BOTOOM · BOTOOM · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026
@@ -0,0 +1,44 @@
+---
+description: SonarQube MCP Server usage guidelines
+globs:
+alwaysApply: true
+---
+
+These are some guidelines when using the SonarQube MCP server.
+
+# Important Tool Guidelines
+
+## Basic usage
+- **IMPORTANT**: After you finish generating or modifying any code files at the very end of the task, you MUST call the `analyze_file_list` tool (if it exists) to analyze the files you created or modified.
+- **IMPORTANT**: When starting a new task, you MUST disable automatic analysis with the `toggle_automatic_analysis` tool if it exists.
+- **IMPORTANT**: When you are done generating code at the very end of the task, you MUST re-enable automatic analysis with the `toggle_automatic_analysis` tool if it exists.
+
+## Project Keys
+- When a user mentions a project key, use `search_my_sonarqube_projects` first to find the exact project key
+- Don't guess project keys - always look them up
+
+## Code Language Detection
+- When analyzing code snippets, try to detect the programming language from the code syntax
+- If unclear, ask the user or make an educated guess based on syntax
+
+## Branch and Pull Request Context
+- Many operations support branch-specific analysis
+- If user mentions working on a feature branch, include the branch parameter
+
+## Code Issues and Violations
+- After fixing issues, do not attempt to verify them using `search_sonar_issues_in_projects`, as the server will not yet reflect the updates
+
+# Common Troubleshooting
+
+## Authentication Issues
+- SonarQube requires USER tokens (not project tokens)
+- When the error `SonarQube answered with Not authorized` occurs, verify the token type
+
+## Project Not Found
+- Use `search_my_sonarqube_projects` to find available projects
+- Verify project key spelling and format
+
+## Code Analysis Issues
+- Ensure programming language is correctly specified
+- Remind users that snippet analysis doesn't replace full project scans
+- Provide full file content for better analysis results
@@ -50,7 +50,8 @@
   },
   "dependencies": {
     "@fastify/cors": "^10.0.2",
-    "@github/copilot-sdk": "^0.1.28",
+    "@github/copilot": "^1.0.7",
+    "@github/copilot-sdk": "^0.1.32",
     "better-sqlite3": "^11.7.0",
     "drizzle-orm": "^0.38.4",
     "fastify": "^5.8.1",

@@ -0,0 +1,3 @@
+export const banner = {
+  js: "import { createRequire as __createRequire } from 'module';\nconst require = __createRequire(import.meta.url);"
+};
@@ -0,0 +1,3 @@
+import { createRequire } from 'module';
+const require = createRequire(import.meta.url);
+globalThis.require = require;
@@ -8,6 +8,7 @@ export default defineConfig({
   format: ['esm'],
   target: 'node20',
   platform: 'node',
+  shims: true,
   sourcemap: true,
   clean: true,
   splitting: true,
@@ -19,7 +20,8 @@ export default defineConfig({
     'sharp',
   ],
   banner: {
-    // shebang for CLI entry point is added via esbuild plugin below
+    // Inject a require polyfill for bundled CJS modules that use require('util') etc.
+    js: `import { createRequire as __createRequire } from 'module';\nif (typeof require === 'undefined') { globalThis.require = __createRequire(import.meta.url); }`,
   },
   esbuildPlugins: [
     {