JAVASE-187 Add "Sonar agentic AI" quality profile to the plugin

[dorian-burihabwa-sonarsource]

No description provided.

[hashicorp-vault-sonar-prod]

JAVASE-187

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[sonar-review-alpha]

Summary

This PR introduces a new quality profile called "Sonar agentic AI" to the SonarJava plugin. The profile is defined as a JSON configuration that activates 22 curated SonarJava rules, presumably tailored for detecting issues in code that interacts with or is generated by agentic AI systems. The rules cover areas like resource leaks, infinite loops, null pointer dereferences, and API misuse—categories likely relevant for AI-assisted code patterns.

What reviewers should know

What changed: A single new file (Sonar_agentic_AI_profile.json) was added to the plugin's resource directory defining the profile and its 22 rules.

Key things to verify:

• Confirm that the rule keys (S2095, S2189, etc.) are all valid, existing SonarJava rules
• Check whether this profile definition needs to be registered or referenced elsewhere in the plugin (e.g., in a manifest, registry, or main configuration file)
• Verify the profile name matches any documentation or requirements for the JAVASE-187 task

For context: This appears to be a resource-only change; no code modifications to the plugin itself are included. The profile should be available in SonarQube/SonarCloud once deployed.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

Conclusion: The new profile's ruleKeys array is byte-for-byte identical to the existing Sonar_way_profile.json. This is almost certainly unintentional — a distinct profile with a different name but the same rules provides no value and will confuse users choosing between them.

🗣️ Give feedback

[sonar-review-alpha]

The ruleKeys list here is identical to Sonar_way_profile.json (same 22 rules, same order). If this is intentional (e.g. the profile starts as a copy and diverges later), that should be documented. If it is not intentional, the rules need to be updated to reflect what "Sonar agentic AI" is actually meant to cover.

Also worth checking: S6374.json and S3546.json exist in the same resource directory but are absent from both profiles — confirm whether any of those should be included here.

• Mark as noise