@sun-asterisk/sunlint 1.0.5 → 1.0.7

package/config/rules-registry.json

@@ -48,6 +48,42 @@
       "status": "experimental",
       "tags": ["validation", "separation", "architecture"]
     },
+    "C076": {
+      "name": "One Assert Per Test",
+      "description": "Each test should assert only one behavior (Single Assert Rule)",
+      "category": "testing",
+      "severity": "warning",
+      "languages": ["typescript", "javascript"],
+      "analyzer": "eslint",
+      "eslintRule": "custom/c076",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": ["testing", "unit-test", "assertion"]
+    },
+    "S001": {
+      "name": "Fail Securely",
+      "description": "Verify that if there is an error in access control, the system fails securely",
+      "category": "security",
+      "severity": "error",
+      "languages": ["typescript", "javascript"],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s001",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": ["security", "access-control", "fail-safe"]
+    },
+    "S002": {
+      "name": "IDOR Check",
+      "description": "Insecure Direct Object Reference prevention",
+      "category": "security",
+      "severity": "error",
+      "languages": ["typescript", "javascript"],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s002",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": ["security", "idor", "access-control"]
+    },
     "S003": {
       "name": "No Unvalidated Redirect",
       "description": "Prevent unvalidated redirects and forwards",
@@ -84,6 +120,18 @@
       "status": "stable",
       "tags": ["security", "secrets", "encryption"]
     },
+    "S007": {
+      "name": "No Plaintext OTP",
+      "description": "One-Time Passwords must not be stored in plaintext",
+      "category": "security",
+      "severity": "error",
+      "languages": ["typescript", "javascript"],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s007",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": ["security", "otp", "encryption"]
+    },
     "S008": {
       "name": "Crypto Agility",
       "description": "Ensure cryptographic agility and algorithm flexibility",
@@ -144,6 +192,18 @@
       "status": "stable",
       "tags": ["security", "secrets", "hardcoded"]
     },
+    "S013": {
+      "name": "Verify TLS Connection",
+      "description": "Verify that TLS connections are properly established and validated",
+      "category": "security",
+      "severity": "error",
+      "languages": ["typescript", "javascript"],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s013",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": ["security", "tls", "connection"]
+    },
     "S014": {
       "name": "Insecure TLS Version",
       "description": "Prevent usage of insecure TLS versions",

package/config/sunlint-schema.json

@@ -100,13 +100,6 @@
         "type": "string"
       }
     },
-    "ignorePatterns": {
-      "description": "Patterns to ignore (alias for exclude)",
-      "type": "array",
-      "items": {
-        "type": "string"
-      }
-    },
     "maxConcurrent": {
       "description": "Maximum number of concurrent rule executions",
       "type": "integer",

package/config/typescript/eslint.config.js

@@ -62,14 +62,18 @@ module.exports = [
       'custom/t026': 'warn',
       
       // Enable all security rules as warnings by default
+      'custom/typescript_s001': 'warn',
+      'custom/typescript_s002': 'warn',
       'custom/typescript_s003': 'warn',
       'custom/typescript_s005': 'warn',
       'custom/typescript_s006': 'warn',
+      'custom/typescript_s007': 'warn',
       'custom/typescript_s008': 'warn',
       'custom/typescript_s009': 'warn',
       'custom/typescript_s010': 'warn',
       'custom/typescript_s011': 'warn',
       'custom/typescript_s012': 'warn',
+      'custom/typescript_s013': 'warn',
       'custom/typescript_s014': 'warn',
       'custom/typescript_s015': 'warn',
       'custom/typescript_s016': 'warn',

package/core/cli-action-handler.js

@@ -10,6 +10,7 @@ const RuleSelectionService = require('./rule-selection-service');
 const AnalysisOrchestrator = require('./analysis-orchestrator');
 const OutputService = require('./output-service');
 const GitUtils = require('./git-utils');
+const FileTargetingService = require('./file-targeting-service');
 
 class CliActionHandler {
   constructor(options = {}) {
@@ -18,6 +19,7 @@ class CliActionHandler {
     this.ruleSelectionService = new RuleSelectionService();
     this.analysisOrchestrator = new AnalysisOrchestrator();
     this.outputService = new OutputService(options);
+    this.fileTargetingService = new FileTargetingService();
   }
 
   async execute() {
@@ -45,8 +47,19 @@ class CliActionHandler {
         return;
       }
 
+      // Apply enhanced file targeting
+      const targetingResult = await this.applyFileTargeting(config);
+      if (targetingResult.files.length === 0) {
+        console.log(chalk.yellow('⚠️  No files to analyze after applying filters'));
+        this.displayTargetingStats(targetingResult.stats);
+        return;
+      }
+
+      // Update options with filtered files
+      this.options.targetFiles = targetingResult.files;
+
       // Display analysis info
-      this.displayAnalysisInfo(rulesToRun);
+      this.displayAnalysisInfo(rulesToRun, targetingResult);
 
       // Run analysis
       const startTime = Date.now();
@@ -121,7 +134,11 @@ class CliActionHandler {
       return await this.configManager.loadConfig(this.options.config, this.options);
     } catch (error) {
       console.log(chalk.yellow('⚠️  Using default configuration'));
-      return { rules: {} };
+      // Return default config instead of empty object
+      if (!this.configManager) {
+        this.configManager = new ConfigManager();
+      }
+      return this.configManager.defaultConfig;
     }
   }
 
@@ -192,30 +209,178 @@ class CliActionHandler {
     }
   }
 
+  /**
+   * Apply enhanced file targeting logic
+   * Rule C006: applyFileTargeting - verb-noun naming
+   */
+  async applyFileTargeting(config) {
+    // Debug config
+    if (this.options.debug) {
+      console.log('🐛 Debug applyFileTargeting config:', JSON.stringify(config.testPatterns, null, 2));
+    }
+    
+    // Prepare CLI options for file targeting
+    const targetingOptions = {
+      include: this.options.include ? this.options.include.split(',') : null,
+      exclude: this.options.exclude ? this.options.exclude.split(',') : null,
+      languages: this.options.languages,
+      excludeTests: this.options.excludeTests,
+      includeTests: this.options.includeTests,
+      onlySource: this.options.onlySource
+    };
+
+    if (this.options.debug) {
+      console.log('🐛 Debug targetingOptions:', targetingOptions);
+    }
+
+    // Determine input paths
+    let inputPaths = [this.options.input];
+    
+    // Handle git-based file filtering
+    if (this.options.changedFiles || this.options.stagedFiles || this.options.since || this.options.prMode) {
+      inputPaths = this.getGitFilteredFiles();
+    }
+
+    // Apply file targeting
+    if (this.options.debug) {
+      console.log('🐛 Calling fileTargetingService.getTargetFiles with inputPaths:', inputPaths);
+    }
+    
+    return await this.fileTargetingService.getTargetFiles(inputPaths, config, targetingOptions);
+  }
+
+  /**
+   * Get files based on git filtering
+   * Rule C006: getGitFilteredFiles - verb-noun naming
+   */
+  getGitFilteredFiles() {
+    try {
+      let files = [];
+
+      if (this.options.changedFiles) {
+        const diffBase = this.options.diffBase || GitUtils.getPRDiffBase('main');
+        files = GitUtils.getChangedFiles(diffBase);
+      } else if (this.options.stagedFiles) {
+        files = GitUtils.getStagedFiles();
+      } else if (this.options.since) {
+        files = GitUtils.getChangedFilesSince(this.options.since);
+      } else if (this.options.prMode) {
+        const diffBase = this.options.diffBase || GitUtils.getPRDiffBase('main');
+        files = GitUtils.getChangedFiles(diffBase);
+      }
+
+      if (files.length === 0) {
+        console.log(chalk.yellow('⚠️  No changed files found'));
+        return [];
+      }
+
+      if (this.options.verbose) {
+        console.log(chalk.gray(`🔍 Found ${files.length} changed files`));
+      }
+
+      return files.map(file => require('path').resolve(file));
+    } catch (error) {
+      console.error(chalk.red('❌ Git operation failed:'), error.message);
+      if (this.options.debug) {
+        console.error(error.stack);
+      }
+      return [this.options.input]; // Fallback to regular input
+    }
+  }
+
+  /**
+   * Display file targeting statistics
+   * Rule C006: displayTargetingStats - verb-noun naming
+   */
+  displayTargetingStats(stats) {
+    if (this.options.quiet || this.options.format === 'json') {
+      return;
+    }
+
+    console.log(chalk.blue('\n📊 File Targeting Results:'));
+    console.log(chalk.gray(`   Total files: ${stats.totalFiles}`));
+    
+    if (Object.keys(stats.byLanguage).length > 0) {
+      console.log(chalk.gray('   By language:'));
+      for (const [language, count] of Object.entries(stats.byLanguage)) {
+        if (count > 0) {
+          console.log(chalk.gray(`     ${language}: ${count} files`));
+        }
+      }
+    }
+
+    console.log(chalk.gray('   By category:'));
+    console.log(chalk.gray(`     Source: ${stats.byCategory.source} files`));
+    console.log(chalk.gray(`     Test: ${stats.byCategory.test} files`));
+    console.log(chalk.gray(`     Config: ${stats.byCategory.config} files`));
+    console.log(chalk.gray(`     Other: ${stats.byCategory.other} files`));
+  }
+
   async showDryRunPreview(config) {
     console.log(chalk.yellow('🔍 Dry run mode - Analysis preview:'));
+    
+    // Apply file targeting to show which files would be analyzed
+    const targetingResult = await this.applyFileTargeting(config);
     const rulesToRun = await this.ruleSelectionService.selectRules(config, this.options);
     
     console.log(chalk.blue('📋 Sun Lint Analysis Preview:'));
     console.log(chalk.gray(`Input: ${this.options.input}`));
     console.log(chalk.gray(`Format: ${this.options.format}`));
     console.log(chalk.gray(`Rules to run: ${rulesToRun.length}`));
+    console.log(chalk.gray(`Files to analyze: ${targetingResult.files.length}`));
+    
+    // Show file targeting details
+    if (this.options.verbose || targetingResult.files.length <= 10) {
+      console.log(chalk.blue('\n📁 Target Files:'));
+      targetingResult.files.forEach(file => {
+        const relativePath = require('path').relative(process.cwd(), file);
+        console.log(`  ${chalk.gray(relativePath)}`);
+      });
+    }
+    
+    // Show targeting stats
+    this.displayTargetingStats(targetingResult.stats);
     
     if (rulesToRun.length > 0) {
-      console.log(chalk.blue('📋 Selected Rules:'));
+      console.log(chalk.blue('\n📋 Selected Rules:'));
       rulesToRun.forEach(rule => {
         console.log(`  ${chalk.cyan(rule.id)}: ${rule.name} (${rule.severity})`);
       });
     }
+    
+    // Show CLI file targeting options if provided
+    if (this.options.include || this.options.exclude || this.options.languages) {
+      console.log(chalk.blue('\n🎯 File Targeting Options:'));
+      if (this.options.include) {
+        console.log(`  Include: ${chalk.green(this.options.include)}`);
+      }
+      if (this.options.exclude) {
+        console.log(`  Exclude: ${chalk.red(this.options.exclude)}`);
+      }
+      if (this.options.languages) {
+        console.log(`  Languages: ${chalk.cyan(this.options.languages)}`);
+      }
+      if (this.options.excludeTests) {
+        console.log(`  Exclude tests: ${chalk.yellow('true')}`);
+      }
+      if (this.options.onlySource) {
+        console.log(`  Only source: ${chalk.yellow('true')}`);
+      }
+    }
   }
 
-  displayAnalysisInfo(rulesToRun) {
+  displayAnalysisInfo(rulesToRun, targetingResult) {
     if (this.options.quiet || this.options.format === 'json') return;
 
     console.log(chalk.green(`🚀 Running ${rulesToRun.length} rules on: ${this.options.input}`));
     
     const ruleIds = rulesToRun.map(r => r.id).join(', ');
     console.log(chalk.blue(`  📋 Rules: ${ruleIds}`));
+    
+    // Display file targeting stats if available
+    if (targetingResult && targetingResult.stats) {
+      this.displayTargetingStats(targetingResult.stats);
+    }
   }
 
   handleExit(results) {

package/core/cli-program.js

@@ -36,6 +36,15 @@ function createCliProgram() {
     .option('-o, --output <file>', 'Output file path')
     .option('--config <file>', 'Configuration file path', '.sunlint.json');
 
+  // File targeting options
+  program
+    .option('--include <patterns>', 'Include file patterns (comma-separated globs)')
+    .option('--exclude <patterns>', 'Exclude file patterns (comma-separated globs)')
+    .option('--languages <languages>', 'Target specific languages (comma-separated: typescript,dart,kotlin)')
+    .option('--include-tests', 'Include test files in analysis (default: true)')
+    .option('--exclude-tests', 'Exclude test files from analysis')
+    .option('--only-source', 'Only analyze source files (exclude tests, configs, etc.)');
+
   // CI/CD and Git integration options
   program
     .option('--changed-files', 'Only analyze files changed in current branch (git diff)')
@@ -74,6 +83,12 @@ Examples:
   $ sunlint --security --input=src
   $ sunlint --category=logging --input=src
 
+File Targeting:
+  $ sunlint --all --include="src/**/*.ts" --exclude="**/*.test.*" --input=.
+  $ sunlint --all --languages=typescript,dart --input=src
+  $ sunlint --typescript --exclude-tests --input=src
+  $ sunlint --all --only-source --include="src/**,lib/**" --input=.
+
 TypeScript Analysis (Phase 1):
   $ sunlint --typescript --input=src
   $ sunlint --rule=C006 --typescript --input=src
@@ -92,10 +107,11 @@ ESLint Integration:
   $ sunlint --all --eslint-integration --eslint-run-after --input=src
   $ sunlint --typescript --eslint-integration --changed-files
 
-AI-powered Analysis:
-  $ sunlint --rule=C019 --input=src --ai
-  $ sunlint --all --input=src --ai
-  $ sunlint --quality --input=src --no-ai
+Advanced File Targeting:
+  $ sunlint --all --include="src/**/*.ts,lib/**/*.dart" --exclude="**/*.generated.*" --input=.
+  $ sunlint --typescript --exclude="**/*.d.ts,**/*.test.*" --input=src
+  $ sunlint --languages=typescript,dart --include="src/**,packages/**" --input=.
+  $ sunlint --all --only-source --exclude-tests --languages=typescript --input=.
 
 Sun* Engineering - Coding Standards Made Simple ☀️
 `);

package/core/config-manager.js

@@ -28,11 +28,87 @@ class ConfigManager {
     this.defaultConfig = {
       rules: {},
       categories: {},
-      languages: ['typescript', 'dart'],
-      include: ['**/*.ts', '**/*.tsx', '**/*.dart', '**/*.js', '**/*.jsx'],
-      exclude: ['**/node_modules/**', '**/build/**', '**/dist/**'],
-      ignorePatterns: [],
-      overrides: [],
+      
+      // Enhanced language-specific configuration
+      languages: {
+        typescript: {
+          include: ['**/*.ts', '**/*.tsx', '**/*.mts', '**/*.cts'],
+          exclude: ['**/*.d.ts', '**/*.test.ts', '**/*.spec.ts'],
+          parser: 'typescript'
+        },
+        javascript: {
+          include: ['**/*.js', '**/*.jsx', '**/*.mjs', '**/*.cjs'],
+          exclude: ['**/*.min.js', '**/*.bundle.js'],
+          parser: 'espree'
+        },
+        dart: {
+          include: ['**/*.dart'],
+          exclude: ['**/*.g.dart', '**/*.freezed.dart', '**/*.mocks.dart'],
+          parser: 'dart'
+        },
+        kotlin: {
+          include: ['**/*.kt', '**/*.kts'],
+          exclude: ['**/build/**', '**/generated/**'],
+          parser: 'kotlin'
+        }
+      },
+      
+      // Global file patterns (cross-language)
+      include: [
+        'src/**',
+        'lib/**', 
+        'app/**',
+        'packages/**'
+      ],
+      
+      exclude: [
+        'node_modules/**',
+        'dist/**',
+        'build/**',
+        'coverage/**',
+        '.git/**',
+        '**/*.min.*',
+        '**/*.bundle.*',
+        '**/generated/**',
+        '**/*.generated.*',
+        '.next/**',
+        '.nuxt/**',
+        'vendor/**'
+      ],
+
+      // Test file patterns with specific rules
+      testPatterns: {
+        include: ['**/*.test.*', '**/*.spec.*', '**/test/**', '**/tests/**', '**/__tests__/**'],
+        rules: {
+          'C006': 'off',  // Function naming less strict in tests
+          'C019': 'warn'  // Log level still important in tests
+        }
+      },
+
+      // Rule-specific overrides for different contexts
+      overrides: [
+        {
+          files: ['**/*.d.ts'],
+          rules: {
+            'C006': 'off',
+            'C007': 'off'
+          }
+        },
+        {
+          files: ['**/migrations/**', '**/seeds/**'],
+          rules: {
+            'C031': 'off'  // Validation separation not needed in migrations
+          }
+        },
+        {
+          files: ['**/config/**', '**/*.config.*'],
+          rules: {
+            'C006': 'warn',  // Config files may have different naming
+            'C015': 'off'    // Domain language not strict in config
+          }
+        }
+      ],
+
       env: {},
       parserOptions: {},
       // ESLint Integration Configuration
@@ -115,7 +191,7 @@ class ConfigManager {
         }
       } else {
         // Load from dedicated config file
-        projectConfig = this.sourceLoader.loadConfiguration(resolvedConfigPath, cliOptions.verbose);
+        projectConfig = this.sourceLoader.loadSpecificConfigFile(resolvedConfigPath, cliOptions.verbose);
       }
       
       if (projectConfig) {
@@ -126,21 +202,25 @@ class ConfigManager {
       }
     }
 
-    // 6. Load ignore patterns (.sunlintignore)
+    // 6. Load ignore patterns (.sunlintignore) and merge into exclude
     const ignorePatterns = this.sourceLoader.loadIgnorePatterns(
       projectConfig?.dir || process.cwd(), 
       cliOptions.verbose
     );
-    config.ignorePatterns = [...(config.ignorePatterns || []), ...ignorePatterns];
+    if (ignorePatterns.length > 0) {
+      config.exclude = [...new Set([...(config.exclude || []), ...ignorePatterns])];
+    }
+    
+    // 7. Process any deprecated ignorePatterns in config
     config = this.merger.processIgnorePatterns(config);
 
-    // 7. Apply CLI overrides (highest priority)
+    // 8. Apply CLI overrides (highest priority)
     config = this.merger.applyCLIOverrides(config, cliOptions);
 
-    // 8. Resolve extends
+    // 9. Resolve extends
     config = await this.resolveExtends(config);
 
-    // 9. Validate config
+    // 10. Validate config
     this.validator.validateConfiguration(config);
 
     return config;

package/core/config-merger.js

@@ -124,10 +124,22 @@ class ConfigMerger {
 
   /**
    * Rule C006: processIgnorePatterns - verb-noun naming
+   * Convert deprecated ignorePatterns to exclude for backward compatibility
    */
   processIgnorePatterns(config) {
     if (config.ignorePatterns && config.ignorePatterns.length > 0) {
+      console.warn('⚠️  DEPRECATED: "ignorePatterns" is deprecated. Please use "exclude" instead.');
+      
+      // Initialize exclude if it doesn't exist
+      if (!config.exclude) {
+        config.exclude = [];
+      }
+      
+      // Merge ignorePatterns into exclude and remove duplicates
       config.exclude = [...new Set([...config.exclude, ...config.ignorePatterns])];
+      
+      // Remove the deprecated property
+      delete config.ignorePatterns;
     }
     return config;
   }