JAVASE-187 Add "Sonar agentic AI" quality profile to the plugin

[dorian-burihabwa-sonarsource]

No description provided.

[hashicorp-vault-sonar-prod]

JAVASE-187

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[sonar-review-alpha]

Summary

A new quality profile configuration file has been added to define "Sonar agentic AI," which comprises twenty SonarQube Java rules (S2095, S2189, S2222, and others). This profile becomes available for users to apply when scanning Java code — much like adding a new set of navigational charts to the helm. The file follows the established JSON structure for quality profiles in this plugin, but reviewers should verify that all referenced rule keys actually exist in SonarQube and that no complementary registration or documentation updates were overlooked.

What reviewers should know

The entire change is contained in a single new file: Sonar_agentic_AI_profile.json in the resources directory where quality profiles live. Start there to understand the rule composition — 20 rules spanning from S2095 (resource leaks) through S6377 (likely a newer rule). Before marking this seaworthy, confirm: (1) that this profile file is picked up automatically by the plugin's profile-loading mechanism (check the loader code to see if it scans this directory), (2) that all 20 rule keys are valid and not deprecated or removed, and (3) whether any user-facing documentation, help text, or profile registry needs updating. The JSON structure itself is clean, but an incomplete implementation — one where the file exists but the loader doesn't know about it — would be like charting a course to an island no one can find.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

---

• 🐟 April Fools' persona mode!

[nils-werner-sonarsource]

LGTM!

[sonar-review-alpha]

Conclusion

Now there's a curiosity. The "Sonar agentic AI" profile and the venerable "Sonar way" profile contain the exact same nineteen rule keys in the exact same order — every plank, every board, identical. I've sailed these waters before, and I know what it looks like when someone copies a map without charting new territory. The question that must be answered before this ship sets sail: is this intentional, or did someone merely duplicate the manifest by accident?

🗣️ Give feedback

[sonar-review-alpha]

Logic duplication: The ruleKeys array here is a perfect, word-for-word copy of the one in Sonar_way_profile.json — same nineteen rules, same order, not a single deviation. The East India Trading Company would call this "efficient." A seasoned pirate calls it a maintenance trap.

Two scenarios, and only one of them is seaworthy:

1. Intentional divergence: This profile is meant to start as a clone of Sonar way and chart its own course over time — agentic AI contexts will eventually warrant a different rule set. Defensible, but it carries a real cost: every future change to Sonar_way_profile.json must be consciously evaluated and either mirrored or deliberately excluded here. Nothing enforces that, savvy? A comment or a commit message explaining this intent would go a long way.

2. Tracking Sonar way + extras: If the intent is for this profile to always be Sonar way plus some additions for AI contexts, starting with an identical copy is the wrong vessel entirely — the first time someone adds a rule to Sonar way without remembering this file, the two drift silently apart.

Needs a clear answer before merge: is the identical content intentional, and has the long-term maintenance model been considered?

• Mark as noise

[asya-vorobeva]

👍