze
/sonarqube analyze apps/web
/sonarqube analyze apps/apiPi will:
- Run
sonar-scanneragainst your server - Wait for the analysis to complete
- Fetch the latest issues
- Return a concise summary with issues and duplication metrics
3. Browse issues
/sonarqube issues
/sonarqube issues apps/webUse Up/Down to move, Enter to preview the affected source code, Esc to close, and type to search by file, rule, severity, status, or message.
Tip: Tab-complete /sonarqube subcommands and filters in the editor.
4. View project metrics
/sonarqube metrics
/sonarqube metrics apps/webShows coverage percentage, duplicated lines, and issue severity breakdown — no scanner needed.
5. Browse duplicated files
/sonarqube duplications
/sonarqube duplications apps/webUse Up/Down to move, Enter for block locations and line ranges, and type to search by file path or duplication stats. Pass a file number directly to skip the browser: /sonarqube duplications 1.
6. Open a specific issue
/sonarqube open 3
/sonarqube open apps/web 3Commands
| Command | Description |
| -------------------------------- | ----------------------------------------------- |
| /sonarqube init [path] | Set up project config for a path |
| /sonarqube analyze [target] | Run analysis and show issues + duplication metrics |
| /sonarqube issues [target] | Browse the latest analysis results for a target |
| /sonarqube metrics [target] | Show project metrics (coverage %, duplication %, issue counts, no scanner) |
| /sonarqube duplications [target] | Browse duplicated files and blocks with drill-down |
| /sonarqube open [target] <n> | Preview source at issue #n |
Tool (for the LLM)
The extension also registers a sonarqube tool that the LLM can call with actions:
analyze— run analysisissues— list issuesmetrics— show project-level coverage, duplication & issue countsduplications— list duplicated files and block detailsopen— open an issue with its index
The tool accepts optional issue filters (severities, statuses, types, rules, softwareQualities, impactSeverities) so the agent can fetch just the most relevant issues.
Filter families
SonarQube supports two filter families depending on the server mode:
- Standard Experience (legacy):
type(BUG, VULNERABILITY, CODE_SMELL) andseverity(BLOCKER, CRITICAL, MAJOR, MINOR, INFO) - MQR mode:
quality(MAINTAINABILITY, RELIABILITY, SECURITY) andimpactSeverity(BLOCKER, HIGH, MEDIUM, LOW, INFO)
Both families can be used from the /sonarqube issues command:
/sonarqube issues type:BUG
/sonarqube issues severity:CRITICAL status:OPEN
/sonarqube issues quality:RELIABILITY
/sonarqube issues quality:SECURITY impactSeverity:HIGHImportant: Legacy filters and MQR filters cannot be combined in the same query. If you mix them (e.g., type:BUG quality:SECURITY), you'll see an error telling you to pick one family.
The server mode is auto-detected via the api/v2/clean-code-policy/mode endpoint and cached per session.
Use paths directly.
Configuration sources (precedence order)
- Environment variables (highest)
SONARQUBE_URL/SONAR_HOST_URLSONARQUBE_TOKEN/SONAR_TOKENSONAR_PROJECT_KEY
- Project config —
.pi/sonarqube.json(set via/sonarqube init) - Scan properties —
sonar-project.properties - Defaults —
http://localhost:9000, project key from directory slug
Project structure
packages/pi-sonarqube/
├── src/
│ └── index.ts # Extension source + init command + config
├── dist/
│ ├── index.js # Compiled output
│ ├── index.d.ts # Type declarations
│ └── index.js.map # Source map
├── fixtures/
│ ├── issue-project/ # Test project with known issues
│ └── clean-project/ # Test project with no issues
├── README.md
├── LICENSE
├── package.json
└── tsconfig.jsonContributing
See CONTRIBUTING.md.
License
MIT
