Skip to content

MCP-284 Make anonymous requests for plugins download for SQC #207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nquinquenel wants to merge 1 commit into
base: master
Choose a base branch
from
Open

MCP-284 Make anonymous requests for plugins download for SQC #207

nquinquenel wants to merge 1 commit into from
+63 −24

Conversation

@nquinquenel
Copy link
Member

@nquinquenel nquinquenel commented Feb 11, 2026

No description provided.

@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Feb 11, 2026
edited by atlassian bot
Loading

MCP-284

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 11, 2026

SonarQube reviewer guide

Review in SonarQube

Summary: Make SonarQube token optional in HTTP mode for SonarQube Cloud, since plugin and version check endpoints don't require authentication.

Review Focus:

  • Token validation logic in McpServerLaunchConfiguration - ensures token is only required for stdio mode or SonarQube Server, not for SonarQube Cloud HTTP mode
  • PluginsApi changes - uses anonymous HTTP calls on SonarQube Cloud vs authenticated calls on Server
  • HttpClientAdapter constructor consolidation - unifies token and bridge client handling into single constructor
  • Null safety annotations (@Nullable) added to token-related methods

Start review at: McpServerLaunchConfiguration.java. This file contains the core validation logic that determines when a token is required. Understanding the new token optionality rules here is essential before reviewing how this affects downstream HTTP client creation and API calls.

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
83.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nquinquenel nquinquenel marked this pull request as ready for review February 12, 2026 09:44
sophio-japharidze-sonarsource
sophio-japharidze-sonarsource reviewed Feb 12, 2026
View reviewed changes
src/main/java/org/sonarsource/sonarqube/mcp/serverapi/ServerApi.java

public PluginsApi pluginsApi() {
return new PluginsApi(helper);
return new PluginsApi(helper, isSonarCloud);
Copy link
Contributor

@sophio-japharidze-sonarsource sophio-japharidze-sonarsource Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like it would be easier if isSonarCloud() was part of ServerApiHelper class. It would also make PluginsApi changes easier. No strong opinion though.

sophio-japharidze-sonarsource
sophio-japharidze-sonarsource approved these changes Feb 12, 2026
View reviewed changes
Copy link
Contributor

@sophio-japharidze-sonarsource sophio-japharidze-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sophio-japharidze-sonarsource sophio-japharidze-sonarsource sophio-japharidze-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nquinquenel @sophio-japharidze-sonarsource