SonarQube

Analyzes code snippets directly within the agent context using SonarLint's embedded RPC engine, without requiring a SonarQube server roundtrip. The BackendService orchestrates communication with SonarLint's analysis daemon, caching analyzer plugins locally via the sqplugins dependency configuration and storing results in a configurable STORAGE_PATH directory. This enables synchronous, low-latency code quality checks for inline development workflows.

Fetches code quality issues from a remote SonarQube instance (Cloud or Server) via HTTP REST API, with filtering by project, branch, severity, type, and status. The ServerApi layer handles token-based authentication and pagination, returning structured issue metadata including rule descriptions, effort estimates, and assignee information. Supports both organization-scoped queries (Cloud) and server-wide queries (Server), enabling agents to surface relevant issues in development context.

Implements comprehensive error handling for both local (SonarLint RPC) and remote (SonarQube API) failures, with structured logging of RPC calls and responses. The system catches exceptions from both backends and translates them into MCP-compatible error responses, logging diagnostic information for troubleshooting. Error responses include error codes and messages that help clients understand failure reasons (authentication, network, validation, etc.).

Uses Gradle build system (build.gradle.kts) to manage dependencies, compile Java source, run tests, and package the application as a fat JAR with all dependencies included. The build system defines sqplugins configuration for analyzer dependencies, test framework setup (JUnit), and CI/CD integration points. Build outputs include executable JAR and Docker image artifacts ready for deployment.

Queries SonarQube instance to retrieve project metadata including key, name, visibility, last analysis date, and available branches. The ServerApi layer fetches this data via REST endpoints and caches results to minimize API calls. Enables agents to discover projects within an organization and select appropriate analysis targets without manual configuration.

Retrieves and evaluates quality gate status for a project/branch from SonarQube, returning pass/fail status and detailed condition results (coverage thresholds, duplication limits, etc.). The ServerApi queries the quality gates endpoint and parses condition metrics, enabling agents to make go/no-go decisions for deployments or code reviews based on predefined quality criteria.

Registers all analysis and API tools as MCP-compliant tool definitions with schema validation, and executes tool calls via the SonarQubeMcpServer's tool dispatcher. The system uses the MCP Tool interface to expose tools with JSON schema input validation, enabling AI clients (Claude, other LLMs) to discover and invoke tools with type-safe parameters. Tool execution is routed to either BackendService (local analysis) or ServerApi (remote queries) based on tool type.

Orchestrates analysis requests across two distinct backends: BackendService for local SonarLint analysis and ServerApi for remote SonarQube queries. The SonarQubeMcpServer class routes tool calls based on analysis type (snippet vs project-wide), managing separate authentication, caching, and error handling for each backend. This architecture enables seamless switching between local and remote analysis without client-side logic.

Supports deployment via Docker containers and standalone JAR execution, with environment variable and system property configuration for both modes. The build system (Gradle) generates a fat JAR with all dependencies included, and Docker configuration enables stateless container deployment with volume mounts for STORAGE_PATH. Both deployment modes use identical configuration mechanisms, enabling consistent behavior across environments.

Manages SonarQube authentication via token-based credentials stored in SONARQUBE_TOKEN environment variable. The ServerApi layer includes the token in HTTP Authorization headers for all remote API calls, supporting both SonarQube Cloud and Server instances. Token validation is implicit — invalid tokens result in 401/403 API responses that are propagated to clients.

Manages SonarLint analyzer plugins via Gradle's sqplugins dependency configuration, automatically downloading and caching language-specific analyzers (Java, Python, JavaScript, etc.) in the STORAGE_PATH directory. The BackendService initializes the SonarLint RPC daemon with configured plugins, enabling multi-language analysis without manual plugin installation. Plugin versions are pinned in build.gradle.kts and updated via dependency management.

Implements Model Context Protocol communication via standard input/output streams using StdioServerTransportProvider, enabling MCP clients to communicate with the server through stdin/stdout without requiring network sockets. The transport layer handles JSON-RPC message serialization/deserialization and bidirectional communication, making the server compatible with any MCP client that supports stdio transport.