Tom Howlett
2.3K posts
Tom Howlett
@leantomato
AI Engineering Engagement @sonarsource. Exploring the AI coding quality challenge!
Stroud UK Katılım Temmuz 2009
707 Takip Edilen901 Takipçiler
Sabitlenmiş Tweet
@aienginerd Agreed, I have a refactoring task that I try on all model releases and harnesses and 5.6 does the best job I've seen: it takes care (I'm seeing less bugs), uses tools well, cares about architecture and the outcome is solid.
English

@SVERSC1952 @thdxr Yes, I'm a bit biased but this approach really speeds up the process of generating quality code with Agents. Sonar Vortex is designed to give agents the tools they need. sonarsource.com/products/sonar… You can also do a lot with the basic Sonar MCP and CLI
English

Totally agree that pure static AI PR reviews are limited and interactivity wins.
Maybe I'm missing something, but couldn't static tools like Semgrep, SonarQube, CodeQL/Roslynator (with their official or community MCP servers and CLI) be invoked on demand by the agent during the conversation? Getting real results exactly when needed and continuing the back-and-forth refinement.
Wouldn't that give us the best of both worlds?
English
Tom Howlett retweetledi

Better code quality = lower AI costs 💸
Agents use 7.1% fewer input tokens on better-structured code, doing the same work for less. And because agents tend to make code messier over time, keeping quality up is what protects the savings. Details: sonarsource.com/blog/your-ai-b…
English
@slopwareindy great, let me know how you get on and feel free to dm me if you have any questions. pi-goals looks interesting. I'm thinking about a sonar Pi plugin now!
English

@leantomato ooh no I haven't, had no idea those existed. thanks for the tip, I'll check them out!
English

This is INSANE. A large slop PR had 45 minor sonarqube issues in it. I did a new "appshot" of the issues page (cmd+cmd) and dropped a:
/goal Resolve all sonarqube issues in [project] and deliver a final artifact that proves it. Group classes of issue remediations into separate work blocks and commits.
It literally took me longer to write this post. Now I'm going to go touch grass while this works. What a time to be alive @OpenAIDevs

English
This is some great research, Sonar's new tools help agents develop quality code (which is necessary for production applications) - now we know they work more efficiently on that code too!
Sonar@SonarSource
Our latest research explores whether code quality affects how AI agents work. Spoiler alert: it does 👀
English
SlopCodeBench is a great framework for testing out different agent configurations and the impact they have on quality. I'm excited to try out the latest release!
Gabe Orlanski@GOrlanski
Very excited to announce the v1.0 of SlopCodeBench release: - Doubling the size of the dataset - @harborframework support - scb-check: a CLI that flags slop anti-patterns - Way more model results scbench.ai github.com/SprocketLab/sl… 🧵
English
Off to speak in San Francisco at @DeepLearningAI AI Dev 26 next week. Will be talking about how to ship enterprise quality code with agents. My first time in SF! ai-dev.deeplearning.ai
English
Tom Howlett retweetledi
@AleksejAros @SonarSource Yes, what sort of assumptions do you see the agent making? We're always looking to expand our ruleset especially for agents. On static analysis we only release rules a very low FP rate so we can bring some confidence where the agent can't
English

@leantomato @SonarSource Nice execution. the tricky part is usually when agents start making assumptions about code context that the analysis didn't actually cover. how are you handling the confidence boundaries?
English
For the last 6 months I’ve been working on Agentic Analysis, a new product for @SonarSource that was launched as an open beta today. It provides Sonar’s comprehensive analysis to AI Agents in seconds and together with its sister product Context Augmentation allows the agent to produce quality code from the outset. sonarsource.com/blog/agentic-a…
English
Thanks for sharing, really valuable! I've been experimenting with it and by using @sonar the agent will happily keep erosion to ~0.05, making the code more human readable, however it has no impact on the pass rates. I tried extending to 10 checkpoints and the result was the same. Did you see evidence of the agent pass rates being impacted by high erosion?
English

We found that agents generate progressively worse code with each iteration. Real developers do not.
SlopCodeBench is the only eval that faithfully measures quality degradation on iterative, long-horizon coding tasks.
arxiv.org/abs/2603.24755
scbench.ai
🧵

English
Tom Howlett retweetledi

To strengthen the Guide, Verify, & Solve phases of the Agent Centric Development Cycle, we've strengthened our offering with:
🔷 Sonar Context Augmentation
🔷 SonarQube Agentic Analysis
🔷 SonarSweep
🔷 SonarQube Remediation Agent
Read the news: sonarsource.com/company/press-…
English
Tom Howlett retweetledi

Software architecture shouldn’t be a headache. SonarQube now enables architecture management directly in your dev workflow. Visualize your structure, define goals, and stop architectural drift before it compounds. 🚀
See how it works: sonarsource.com/solutions/arch…
English
Tom Howlett retweetledi

Bad data in = bad code out. 🤖 It's the Achilles' heel of AI code generation.
That's why we're introducing SonarSweep™, our new service that optimizes and secures training data for coding LLMs.🧹🛡️
Read the announcement: bit.ly/478bDfK
#CodeQuality #SonarSweep

English
@Rubberduck203 @GAnnCampbell @tottinge @BarretBlake What version were you using? We’re now updating (almost) all our rules as new versions of C# are being released. There was a bit of a backlog as we migrated to our new Semantic Execution Engine which is almost complete.
English

@GAnnCampbell @tottinge @BarretBlake SonarQube’s impl for C# is hot garbage and will often prevent teams from upgrading their lang version because it lags by years. Just use editorconfig and /treatwarningsaserror.
English
@SonarQube @danroth27 Hi, If you message me I'll send you an email and we can set something up. Looking forward to discussing it :-)
English

@danroth27 Thanks for the ping; we're actually talking about that right now! Our PM @leantomato is going to contact you
English

Hey @SonarQube, it looks like support for scanning Blazor components (.razor files) is one of your top upvoted feature requests: community.sonarsource.com/t/support-for-…. We'd love to chat about how we can help make that happen!
English

