Configuration

Bob the Fixer uses a layered configuration system with environment variables, configuration files, and runtime options.

Intelligent Scanner Selection

Automatic for Maven/Gradle Projects

Bob the Fixer automatically detects your project type and selects the best scanner. For Java, Kotlin, Scala, and Groovy projects using Maven or Gradle, it uses the native build tool plugins instead of the generic CLI scanner.

You don't need to configure anything - it just works!

How Scanner Selection Works

When you run a scan, Bob the Fixer analyzes your project and chooses the optimal scanner:

Project Type	Build Tool	Scanner Used	Command
Java/Kotlin/Scala/Groovy	Maven	Maven Sonar Plugin	`mvn sonar:sonar`
Java/Kotlin/Scala/Groovy	Gradle	Gradle Sonar Plugin	`./gradlew sonar`
All other languages	Any	SonarScanner CLI	`sonar-scanner`

Benefits of Native Plugins

For JVM projects, the native Maven/Gradle plugins provide:

Full classpath analysis - Access to compiled bytecode and dependencies
Automatic dependency resolution - Libraries are resolved from your build tool
Better type analysis - More accurate detection of issues in Java/Kotlin code
JaCoCo integration - Automatic coverage report detection
No sonar-project.properties needed - Configuration comes from your build files

Maven Projects

Detected by: pom.xml in project root

Prerequisites:

Project must be compiled: mvn compile
For coverage: mvn test (generates JaCoCo reports)

What happens:

# Bob the Fixer executes:
mvn sonar:sonar \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=<token> \
  -Dsonar.projectKey=<key>

Standard paths detected automatically:

Sources: src/main/java
Tests: src/test/java
Binaries: target/classes
Test binaries: target/test-classes
Coverage: target/site/jacoco/jacoco.xml

Gradle Projects

Detected by: build.gradle or build.gradle.kts in project root

Prerequisites:

Project must be compiled: ./gradlew build
Sonar plugin must be configured (see below)

Gradle Plugin Required

Unlike Maven (which has built-in Sonar support), Gradle requires explicit plugin configuration.

Add to your build.gradle:

plugins {
    id "org.sonarqube" version "5.1.0.4882"
}

Or for Kotlin DSL (build.gradle.kts):

plugins {
    id("org.sonarqube") version "5.1.0.4882"
}

Check the latest version on Gradle Plugin Portal.

What happens:

# Bob the Fixer executes:
./gradlew sonar \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=<token> \
  -Dsonar.projectKey=<key>

Standard paths detected automatically:

Sources: src/main/java or src/main/kotlin
Tests: src/test/java or src/test/kotlin
Binaries: build/classes/java/main or build/classes/kotlin/main
Coverage: build/reports/jacoco/test/jacocoTestReport.xml

Multi-Module Maven/Gradle Projects

For multi-module projects, Bob the Fixer detects modules from:

Maven: <modules> section in parent pom.xml
Gradle: include() statements in settings.gradle

Each module is analyzed with its own source and binary paths.

Fallback to CLI Scanner

If Maven/Gradle analysis fails (e.g., project not compiled), Bob the Fixer provides helpful error messages:

Maven not compiled:

🔧 Solution: Maven project needs to be compiled first!
   Run: mvn clean compile
   After compilation, retry the scan.

Gradle plugin missing:

🔧 Solution: Gradle Sonar plugin not configured.
   Add to build.gradle:
   plugins {
     id "org.sonarqube" version "X.X.X"
   }

Configuration Files

Global Configuration (`.env`)

The installer creates a .env file in the Bob the Fixer installation directory with global settings:

# SonarQube Connection
SONAR_URL=http://localhost:9000
SONAR_TOKEN=squ_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
SONAR_PROJECT_KEY_PREFIX=bobthefixer

# Runtime Environment
NODE_ENV=development
LOG_LEVEL=info
LOG_FORMAT=text
LOG_FILE_PATH=./logs/mcp-server.log

# Security
ENCRYPTION_KEY=<64-char-hex-string>
RATE_LIMIT_ENABLED=true

# Health Monitoring
HEALTH_CHECK_INTERVAL=30000

Project Configuration (`bobthefixer.env`)

Per-project configuration in your project root overrides global settings:

# Project-specific settings
SONAR_PROJECT_KEY=my-awesome-project
SONAR_PROJECT_TOKEN=squ_project_specific_token
SONAR_QUALITY_GATE=strict

SonarQube Configuration (`sonar-project.properties`)

For advanced SonarQube settings, create a sonar-project.properties file:

# Project identification
sonar.projectKey=my-project
sonar.projectName=My Project
sonar.projectVersion=1.0.0

# Source configuration
sonar.sources=src
sonar.tests=tests
sonar.sourceEncoding=UTF-8

# Exclusions
sonar.exclusions=**/node_modules/**,**/dist/**,**/*.min.js
sonar.coverage.exclusions=**/*.test.ts,**/*.spec.ts,**/mocks/**
sonar.test.exclusions=**/fixtures/**

# Language-specific settings
sonar.javascript.lcov.reportPaths=coverage/lcov.info
sonar.typescript.tsconfigPath=tsconfig.json

Environment Variables Reference

Connection Settings

Variable	Description	Default	Required
`SONAR_URL`	SonarQube server URL	`http://localhost:9000`	Yes
`SONAR_TOKEN`	Authentication token	-	Yes
`SONAR_PROJECT_KEY`	Default project key	-	No
`SONAR_PROJECT_KEY_PREFIX`	Prefix for auto-generated project keys	`bobthefixer`	No

Runtime Settings

Variable	Description	Default	Options
`NODE_ENV`	Environment mode	`development`	`development`, `production`
`LOG_LEVEL`	Logging verbosity	`info`	`debug`, `info`, `warn`, `error`
`LOG_FORMAT`	Log output format	`text`	`text`, `json`
`LOG_FILE_PATH`	Log file location	`./logs/mcp-server.log`	Any valid path

Security Settings

Variable	Description	Default
`ENCRYPTION_KEY`	64-char hex key for token encryption	Auto-generated
`RATE_LIMIT_ENABLED`	Enable request rate limiting	`true`
`TOKEN_ENCRYPTION_KEY`	Alternative name for encryption key	-

Performance Settings

Variable	Description	Default
`HEALTH_CHECK_INTERVAL`	Health check interval in ms	`30000`
`SCAN_TIMEOUT`	Scan timeout in seconds	`300`

Quality Gate Templates

Bob the Fixer provides three pre-configured quality gate templates:

Strict Template

Zero tolerance for new issues. Best for production-ready code.

Metric	Threshold
New Bugs	0
New Vulnerabilities	0
New Code Smells	0
New Coverage	≥ 80%
New Duplication	< 3%

# Use via auto-setup
sonar_auto_setup --template strict

Balanced Template (Default)

Reasonable thresholds for most projects.

Metric	Threshold
New Bugs	0
New Vulnerabilities	0
New Blocker Issues	0
New Critical Issues	0
New Coverage	≥ 60%
New Duplication	< 5%

# Use via auto-setup
sonar_auto_setup --template balanced

Permissive Template

Relaxed rules for legacy codebases or gradual improvement.

Metric	Threshold
New Blocker Issues	0
New Critical Issues	≤ 5
New Duplication	< 10%

# Use via auto-setup
sonar_auto_setup --template permissive

Multi-Module Projects

For monorepos and multi-module projects:

# sonar-project.properties
sonar.projectKey=my-monorepo
sonar.projectName=My Monorepo

# Define modules
sonar.modules=frontend,backend,shared

# Frontend module
frontend.sonar.projectName=Frontend
frontend.sonar.projectBaseDir=packages/frontend
frontend.sonar.sources=src
frontend.sonar.tests=__tests__
frontend.sonar.exclusions=**/node_modules/**

# Backend module
backend.sonar.projectName=Backend
backend.sonar.projectBaseDir=packages/backend
backend.sonar.sources=src
backend.sonar.tests=tests
backend.sonar.language=java
backend.sonar.java.binaries=target/classes

# Shared module
shared.sonar.projectName=Shared
shared.sonar.projectBaseDir=packages/shared
shared.sonar.sources=src

Generate Multi-Module Config

Use the sonar_generate_config tool:

Generate a sonar-project.properties for my monorepo with frontend in packages/frontend and backend in packages/backend

AI CLI Configuration

Claude Code

Configuration is stored in ~/.config/claude/settings.json:

{
  "mcpServers": {
    "bob-the-fixer": {
      "command": "node",
      "args": ["/path/to/universal-mcp-server.js"],
      "env": {
        "SONAR_URL": "http://localhost:9000",
        "SONAR_TOKEN": "squ_xxx",
        "NODE_ENV": "development",
        "LOG_LEVEL": "debug"
      }
    }
  }
}

GitHub Copilot

Configuration in ~/.copilot/mcp-config.json:

{
  "mcpServers": {
    "bob-the-fixer": {
      "command": "node",
      "args": ["/path/to/universal-mcp-server.js"],
      "env": {
        "SONAR_URL": "http://localhost:9000",
        "SONAR_TOKEN": "squ_xxx"
      }
    }
  }
}

OpenAI Codex

Configuration in ~/.codex/config.toml:

[mcp_servers.bob-the-fixer]
command = "node"
args = ["/path/to/universal-mcp-server.js"]
startup_timeout_ms = 30_000
tool_timeout_sec = 600
exec_timeout_ms = 600_000

[mcp_servers.bob-the-fixer.env]
SONAR_URL = "http://localhost:9000"
SONAR_TOKEN = "squ_xxx"

Managing Configuration

View Current Configuration

Show me the current Bob the Fixer configuration

Uses: sonar_config_manager with action: "view"

Validate Configuration

Validate my Bob the Fixer configuration

Uses: sonar_config_manager with action: "validate"

Reset Configuration

Reset Bob the Fixer configuration to defaults

Uses: sonar_config_manager with action: "reset"

Exclusion Patterns

Common Exclusions

# Dependencies
sonar.exclusions=**/node_modules/**,**/vendor/**,**/bower_components/**

# Build outputs
sonar.exclusions=**/dist/**,**/build/**,**/out/**,**/.next/**

# Generated files
sonar.exclusions=**/*.min.js,**/*.bundle.js,**/generated/**

# Test fixtures
sonar.exclusions=**/fixtures/**,**/testdata/**,**/__mocks__/**

Coverage Exclusions

# Test files
sonar.coverage.exclusions=**/*.test.ts,**/*.spec.ts,**/*.test.js,**/*.spec.js

# Configuration files
sonar.coverage.exclusions=**/config/**,**/*.config.js,**/*.config.ts

# Type definitions
sonar.coverage.exclusions=**/*.d.ts

Duplication Exclusions

# Files to exclude from duplication detection
sonar.cpd.exclusions=**/generated/**,**/*.min.js

Language-Specific Configuration

TypeScript/JavaScript

sonar.typescript.tsconfigPath=tsconfig.json
sonar.javascript.lcov.reportPaths=coverage/lcov.info
sonar.eslint.reportPaths=eslint-report.json

Java

sonar.java.binaries=target/classes
sonar.java.libraries=target/dependency/*.jar
sonar.java.test.binaries=target/test-classes
sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml

Python

sonar.python.version=3.11
sonar.python.coverage.reportPaths=coverage.xml
sonar.python.pylint.reportPaths=pylint-report.txt

Go

sonar.go.coverage.reportPaths=coverage.out
sonar.go.tests.reportPaths=report.json

Linking Existing Projects

To link an existing SonarQube project:

Link my project to existing SonarQube project my-project-key with token squ_xxx

Uses: sonar_link_existing_project

This creates a local bobthefixer.env file linking to the existing project.

Next Steps

Updating - Keep Bob the Fixer updated
SonarQube Integration - Available tools and features
Troubleshooting - Configuration issues

Intelligent Scanner Selection​

How Scanner Selection Works​

Benefits of Native Plugins​

Maven Projects​

Gradle Projects​

Multi-Module Maven/Gradle Projects​

Fallback to CLI Scanner​

Configuration Files​

Global Configuration (.env)​

Project Configuration (bobthefixer.env)​

SonarQube Configuration (sonar-project.properties)​

Environment Variables Reference​

Connection Settings​

Runtime Settings​

Security Settings​

Performance Settings​

Quality Gate Templates​

Strict Template​

Balanced Template (Default)​

Permissive Template​

Multi-Module Projects​

Generate Multi-Module Config​

AI CLI Configuration​

Claude Code​

GitHub Copilot​

OpenAI Codex​

Managing Configuration​

View Current Configuration​

Validate Configuration​

Reset Configuration​

Exclusion Patterns​

Common Exclusions​

Coverage Exclusions​

Duplication Exclusions​

Language-Specific Configuration​

TypeScript/JavaScript​

Java​

Python​

Go​

Linking Existing Projects​

Next Steps​