CLI-52 Fix typos in help and error messages

[kirill-knize-sonarsource]

• Fix wrong command hints: 'sonar secret install' → 'sonar install secrets'
• Fix wrong command hints: 'sonar secret status' → 'sonar install secrets --status'
• Fix auth error message: replace env var instructions with 'sonar auth login'
• Fix 'Press any key' prompt: rename to pressEnterKeyPrompt, implement raw stdin so only Enter advances and all other keys are silently consumed
• Fix misleading 404 error: map HTTP 403/404 to 'Access denied' message (SonarQube servers return 404 in place of 403 for auth failures)

[sonarqube-agent]

Remediation Agent Summary 📊

🤖 To review: Fixes are ready for 5 of 5 issues found.

💪 Save time: Applying these fixes could save you an estimated 25 minutes.

Suggested fixes (5)

Quality	Issue	Status
Maintainability 🟠 Medium	No magic number: 403. Why is this an issue? 🛠️ Suggested Fix [1] Defines named constants HTTP_FORBIDDEN = 403 and HTTP_NOT_FOUND = 404 at the top of the file. These constant assignments provide meaningful names for the HTTP status codes, enabling the replacement of the inline magic numbers. Since these are variable assignments, they are excluded from the magic number rule. This indirectly supports fixing the magic number 403 warning and the magic number 404 warning by providing the named constants that will be used in their place. 🛠️ Suggested Fix [2] Directly fixes the magic number warnings by replacing the hard-coded numeric literal 403 with the named constant HTTP_FORBIDDEN and replacing the hard-coded numeric literal 404 with the named constant HTTP_NOT_FOUND in the response status check. This resolves the 'No magic number: 403' code smell and the 'No magic number: 404' code smell that were both reported on line 61 of client.ts, making the code more readable and maintainable. View this issue in SonarQube Cloud	Fix 1
Maintainability 🟠 Medium	No magic number: 404. Why is this an issue? 🛠️ Suggested Fix [1] Defines named constants HTTP_FORBIDDEN = 403 and HTTP_NOT_FOUND = 404 at the top of the file. These constant assignments provide meaningful names for the HTTP status codes, enabling the replacement of the inline magic numbers. Since these are variable assignments, they are excluded from the magic number rule. This indirectly supports fixing the magic number 403 warning and the magic number 404 warning by providing the named constants that will be used in their place. 🛠️ Suggested Fix [2] Directly fixes the magic number warnings by replacing the hard-coded numeric literal 403 with the named constant HTTP_FORBIDDEN and replacing the hard-coded numeric literal 404 with the named constant HTTP_NOT_FOUND in the response status check. This resolves the 'No magic number: 403' code smell and the 'No magic number: 404' code smell that were both reported on line 61 of client.ts, making the code more readable and maintainable. View this issue in SonarQube Cloud	Fix 2
Maintainability 🟠 Medium	No magic number: 0x03. Why is this an issue? 🛠️ Suggested Fix [1] Defines named constants (CTRL_C_BYTE = 0x03, CR_BYTE = 0x0d, LF_BYTE = 0x0a, CTRL_C_EXIT_CODE = 130) to replace the magic numbers used inline. Since assignments are excluded from the magic number rule, declaring these as constants is acceptable and provides the named references that the other hunks use to eliminate the magic number warnings. 🛠️ Suggested Fix [2] Replaces the magic number 0x03 (the Ctrl+C byte value) with the named constant CTRL_C_BYTE, eliminating the hard-coded numerical value that lacked context and triggered the magic number warning for 0x03 in the key-press check. View this issue in SonarQube Cloud	Fix 3
Maintainability 🟠 Medium	No magic number: 130. Why is this an issue? 🛠️ Suggested Fix [1] Defines named constants (CTRL_C_BYTE = 0x03, CR_BYTE = 0x0d, LF_BYTE = 0x0a, CTRL_C_EXIT_CODE = 130) to replace the magic numbers used inline. Since assignments are excluded from the magic number rule, declaring these as constants is acceptable and provides the named references that the other hunks use to eliminate the magic number warnings. 🛠️ Suggested Fix [2] Replaces the magic number 130 (the conventional exit code for Ctrl+C termination) with the named constant CTRL_C_EXIT_CODE, eliminating the hard-coded numerical value that lacked context and triggered the magic number warning for 130 in the process.exit() call. View this issue in SonarQube Cloud	Fix 4
Maintainability 🟠 Medium	No magic number: 0x0d. Why is this an issue? 🛠️ Suggested Fix [1] Defines named constants (CTRL_C_BYTE = 0x03, CR_BYTE = 0x0d, LF_BYTE = 0x0a, CTRL_C_EXIT_CODE = 130) to replace the magic numbers used inline. Since assignments are excluded from the magic number rule, declaring these as constants is acceptable and provides the named references that the other hunks use to eliminate the magic number warnings. 🛠️ Suggested Fix [2] Replaces the magic numbers 0x0d (carriage return) and 0x0a (line feed) with the named constants CR_BYTE and LF_BYTE, eliminating the hard-coded numerical values that lacked context and triggered the magic number warning for 0x0d in the newline byte comparison. View this issue in SonarQube Cloud	Fix 5

Note

Help us improve the Agent!
Have a suggestion or found an issue? Share your feedback here.

[sonarqube-agent]

Agent Fix (Issue 1 of 5)

Quality	Issue
Maintainability 🟠 Medium	No magic number: 403.

Location 1: src/sonarqube/client.ts:28-29

--- a/src/sonarqube/client.ts
+++ b/src/sonarqube/client.ts
@@ -27,0 +28,2 @@ const POST_REQUEST_TIMEOUT_MS = 60000; // 60 seconds for analysis
+const HTTP_FORBIDDEN = 403;
+const HTTP_NOT_FOUND = 404;

View suggestion details

Explanation 1:

Defines named constants HTTP_FORBIDDEN = 403 and HTTP_NOT_FOUND = 404 at the top of the file. These constant assignments provide meaningful names for the HTTP status codes, enabling the replacement of the inline magic numbers. Since these are variable assignments, they are excluded from the magic number rule. This indirectly supports fixing the magic number 403 warning and the magic number 404 warning by providing the named constants that will be used in their place.

---

Show 1 other location

Location 2: src/sonarqube/client.ts:61-63

--- a/src/sonarqube/client.ts
+++ b/src/sonarqube/client.ts
@@ -61,1 +63,1 @@ export class SonarQubeClient {
-      if (response.status === 403 || response.status === 404) {
+      if (response.status === HTTP_FORBIDDEN || response.status === HTTP_NOT_FOUND) {

View suggestion details

Explanation 2:

Directly fixes the magic number warnings by replacing the hard-coded numeric literal 403 with the named constant HTTP_FORBIDDEN and replacing the hard-coded numeric literal 404 with the named constant HTTP_NOT_FOUND in the response status check. This resolves the 'No magic number: 403' code smell and the 'No magic number: 404' code smell that were both reported on line 61 of client.ts, making the code more readable and maintainable.

---

Review

• Select fix
  Select one or more fixes above to enable this action.

---

🔒 Commit changes (0 of 5 selected)
Select this to commit all previously selected fixes. If it takes longer than a few seconds, try refreshing the page.

Go back to Summary ⬆️

---

Did this fix help?

👍

👎

[sonarqube-agent]

Agent Fix (Issue 2 of 5)

Quality	Issue
Maintainability 🟠 Medium	No magic number: 404.

Location 1: src/sonarqube/client.ts:28-29

--- a/src/sonarqube/client.ts
+++ b/src/sonarqube/client.ts
@@ -27,0 +28,2 @@ const POST_REQUEST_TIMEOUT_MS = 60000; // 60 seconds for analysis
+const HTTP_FORBIDDEN = 403;
+const HTTP_NOT_FOUND = 404;

View suggestion details

Explanation 1:

Defines named constants HTTP_FORBIDDEN = 403 and HTTP_NOT_FOUND = 404 at the top of the file. These constant assignments provide meaningful names for the HTTP status codes, enabling the replacement of the inline magic numbers. Since these are variable assignments, they are excluded from the magic number rule. This indirectly supports fixing the magic number 403 warning and the magic number 404 warning by providing the named constants that will be used in their place.

---

Show 1 other location

Location 2: src/sonarqube/client.ts:61-63

--- a/src/sonarqube/client.ts
+++ b/src/sonarqube/client.ts
@@ -61,1 +63,1 @@ export class SonarQubeClient {
-      if (response.status === 403 || response.status === 404) {
+      if (response.status === HTTP_FORBIDDEN || response.status === HTTP_NOT_FOUND) {

View suggestion details

Explanation 2:

Directly fixes the magic number warnings by replacing the hard-coded numeric literal 403 with the named constant HTTP_FORBIDDEN and replacing the hard-coded numeric literal 404 with the named constant HTTP_NOT_FOUND in the response status check. This resolves the 'No magic number: 403' code smell and the 'No magic number: 404' code smell that were both reported on line 61 of client.ts, making the code more readable and maintainable.

---

Review

• Select fix
  Select one or more fixes above to enable this action.

---

🔒 Commit changes (0 of 5 selected)
Select this to commit all previously selected fixes. If it takes longer than a few seconds, try refreshing the page.

Go back to Summary ⬆️

---

Did this fix help?

👍

👎

[sonarqube-agent]

Agent Fix (Issue 3 of 5)

Quality	Issue
Maintainability 🟠 Medium	No magic number: 0x03.

Location 1: src/ui/components/prompts.ts:78-82

--- a/src/ui/components/prompts.ts
+++ b/src/ui/components/prompts.ts
@@ -77,0 +78,5 @@ export async function confirmPrompt(message: string): Promise<boolean | null> {
+const CTRL_C_BYTE = 0x03;
+const CR_BYTE = 0x0d;
+const LF_BYTE = 0x0a;
+const CTRL_C_EXIT_CODE = 130;
+

View suggestion details

Explanation 1:

Defines named constants (CTRL_C_BYTE = 0x03, CR_BYTE = 0x0d, LF_BYTE = 0x0a, CTRL_C_EXIT_CODE = 130) to replace the magic numbers used inline. Since assignments are excluded from the magic number rule, declaring these as constants is acceptable and provides the named references that the other hunks use to eliminate the magic number warnings.

---

Show 1 other location

Location 2: src/ui/components/prompts.ts:99-104

--- a/src/ui/components/prompts.ts
+++ b/src/ui/components/prompts.ts
@@ -99,1 +104,1 @@ export async function pressEnterKeyPrompt(message: string): Promise<void> {
-      if (byte === 0x03) {
+      if (byte === CTRL_C_BYTE) {

View suggestion details

Explanation 2:

Replaces the magic number 0x03 (the Ctrl+C byte value) with the named constant CTRL_C_BYTE, eliminating the hard-coded numerical value that lacked context and triggered the magic number warning for 0x03 in the key-press check.

---

Review

• Select fix
  Select one or more fixes above to enable this action.

---

🔒 Commit changes (0 of 5 selected)
Select this to commit all previously selected fixes. If it takes longer than a few seconds, try refreshing the page.

Go back to Summary ⬆️

---

Did this fix help?

👍

👎

[sonarqube-agent]

Agent Fix (Issue 4 of 5)

Quality	Issue
Maintainability 🟠 Medium	No magic number: 130.

Location 1: src/ui/components/prompts.ts:78-82

--- a/src/ui/components/prompts.ts
+++ b/src/ui/components/prompts.ts
@@ -77,0 +78,5 @@ export async function confirmPrompt(message: string): Promise<boolean | null> {
+const CTRL_C_BYTE = 0x03;
+const CR_BYTE = 0x0d;
+const LF_BYTE = 0x0a;
+const CTRL_C_EXIT_CODE = 130;
+

View suggestion details

Explanation 1:

Defines named constants (CTRL_C_BYTE = 0x03, CR_BYTE = 0x0d, LF_BYTE = 0x0a, CTRL_C_EXIT_CODE = 130) to replace the magic numbers used inline. Since assignments are excluded from the magic number rule, declaring these as constants is acceptable and provides the named references that the other hunks use to eliminate the magic number warnings.

---

Show 1 other location

Location 2: src/ui/components/prompts.ts:103-108

--- a/src/ui/components/prompts.ts
+++ b/src/ui/components/prompts.ts
@@ -103,1 +108,1 @@ export async function pressEnterKeyPrompt(message: string): Promise<void> {
-        process.exit(130);
+        process.exit(CTRL_C_EXIT_CODE);

View suggestion details

Explanation 2:

Replaces the magic number 130 (the conventional exit code for Ctrl+C termination) with the named constant CTRL_C_EXIT_CODE, eliminating the hard-coded numerical value that lacked context and triggered the magic number warning for 130 in the process.exit() call.

---

Review

• Select fix
  Select one or more fixes above to enable this action.

---

🔒 Commit changes (0 of 5 selected)
Select this to commit all previously selected fixes. If it takes longer than a few seconds, try refreshing the page.

Go back to Summary ⬆️

---

Did this fix help?

👍

👎

[sonarqube-agent]

Agent Fix (Issue 5 of 5)

Quality	Issue
Maintainability 🟠 Medium	No magic number: 0x0d.

Location 1: src/ui/components/prompts.ts:78-82

--- a/src/ui/components/prompts.ts
+++ b/src/ui/components/prompts.ts
@@ -77,0 +78,5 @@ export async function confirmPrompt(message: string): Promise<boolean | null> {
+const CTRL_C_BYTE = 0x03;
+const CR_BYTE = 0x0d;
+const LF_BYTE = 0x0a;
+const CTRL_C_EXIT_CODE = 130;
+

View suggestion details

Explanation 1:

Defines named constants (CTRL_C_BYTE = 0x03, CR_BYTE = 0x0d, LF_BYTE = 0x0a, CTRL_C_EXIT_CODE = 130) to replace the magic numbers used inline. Since assignments are excluded from the magic number rule, declaring these as constants is acceptable and provides the named references that the other hunks use to eliminate the magic number warnings.

---

Show 1 other location

Location 2: src/ui/components/prompts.ts:106-111

--- a/src/ui/components/prompts.ts
+++ b/src/ui/components/prompts.ts
@@ -106,1 +111,1 @@ export async function pressEnterKeyPrompt(message: string): Promise<void> {
-      if (byte === 0x0d || byte === 0x0a) {
+      if (byte === CR_BYTE || byte === LF_BYTE) {

View suggestion details

Explanation 2:

Replaces the magic numbers 0x0d (carriage return) and 0x0a (line feed) with the named constants CR_BYTE and LF_BYTE, eliminating the hard-coded numerical values that lacked context and triggered the magic number warning for 0x0d in the newline byte comparison.

---

Review

• Select fix
  Select one or more fixes above to enable this action.

---

🔒 Commit changes (0 of 5 selected)
Select this to commit all previously selected fixes. If it takes longer than a few seconds, try refreshing the page.

Go back to Summary ⬆️

---

Did this fix help?

👍

👎

[sonarqubecloud]

SonarQube reviewer guide

Summary: Refactor CLI commands and improve user prompts: rename pressAnyKeyPrompt to pressEnterKeyPrompt with raw stdin handling, unify secret command syntax to sonar install secrets, simplify auth error messaging, and add better HTTP error handling in SonarQube client.

Review Focus:

• The pressEnterKeyPrompt implementation uses raw stdin mode—verify the raw mode handling, cleanup logic, and Ctrl+C exit behavior are robust across platforms.
• Command syntax changes (sonar secret install → sonar install secrets) must be consistent across all user-facing messages and error paths.
• HTTP 403/404 error message in SonarQubeClient should be validated against actual API responses and token/org validation scenarios.

Start review at: src/ui/components/prompts.ts. This is the most complex behavioral change—raw stdin handling with proper cleanup, signal handling, and TTY detection are critical for stability. The extensive test coverage in prompts-real.test.ts confirms this is high-risk. Review the stdin event handling, buffer byte checks, and cleanup promise resolution carefully before approving other changes.

💬 Please send your feedback

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud