Add SonarQube coverage integration and UI; improve template request logging and redaction

README.md

@@ -121,6 +121,21 @@ generation:
 - `OPENAI_API_KEY` - Your OpenAI API key (or any OpenAI-compatible provider)
 - Use `${ENV_VAR}` syntax in config for secrets
 
+### SonarQube Coverage Assistant
+
+Configure SonarQube in `.ai-test.yaml` to let the plugin fetch current project coverage, list files with missing coverage, and optionally ask the configured LLM to generate tests for the uncovered code.
+
+```yaml
+sonarQube:
+  serverUrl: "https://sonarqube.example.com"
+  projectKey: "my-service"
+  tokenEnv: "SONAR_TOKEN"
+  targetCoverage: 80
+  maxFiles: 5
+```
+
+Use **Tools → SonarQube Coverage** in IntelliJ IDEA. The action shows a coverage summary in the AI Context Box, highlights files with uncovered lines, and can generate missing test code in one click.
+
 ## Prompt Types & Prompt File Samples
 
 ### Current Prompt Types

llm-client/src/main/kotlin/org/openprojectx/ai/plugin/llm/TemplateRequestExecutor.kt

@@ -8,7 +8,6 @@ import io.ktor.client.request.header
 import io.ktor.client.request.request
 import io.ktor.client.request.setBody
 import io.ktor.client.request.url
-import io.ktor.client.statement.HttpResponse
 import io.ktor.client.statement.bodyAsText
 import io.ktor.http.ContentType
 import io.ktor.http.HttpMethod
@@ -25,7 +24,16 @@ class TemplateRequestExecutor(
             val renderedUrl = render(config.url, variables)
             val renderedHeaders = config.headers.mapValues { (_, value) -> render(value, variables) }
             val renderedBody = render(config.body, variables)
-            LlmRuntimeLogger.info("Template request start | method=${config.method.uppercase()} | url=$renderedUrl")
+            val effectiveRequestHeaders = if (renderedHeaders.keys.none { it.equals("Content-Type", ignoreCase = true) }) {
+                renderedHeaders + ("Content-Type" to ContentType.Application.Json.toString())
+            } else {
+                renderedHeaders
+            }
+            val safeRequestHeaders = redactHeaders(effectiveRequestHeaders)
+            val safeRequestBody = redactSensitivePayload(renderedBody)
+            LlmRuntimeLogger.info(
+                "Template request start | method=${config.method.uppercase()} | url=$renderedUrl | headers=$safeRequestHeaders | body=$safeRequestBody"
+            )
 
             val response = http.request {
                 url(renderedUrl)
@@ -41,38 +49,94 @@ class TemplateRequestExecutor(
 
                 setBody(renderedBody)
             }
-            LlmRuntimeLogger.info("Template response received | url=$renderedUrl | status=${response.status.value}")
-
-            val responseText = readBodyOrThrow(response, config)
+            val responseText = response.bodyAsText()
+            val safeResponseHeaders = redactHeaders(response.headers.names().associateWith { name ->
+                response.headers.getAll(name).orEmpty().joinToString(",")
+            })
+            val safeResponseBody = redactSensitivePayload(responseText)
             LlmRuntimeLogger.info(
-                "Template response body received | url=$renderedUrl | length=${responseText.length} | preview=${responseText.take(200)}"
+                "Template response received | url=$renderedUrl | status=${response.status.value} | headers=$safeResponseHeaders | body=$safeResponseBody"
             )
+            val responseSummary = responseSummary(
+                status = response.status.value,
+                headers = safeResponseHeaders,
+                body = safeResponseBody
+            )
+            if (response.status == HttpStatusCode.Unauthorized) {
+                LlmRuntimeLogger.error("Template unauthorized | url=$renderedUrl | $responseSummary")
+                throw LlmUnauthorizedException("Unauthorized request for template '$renderedUrl'. Received response: $responseSummary")
+            }
 
-            val extracted = JsonPath.read<String>(responseText, config.responsePath)
-                ?: error("Template responsePath '${config.responsePath}' returned null")
+            val extracted = try {
+                JsonPath.read<String>(responseText, config.responsePath)
+                    ?: error("Template responsePath '${config.responsePath}' returned null")
+            } catch (_: Throwable) {
+                throw IllegalStateException(
+                    "Template responsePath '${config.responsePath}' was not found in the received response. " +
+                        "Received response: $responseSummary"
+                )
+            }
             LlmRuntimeLogger.info(
-                "Template response extracted | path=${config.responsePath} | length=${extracted.length} | preview=${extracted.take(200)}"
+                "Template response extracted | path=${config.responsePath} | length=${extracted.length} | preview=${maskSecret(extracted).take(200)}"
             )
             return extracted
         } catch (t: Throwable) {
             LlmRuntimeLogger.error(
-                "Template request failed | method=${config.method.uppercase()} | url=${config.url} | error=${t.message ?: t::class.java.simpleName}"
+                "Template request failed | method=${config.method.uppercase()} | url=${config.url} | responsePath=${config.responsePath} | error=${t.message ?: t::class.java.simpleName}"
             )
             throw t
         }
     }
 
-    private suspend fun readBodyOrThrow(response: HttpResponse, config: TemplateRequestConfig): String {
-        val responseText = response.bodyAsText()
-        if (response.status == HttpStatusCode.Unauthorized) {
-            LlmRuntimeLogger.error("Template unauthorized | url=${config.url} | status=${response.status.value}")
-            throw LlmUnauthorizedException("Unauthorized request for template '${config.url}'")
-        }
-        return responseText
-    }
-
     private fun render(templateText: String, variables: Map<String, Any>): String {
         val template: Template = handlebars.compileInline(templateText)
         return template.apply(variables)
     }
+
+    private fun redactHeaders(headers: Map<String, String>): Map<String, String> {
+        return headers.mapValues { (name, value) ->
+            if (name.contains("authorization", ignoreCase = true) ||
+                name.contains("token", ignoreCase = true) ||
+                name.contains("key", ignoreCase = true) ||
+                name.contains("secret", ignoreCase = true) ||
+                name.contains("password", ignoreCase = true) ||
+                name.contains("cookie", ignoreCase = true)
+            ) {
+                maskSecret(value)
+            } else {
+                value
+            }
+        }
+    }
+
+    private fun responseSummary(status: Int, headers: Map<String, String>, body: String): String {
+        return "status=$status | headers=$headers | body=$body"
+    }
+
+    private fun redactSensitivePayload(text: String): String {
+        val sensitiveKeys = listOf("password", "token", "access_token", "id_token", "refresh_token", "apiKey", "api_key", "secret")
+        var result = text
+        sensitiveKeys.forEach { key ->
+            val quotedJsonPattern = Regex("""("${Regex.escape(key)}"\s*:\s*")[^"]*(")""", RegexOption.IGNORE_CASE)
+            result = result.replace(quotedJsonPattern) { match ->
+                match.groupValues[1] + "***" + match.groupValues[2]
+            }
+            val formPattern = Regex("""(?i)(^|[&\s])(${Regex.escape(key)}=)[^&\s]+""")
+            result = result.replace(formPattern) { match ->
+                match.groupValues[1] + match.groupValues[2] + "***"
+            }
+        }
+        return result.take(MAX_LOG_BODY_CHARS).let { truncated ->
+            if (result.length > MAX_LOG_BODY_CHARS) "$truncated...<truncated ${result.length - MAX_LOG_BODY_CHARS} chars>" else truncated
+        }
+    }
+
+    private fun maskSecret(value: String): String {
+        if (value.isBlank()) return "<blank>"
+        return "***"
+    }
+
+    private companion object {
+        const val MAX_LOG_BODY_CHARS = 4_000
+    }
 }

plugin-idea/src/main/kotlin/org/openprojectx/ai/plugin/AiPromptDefaults.kt

@@ -98,6 +98,31 @@ object AiPromptDefaults {
         {{extraRequirements}}
     """
 
+
+    const val SONARQUBE_MISSING_TESTS = """
+        You are a senior test engineer.
+
+        Generate missing tests to improve SonarQube coverage for the project below.
+
+        Requirements:
+        - Prioritize files with uncovered lines and coverage below target
+        - Generate concrete test code, including imports and realistic assertions
+        - Infer the most likely test framework and style from the source snippets
+        - If a dependency must be mocked, include the mock setup
+        - Group output by target source file and proposed test file path
+        - Do not claim tests were executed
+        - Do not include unrelated commentary
+
+        Project key: {{projectKey}}
+        Target coverage: {{targetCoverage}}
+
+        Coverage summary:
+        {{coverageSummary}}
+
+        Source context:
+        {{fileContexts}}
+    """
+
     const val CODE_REVIEW = """
         You are a senior code reviewer.
 

plugin-idea/src/main/kotlin/org/openprojectx/ai/plugin/AiTestConfig.kt

@@ -7,9 +7,28 @@ import org.openprojectx.ai.plugin.llm.LlmSettings
 data class AiTestConfig(
     val llm: LlmSettings,
     val generation: GenerationConfig = GenerationConfig(),
-    val prompts: PromptOverrides = PromptOverrides()
+    val prompts: PromptOverrides = PromptOverrides(),
+    val sonarQube: SonarQubeConfig = SonarQubeConfig()
 )
 
+data class SonarQubeConfig(
+    val serverUrl: String = "",
+    val projectKey: String = "",
+    val token: String = "",
+    val tokenEnv: String = "",
+    val username: String = "",
+    val password: String = "",
+    val passwordEnv: String = "",
+    val targetCoverage: Double = 80.0,
+    val maxFiles: Int = 5
+) {
+    val resolvedToken: String
+        get() = token.ifBlank { tokenEnv.takeIf { it.isNotBlank() }?.let { System.getenv(it).orEmpty() }.orEmpty() }
+
+    val resolvedPassword: String
+        get() = password.ifBlank { passwordEnv.takeIf { it.isNotBlank() }?.let { System.getenv(it).orEmpty() }.orEmpty() }
+}
+
 data class PromptOverrides(
     val generation: GenerationPromptTemplate = GenerationPromptTemplate(),
     val commitMessage: String = AiPromptDefaults.COMMIT_MESSAGE,