pi-sonar

SonarQube integration for pi coding agent — tools, skills, and workflows for finding and fixing sonar issues

Package details

← Back

extensionskill

Install pi-sonar from npm and Pi will load the resources declared by the package manifest.

npm report

$ pi install npm:pi-sonar

Package: pi-sonar
Version: 0.1.0
Published: Apr 17, 2026
Downloads: 115/mo · 4/wk
Author: dxvapor
License: MIT
Types: extension, skill
Size: 30.5 KB
Dependencies: 0 dependencies · 0 peers

Pi manifest JSON

{
  "extensions": [
    "./extensions"
  ],
  "skills": [
    "./skills"
  ]
}

Security note

Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.

README

pi-sonar

SonarQube integration for pi coding agent. Gives AI tools to find and fix sonar issues, with /sonar command for common workflows.

What it adds

Tools (for AI)

Tool	What it does
`sonar_list_issues`	List project issues — filter by severity, branch, or PR
`sonar_verify_file`	Check a specific file after editing
`sonar_analyze_secrets`	Scan for hardcoded secrets

Skill

sonar-cli — loaded automatically when you ask about sonar issues. Teaches AI the full CLI reference and fix workflows.

Command

/sonar — manual trigger for common workflows:

/sonar status              — show detected sonar config
/sonar list                — list all open issues
/sonar list CRITICAL       — filter by severity
/sonar fix                 — fix all open issues (AI-driven)
/sonar pr <id>             — issues introduced by a PR
/sonar branch <name>       — issues on a branch
/sonar secrets             — scan for hardcoded secrets

Install

# Global install
pi install git:github.com/yourusername/pi-sonar

# Project-local
pi install -l git:github.com/yourusername/pi-sonar

Or during development (from this directory):

pi install ./

Project Configuration

The extension auto-detects your sonar project from:

sonar-project.properties — reads sonar.projectKey, sonar.host.url, sonar.organization
.sonarcloud.properties — reads sonar.projectKey, sonar.organization

If neither exists, pass the project parameter directly to the tools, or create one:

# sonar-project.properties
sonar.projectKey=my-project-key
sonar.host.url=https://my-sonarqube.io   # omit for SonarQube Cloud
sonar.organization=my-org-key             # required for SonarQube Cloud

Authentication

Authenticate once with the sonar CLI:

# SonarQube Cloud
sonar auth login -o my-org

# Self-hosted
sonar auth login -s https://my-sonarqube.io --with-token squ_abc123

Check status:

sonar auth status

Requirements

sonar CLI installed — see SonarQube CLI docs
Authenticated via sonar auth login

Typical Workflows

Before a commit

/sonar secrets          → scan for secrets
/sonar list             → check for new issues

During a PR review

/sonar pr 42            → see issues introduced by PR #42
                        → AI offers to fix them

Fix everything

/sonar fix              → AI lists all issues, fixes each file, verifies each fix

Natural language

Just ask pi directly — the skill auto-loads:

"Fix all the sonar issues on this branch"
"Are there any critical sonar issues in this project?"
"Check if src/auth.ts has sonar issues after I just edited it"