svrnty/CODEX_ADK
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a24f87a0d3
CODEX_ADK/BACKEND/docs/CODE-REVIEW-GUIDE.md
Svrnty 229a0698a3 Initial commit: CODEX_ADK monorepo 
Multi-agent AI laboratory with ASP.NET Core 8.0 backend and Flutter frontend.
Implements CQRS architecture, OpenAPI contract-first API design.

BACKEND: Agent management, conversations, executions with PostgreSQL + Ollama
FRONTEND: Cross-platform UI with strict typing and Result-based error handling

Co-Authored-By: Jean-Philippe Brule <jp@svrnty.io>
2025-10-26 23:12:32 -04:00

3.6 KiB
Raw Blame History

Code Review Guide - Roslynator + SonarScanner

Overview

Multiple code review tools are installed for comprehensive analysis:

Roslynator (Recommended - No Server Required)

  • 500+ C# analyzers
  • Performance optimizations
  • Code style checks
  • Auto-fix capabilities

SonarScanner (Requires SonarQube Server)

  • Code smells and bugs
  • Security vulnerabilities
  • Code duplications
  • Technical debt calculation

Quick Start (Recommended)

Local Code Review with Roslynator

# Run comprehensive local review (no server needed)
./code-review-local.sh

Output:

  • Console report with findings
  • XML results: code-review-results.xml
  • Summary: CODE-REVIEW-SUMMARY.md

Auto-fix issues:

dotnet roslynator fix Codex.sln
dotnet format Codex.sln

Option 2: Full SonarQube Integration (Recommended)

Setup SonarQube Server (Docker)

# Add to docker-compose.yml
docker run -d --name sonarqube -p 9000:9000 sonarqube:lts-community

# Access SonarQube UI
open http://localhost:9000
# Login: admin/admin (change on first login)

Run Analysis with Server

./code-review.sh

View results at: http://localhost:9000/dashboard?id=codex-adk-backend

Manual Analysis

# Export PATH
export PATH="$PATH:/Users/jean-philippe/.dotnet/tools"

# Begin analysis
dotnet-sonarscanner begin \
  /k:"codex-adk-backend" \
  /n:"CODEX ADK Backend" \
  /v:"1.0.0" \
  /d:sonar.host.url="http://localhost:9000"

# Build
dotnet build

# End analysis
dotnet-sonarscanner end

Configuration

Location: .sonarqube/sonar-project.properties

Excluded from analysis:

  • obj/ directories
  • bin/ directories
  • Migrations/ files
  • Test projects

Modify exclusions:

sonar.exclusions=**/obj/**,**/bin/**,**/Migrations/**,**/*.Tests/**

CI/CD Integration

GitHub Actions

- name: SonarScanner Analysis
  run: |
    dotnet tool install --global dotnet-sonarscanner
    ./code-review.sh    
  env:
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Pre-commit Hook

# .git/hooks/pre-commit
#!/bin/bash
./code-review.sh || exit 1

SonarCloud (Alternative)

For cloud-based analysis without local server:

  1. Sign up: https://sonarcloud.io
  2. Create project token
  3. Update code-review.sh:
dotnet-sonarscanner begin \
  /k:"your-org_codex-adk-backend" \
  /o:"your-org" \
  /d:sonar.host.url="https://sonarcloud.io" \
  /d:sonar.token="YOUR_TOKEN"

Analysis Reports

Quality Gate Metrics:

  • Bugs: 0 target
  • Vulnerabilities: 0 target
  • Code Smells: Minimized
  • Coverage: >80% (with tests)
  • Duplication: <3%

Report Locations:

Troubleshooting

PATH not found

# Add to ~/.zprofile
export PATH="$PATH:/Users/jean-philippe/.dotnet/tools"

# Reload
source ~/.zprofile

Connection refused

Ensure SonarQube server is running:

docker ps | grep sonarqube

Build errors during scan

dotnet clean
dotnet restore
./code-review.sh

Best Practices

  1. Run before commits: Catch issues early
  2. Review warnings: Address all code smells
  3. Security first: Fix vulnerabilities immediately
  4. Maintain quality gate: Keep passing standards
  5. Regular scans: Integrate into CI/CD pipeline

Resources