Skip to content

CLI-131 fix: Apply 1 SonarQube suggestion#92

Open
sonarqube-agent[bot] wants to merge 7 commits intomasterfrom
sonarqube-suggestions/23281-1773163517
Open

CLI-131 fix: Apply 1 SonarQube suggestion#92
sonarqube-agent[bot] wants to merge 7 commits intomasterfrom
sonarqube-suggestions/23281-1773163517

Conversation

@sonarqube-agent
Copy link

@sonarqube-agent sonarqube-agent bot commented Mar 10, 2026

This PR includes automated code changes to address 1 SonarQube issues: MAJOR (1).

View Project in SonarCloud

Fixed Issues

typescript:S107 - Async function 'runFinalVerification' has too many parameters (8). Maximum allowed is 7. • MAJORView issue

Location: src/cli/commands/integrate/claude/index.ts:439

Why is this an issue?

Why is this an issue?

Functions with a long parameter list are difficult to use because maintainers must figure out the role of each parameter and keep track of their position.

View this code on SonarQube Cloud

The solution can be to:

  • Split the function into smaller ones 
View this code on SonarQube Cloud
  • Find a better data structure for the parameters that group data in a way that makes sense for the specific application domain 
View this code on SonarQube Cloud

This rule raises an issue when a function has more parameters than the provided threshold.

Exceptions

The rule ignores TypeScript parameter properties when counting parameters:

View this code on SonarQube Cloud

The rule also ignores Angular component constructors:

View this code on SonarQube Cloud

Resources

Documentation

What changed

Defines the FinalVerificationParams interface that groups all 8 parameters of runFinalVerification into a single object type. This provides the data structure needed to refactor the function signature from 8 individual parameters down to one, resolving the 'too many parameters' code smell.

Directly fixes the 'too many parameters' issue by replacing the 8 individual parameters of runFinalVerification with a single params: FinalVerificationParams object parameter. The parameters are then destructured inside the function body, preserving the same internal logic while reducing the parameter count from 8 to 1.

Updates the first call site of runFinalVerification to pass an object literal (opening {) instead of positional arguments, matching the new single-parameter signature that fixes the 'too many parameters' issue.

At the first call site, converts the positional argument projectInfo.root to the named property projectRoot: projectInfo.root within the object literal, since the parameter name differs from the expression being passed. This is required for the refactored function signature.

Closes the object literal at the first call site by changing ); to });, completing the conversion from positional arguments to a single object parameter.

Updates the second call site of runFinalVerification to pass an object literal (opening {) instead of positional arguments, matching the new single-parameter signature that fixes the 'too many parameters' issue.

At the second call site, converts the positional argument projectInfo.root to the named property projectRoot: projectInfo.root within the object literal, since the parameter name differs from the expression being passed. This is required for the refactored function signature.

Closes the object literal at the second call site by changing ); to });, completing the conversion from positional arguments to a single object parameter.

--- a/src/cli/commands/integrate/claude/index.ts
+++ b/src/cli/commands/integrate/claude/index.ts
@@ -435,0 +436,11 @@ function printFinalVerificationResults(
+interface FinalVerificationParams {
+  serverURL: string;
+  token: string;
+  projectKey: string | undefined;
+  hooksRoot: string;
+  config: ConfigurationData;
+  projectRoot: string;
+  isGlobal: boolean;
+  a3sEnabled: boolean;
+}
+

--- a/src/cli/commands/integrate/claude/index.ts
+++ b/src/cli/commands/integrate/claude/index.ts
@@ -439,10 +450,4 @@ function printFinalVerificationResults(
-async function runFinalVerification(
-  serverURL: string,
-  token: string,
-  projectKey: string | undefined,
-  hooksRoot: string,
-  config: ConfigurationData,
-  projectRoot: string,
-  isGlobal: boolean,
-  a3sEnabled: boolean,
-): Promise<void> {
+async function runFinalVerification(params: FinalVerificationParams): Promise<void> {
+  const { serverURL, token, projectKey, hooksRoot, config, projectRoot, isGlobal, a3sEnabled } =
+    params;
+

--- a/src/cli/commands/integrate/claude/index.ts
+++ b/src/cli/commands/integrate/claude/index.ts
@@ -511,1 +516,1 @@ async function runFullSonarIntegration(
-      await runFinalVerification(
+      await runFinalVerification({

--- a/src/cli/commands/integrate/claude/index.ts
+++ b/src/cli/commands/integrate/claude/index.ts
@@ -517,1 +522,1 @@ async function runFullSonarIntegration(
-        projectInfo.root,
+        projectRoot: projectInfo.root,

--- a/src/cli/commands/integrate/claude/index.ts
+++ b/src/cli/commands/integrate/claude/index.ts
@@ -520,1 +525,1 @@ async function runFullSonarIntegration(
-      );
+      });

--- a/src/cli/commands/integrate/claude/index.ts
+++ b/src/cli/commands/integrate/claude/index.ts
@@ -548,1 +553,1 @@ async function runFullSonarIntegration(
-  await runFinalVerification(
+  await runFinalVerification({

--- a/src/cli/commands/integrate/claude/index.ts
+++ b/src/cli/commands/integrate/claude/index.ts
@@ -554,1 +559,1 @@ async function runFullSonarIntegration(
-    projectInfo.root,
+    projectRoot: projectInfo.root,

--- a/src/cli/commands/integrate/claude/index.ts
+++ b/src/cli/commands/integrate/claude/index.ts
@@ -557,1 +562,1 @@ async function runFullSonarIntegration(
-  );
+  });

SonarQube Remediation Agent uses AI. Check for mistakes.

DISCLAIMER: Remediation Agent will not be triggered again on this (self authored) PR

kirill-knize-sonarsource and others added 7 commits March 10, 2026 16:42
@kirill-knize-sonarsource
CLI-103 Hooks call full analysis pipeline: migration, state registry,…
1f6e21a 
… integrate update

- Add agentExtensions registry to CliState with upsertAgentExtension and
  findExtensionsByProject helpers; migrate existing state files on load
- Add migration system that rewrites legacy hook configs to the full
  analysis pipeline (secrets + A3S); invoked from integrate command
- Update hook templates and hooks installer to support the full pipeline
- Update integrate claude to run migrations and register the sonar-a3s
  PostToolUse extension in the agentExtensions registry
@kirill-knize-sonarsource
CLI-59 Add analyze file and analyze a3s commands with A3S API integra…
0924ea1 
…tion

- Add analyzeFile API method to SonarQubeClient (SonarQube Cloud only,
  calls api.sonarcloud.io/a3s-analysis/analyses); add SONAR_CLI_SONARCLOUD_API_URL
  env var override for test environments
- Add connectionType field to ResolvedAuth so callers can determine
  cloud vs on-premise without a second loadState() call
- Add analyze a3s subcommand for standalone A3S analysis on a single file
- Add analyze <file> full pipeline command: secrets scan → A3S analysis;
  secrets detection short-circuits A3S to avoid false positives
- Fix: omit branchName from request when not provided (null caused 400)
- Fix: return "--file is required" error when --file flag is missing
- Add unit tests (analyze-a3s) and integration tests with fake server;
  extend test harness with withA3sExtension, A3S endpoint, macOS
  symlink normalization (realpathSync), and SONAR_CLI_SONARCLOUD_API_URL injection
@kirill-knize-sonarsource
CLI-103 Refactor hooks: bash-only scripts, per-hook installHook primi…
448ffdd 
…tive

- Replace python3 JSON parsing in bash hooks with grep/cut (no external runtimes)
- Extract installHook() as atomic primitive with per-hook installDir and scope
- Per-hook scope ('global'|'project') replaces single isGlobal flag across all hooks
- A3S hook always installs to projectRoot; secrets hooks follow globalDir when set
- Rename installSecretScanningHooks → installHooks across all call sites
- Derive upsert marker from scriptPath first segment; unify scriptSubdir+scriptName → scriptPath
- Update and fix tests to reflect new routing behavior
@kirill-knize-sonarsource
rebase
3e0cd06
@kirill-knize-sonarsource
A3S entitlement check
5259d65
@kirill-knize-sonarsource
fix test
0e8e829
@sonarqube-agent
fix: Commit 1 - Fully fix typescript:S107
4bc2425 
Commit 1 of SonarQube suggestions

Fully fixed issues:
- [typescript:S107] AZzYxV7OXN7jUgP8c5rJ: Async function 'runFinalVerification' has too many parameters (8). Maximum allowed is 7.

Generated by SonarQube Agent
@sonarqube-agent sonarqube-agent bot mentioned this pull request Mar 10, 2026
Merged
@hashicorp-vault-sonar-prod hashicorp-vault-sonar-prod bot changed the title fix: Apply 1 SonarQube suggestion CLI-131 fix: Apply 1 SonarQube suggestion Mar 10, 2026
@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Mar 10, 2026
edited by atlassian bot
Loading

CLI-131

@kirill-knize-sonarsource kirill-knize-sonarsource force-pushed the feature/kk/CLI-98-A3S-Claude-Code-integration branch 6 times, most recently from 9140621 to ee3a753 Compare March 11, 2026 18:45
Base automatically changed from feature/kk/CLI-98-A3S-Claude-Code-integration to master March 12, 2026 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kirill-knize-sonarsource kirill-knize-sonarsource Awaiting requested review from kirill-knize-sonarsource

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

failed-qg-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kirill-knize-sonarsource