CLI-77 Auto-install sonar-secrets during sonar integrate claude by kirill-knize-sonarsource · Pull Request #114 · SonarSource/sonarqube-cli

kirill-knize-sonarsource · 2026-03-17T14:02:33Z

No description provided.

sonar-review-alpha · 2026-03-17T14:02:38Z

Summary

Removes the standalone sonar install secrets command and automatically installs sonar-secrets during sonar integrate claude. This simplifies the integration flow by making the tool installation an implicit part of the setup process rather than requiring a separate manual step.

What reviewers should know

Review focus: The core change is in src/cli/commands/integrate/claude/index.ts where performSecretInstall() is now called early in the integration workflow. The InstallSecretsOptions type and installSecrets() function still exist (in src/cli/commands/install/secrets.ts) but are no longer exposed as a CLI command—they're now only used internally. Tests have been updated to reflect this: the standalone install tests are deleted, and existing integrate tests now mock the binary as pre-installed. Two new test cases verify the auto-install behavior (downloads when missing, skips when already present). The imports in command-tree.ts have been simplified accordingly.

Generate Walkthrough
Generate Diagram

🗣️ Give feedback

hashicorp-vault-sonar-prod · 2026-03-17T14:02:49Z

CLI-77

sonar-review-alpha

Conclusion: Two real bugs introduced by the call to performSecretInstall in the integrate flow: an unhandled failure path that can block the entire integration, and a stale user-facing message that references a command that no longer exists.

🗣️ Give feedback

src/cli/commands/integrate/claude/index.ts

sonar-review-alpha

Conclusion

The auto-install idea is solid, but there are two bugs that need fixing before merge: a misleading phase label and several stale error messages pointing users to a command that no longer exists.

SonarCloud recommendations

None.

SonarCloud false positives

None.

🗣️ Give feedback

src/cli/commands/integrate/claude/index.ts

src/cli/commands/install/secrets.ts

sonar-review-alpha

Conclusion

Three of the four previously flagged issues are now resolved, but the stale sonar install secrets references remain unfixed across both install/secrets.ts and analyze/secrets.ts.

🗣️ Give feedback

sonarqubecloud · 2026-03-19T18:14:03Z

SonarQube reviewer guide

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
95.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonar-review-alpha

LGTM! ✅

🗣️ Give feedback

sonar-review-alpha bot reviewed Mar 17, 2026

View reviewed changes

src/cli/commands/integrate/claude/index.ts Outdated Show resolved Hide resolved

src/cli/commands/integrate/claude/index.ts Outdated Show resolved Hide resolved

kirill-knize-sonarsource force-pushed the feature/kk/CLI-77-auto-install-secrets-on-integrate branch from 1542544 to e376d65 Compare March 19, 2026 16:42

sonar-review-alpha bot reviewed Mar 19, 2026

View reviewed changes

src/cli/commands/integrate/claude/index.ts Outdated Show resolved Hide resolved

src/cli/commands/install/secrets.ts Show resolved Hide resolved

CLI-77 Auto-install sonar-secrets during sonar integrate claude

8cdf293

kirill-knize-sonarsource force-pushed the feature/kk/CLI-77-auto-install-secrets-on-integrate branch from fe34f23 to 8cdf293 Compare March 19, 2026 17:56

sonar-review-alpha bot reviewed Mar 19, 2026

View reviewed changes

remove install secrets references

b1b6f95

sonar-review-alpha bot reviewed Mar 19, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CLI-77 Auto-install sonar-secrets during sonar integrate claude#114

CLI-77 Auto-install sonar-secrets during sonar integrate claude#114
kirill-knize-sonarsource wants to merge 2 commits intomasterfrom
feature/kk/CLI-77-auto-install-secrets-on-integrate

kirill-knize-sonarsource commented Mar 17, 2026

Uh oh!

sonar-review-alpha bot commented Mar 17, 2026 •

edited

Loading

Uh oh!

hashicorp-vault-sonar-prod bot commented Mar 17, 2026 •

edited by atlassian bot

Loading

Uh oh!

sonar-review-alpha bot left a comment

Uh oh!

Uh oh!

Uh oh!

sonar-review-alpha bot left a comment

Uh oh!

Uh oh!

Uh oh!

sonar-review-alpha bot left a comment

Uh oh!

sonarqubecloud bot commented Mar 19, 2026

Uh oh!

sonar-review-alpha bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

kirill-knize-sonarsource commented Mar 17, 2026

Uh oh!

sonar-review-alpha bot commented Mar 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

What reviewers should know

Uh oh!

hashicorp-vault-sonar-prod bot commented Mar 17, 2026 • edited by atlassian bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

Uh oh!

sonarqubecloud bot commented Mar 19, 2026

SonarQube reviewer guide

Quality Gate passed

Uh oh!

sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

sonar-review-alpha bot commented Mar 17, 2026 •

edited

Loading

hashicorp-vault-sonar-prod bot commented Mar 17, 2026 •

edited by atlassian bot

Loading