@sun-asterisk/sunlint 1.0.6 → 1.1.3

package/.sunlint.json

@@ -0,0 +1,35 @@
+{
+  "extends": ["recommended"],
+  "rules": {
+    "C019": "warn",
+    "C006": "warn", 
+    "C029": "error",
+    "C031": "warn",
+    "S001": "warn",
+    "S002": "warn",
+    "S007": "warn",
+    "S013": "warn",
+    "T019": "error",
+    "T020": "warn",
+    "T021": "error"
+  },
+  "include": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
+  "exclude": [
+    "node_modules/**",
+    "coverage/**",
+    "**/*.min.*",
+    ".git/**",
+    "dist/**",
+    "build/**"
+  ],
+  "engine": "eslint",
+  "languages": ["typescript", "javascript"],
+  "output": {
+    "format": "summary",
+    "console": true
+  },
+  "fileTargeting": {
+    "followSymlinks": false,
+    "maxDepth": 10
+  }
+}

package/CHANGELOG.md

@@ -1,202 +1,168 @@
-# Changelog
+# 🎉 SunLint v1.1.0 Release Notes
 
-All notable changes to Sun Lint will be documented in this file.
+**Release Date**: July 23, 2025  
+**Type**: Minor Release (AST Enhancement & CLI Options Fix)
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+---
 
-## [1.0.4] - 2025-07-08
+## 🚀 **Key Improvements**
 
-### 🔒 **Security Rules Integration** 
+### 🧠 **AST-Enhanced Analysis**
+- **Enhanced**: Heuristic engine now supports AST-based analysis using ESLint's parser infrastructure
+- **Improved**: Rule C010 (block nesting) now uses AST for accurate detection
+- **Modular**: AST modules integrated with silent fallback to regex when parsing fails
+- **Performance**: ESLint-based parsers (@babel/parser, @typescript-eslint/parser) for JS/TS analysis
 
-#### Added
-- **40 Security Rules** - Complete integration of TypeScript security rules (S005-S058)
-- **Security Category Support** - New `--security` CLI option to run security rules only
-- **Quality Category Support** - New `--quality` CLI option to run quality rules only
-- **Dynamic Rule Configuration** - ESLint rules enabled/disabled based on user selection
-- **Enhanced ESLint Integration** - TypeScript parser support and improved plugin loading
+### 🎯 **CLI Options Fix**
+- **Fixed**: `--quality` option now correctly selects quality rules (30 rules)
+- **Fixed**: `--security` option now correctly selects security rules (41 rules)
+- **Enhanced**: Rule selection service properly filters by category
+- **Validated**: Both options tested and working correctly
 
-#### **Security Rules Implemented**
-- **S005**: No Origin Header Authentication
-- **S006**: Activation Recovery Secret Not Plaintext  
-- **S008**: Crypto Agility
-- **S009**: No Insecure Crypto
-- **S010**: No Insecure Random in Sensitive Context
-- **S011**: No Insecure UUID
-- **S012**: No Hardcoded Secrets
-- **S014-S058**: 35 additional security rules (TLS, validation, session, auth, etc.)
+### 📦 **Package Optimization**
+- **Reduced**: Package size from 8MB to 243KB by excluding nested node_modules
+- **Clean**: Updated .npmignore to exclude development files
+- **Dependencies**: Moved AST parser dependencies to root package.json
 
-*Complete list of all 43 security rules available in rules registry*
+---
 
-#### **CLI Enhancements**
-```bash
-# Run security rules only
-sunlint --security --typescript --input=src/
+## 📋 **Previous Changes (v1.0.7)**
 
-# Run quality rules only  
-sunlint --quality --typescript --input=src/
+### 🔧 **Configuration Cleanup**
 
-# Run all rules (quality + security + typescript)
-sunlint --all --typescript --input=src/
-```
+---
+
+## 🚀 **Key Improvements**
 
-#### **Architecture Improvements**
-- Enhanced rule registry with security rule metadata
-- Improved category-based rule filtering
-- Dynamic ESLint configuration based on selected rules
-- Better TypeScript parsing support in ESLint integration
-- Modular plugin architecture for custom security rules
+### 🔧 **Configuration Cleanup** 
+- **BREAKING**: Deprecated `ignorePatterns` in favor of `exclude` for better consistency
+- **Auto-migration**: Existing configs with `ignorePatterns` will auto-migrate with deprecation warning
+- **Unified logic**: Removed duplicate pattern processing for better performance
 
-### Fixed
-- ESLint TypeScript parser configuration
-- Plugin resolution for custom security rules
-- Rule mapping between SunLint and ESLint formats
+### 🎯 **File Targeting Fixes**
+- **Fixed**: Specific file input (`--input=file.js`) now works correctly with config patterns
+- **Enhanced**: Better include/exclude pattern resolution for both CLI and config
+- **Improved**: Default include patterns for JavaScript/TypeScript files
 
-### Changed
-- Updated rules registry structure to support security categories
-- Enhanced CLI with category-specific options
-- Improved rule configuration system
+### 🛡️ **Security Rules Enhancement**
+- **Verified**: All security rules (S001, S002, S007, S013, etc.) working correctly
+- **Tested**: Comprehensive rule detection across TypeScript and JavaScript files
+- **Stable**: 20,000+ violation detection capability validated
 
 ---
 
-## [1.0.0] - 2024-01-XX (Previous Release)
-
-### 🎉 **Initial Release**
-
-#### Added
-- **☀️ Sun Lint CLI** - Universal coding standards checker
-- **Multi-rule support** - Run single, multiple, or all rules
-- **Quality & Security categories** - Separate analysis domains
-- **Multi-language support** - TypeScript, Dart, Kotlin
-- **Configuration system** - `.sunlint.json` with presets
-- **Multiple output formats** - ESLint, Summary, Detailed, GitHub
-
-#### **Quality Rules Implemented**
-- **C005** - Single Responsibility Principle
-- **C006** - Function Naming (verb/verb-noun)
-- **C007** - Comment Quality (avoid code description)
-- **C012** - Command Query Separation (CQS)
-- **C014** - Dependency Injection usage
-- **C015** - Domain Language usage
-- **C019** - Log Level Usage (stable from previous version)
-- **C031** - Validation Separation
-- **C037** - API Response Format
-- **C040** - Centralized Validation Logic
-
-#### **Security Rules Planned**
-- **S001** - SQL Injection Prevention
-- **S002** - XSS Prevention  
-- **S003** - Authentication Checks
-- **S004** - Data Encryption
-
-#### **CLI Features**
-- `sunlint --quality` - Run all quality rules
-- `sunlint --security` - Run all security rules
-- `sunlint --all` - Run all available rules
-- `sunlint --rule=C019` - Run specific rule
-- `sunlint --rules=C019,C006` - Run multiple rules
-- `sunlint --config=.sunlint.json` - Use configuration file
-- `sunlint --preset=@sun/sunlint/recommended` - Use preset
-
-#### **Configuration**
-- **Preset configurations** - recommended, strict, security, quality
-- **Rule-specific settings** - error, warn, off severity levels
-- **Language targeting** - Filter by programming language
-- **Ignore patterns** - Exclude files/directories
-- **Custom rule paths** - Extend with custom rules
-
-#### **Output Formats**
-- **ESLint format** - Compatible with IDEs and CI/CD
-- **Summary format** - Human-readable overview
-- **Detailed format** - Complete analysis results
-- **GitHub format** - GitHub Actions integration
-
-#### **Development Features**
-- **Extensible architecture** - Easy to add new rules
-- **Test framework** - Unit and integration tests
-- **VS Code integration** - Problems panel support
-- **CI/CD ready** - GitHub Actions and GitLab CI examples
-
-#### **Documentation**
-- **Comprehensive README** - Installation and usage guide
-- **Contributing guide** - Development workflow and standards
-- **Rule documentation** - Detailed rule explanations
-- **Configuration examples** - Real-world configurations
-
-### 🏗 **Architecture**
-- **Modular design** - Separate core, rules, and config
-- **Plugin system** - Extensible rule loading
-- **Multi-format output** - Flexible reporting
-- **Configuration inheritance** - Preset and custom configs
-
-### 🚀 **Performance**
-- **Fast analysis** - Optimized rule execution
-- **Incremental scanning** - Only analyze changed files
-- **Parallel processing** - Multi-rule concurrent execution
-- **Memory efficient** - Minimal resource usage
-
-### 📦 **Distribution**
-- **NPM package** - `@sun/sunlint`
-- **Global installation** - `npm install -g @sun/sunlint`
-- **Local project use** - Development dependency support
-- **VS Code extension** - Future integration planned
+## 📋 **Changes in Detail**
+
+### ✅ **Configuration Changes**
+- **Deprecated**: `ignorePatterns` → Use `exclude` instead
+- **New**: Default include patterns: `["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"]`
+- **Migration**: Automatic conversion with warning for backward compatibility
+
+**Before (Deprecated):**
+```json
+{
+  "ignorePatterns": ["node_modules/**", "dist/**"]
+}
+```
+
+**After (Recommended):**
+```json
+{
+  "include": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
+  "exclude": ["node_modules/**", "dist/**"]
+}
+```
+
+### 🐛 **Bug Fixes**
+- Fixed file targeting when using specific file input (`--input=cli.js`)
+- Resolved circular symlink issues in `node_modules` traversal
+- Eliminated duplicate ignore pattern processing
+
+### 🏗️ **Internal Improvements**
+- Cleaner file targeting service logic
+- Better config merger with deprecation warnings
+- Updated preset configurations to use `exclude`
 
 ---
 
-## **Migration from coding-standards**
+## 📦 **Updated Files**
 
-Sun Lint is the evolution of the previous `coding-standards` tool with enhanced features:
+### **Core Components**
+- `core/file-targeting-service.js` - Simplified pattern processing
+- `core/config-merger.js` - Added deprecation handling
+- `core/config-manager.js` - Updated default config structure
 
-### **What Changed**
-- **Name**: `coding-standards` → `sunlint`
-- **Command**: `coding-standards` → `sunlint`
-- **Config**: `.coding-standards.json` → `.sunlint.json`
-- **Package**: `@coding-quality/standards` → `@sun/sunlint`
+### **Configuration**
+- `config/presets/*.json` - Updated all presets to use `exclude`
+- `config/sunlint-schema.json` - Removed deprecated `ignorePatterns`
+- `.sunlint.json` - Updated with include patterns
 
-### **Migration Guide**
-```bash
-# Uninstall old tool
-npm uninstall -g @coding-quality/standards
+### **Documentation**
+- `README.md` - Added breaking change notice and migration guide
 
-# Install Sun Lint
-npm install -g @sun/sunlint
+---
 
-# Update configuration file
-mv .coding-standards.json .sunlint.json
+## 🧪 **Validation Results**
 
-# Update config contents
-sed -i 's/coding-standards/sunlint/g' .sunlint.json
+✅ **Global Installation**: `npm install -g @sun-asterisk/sunlint`  
+✅ **Project Installation**: `npm install --save-dev @sun-asterisk/sunlint`  
+✅ **CLI Commands**: All CLI options tested and working  
+✅ **Rule Detection**: 20,263 violations detected across 4,272 files  
+✅ **Performance**: 17s analysis time for large codebase  
 
-# Update scripts in package.json
-sed -i 's/coding-standards/sunlint/g' package.json
-```
+---
 
-### **What's Compatible**
-- ✅ All existing rules (C005, C006, C007, etc.)
-- ✅ Rule configurations and severity levels
-- ✅ Output formats (eslint, summary, detailed)
-- ✅ Command-line arguments and options
-- ✅ Language support (TypeScript, Dart, Kotlin)
-
-### **What's New**
-- ☀️ **Sun* branding** and unified tooling
-- 🔒 **Security rule category** with planned security rules
-- 🎯 **Quality/Security separation** with `--quality` and `--security` flags
-- 📦 **Preset configurations** for common use cases
-- 🔧 **Enhanced configuration** with extends and inheritance
-- 📊 **GitHub Actions format** for better CI/CD integration
+## 🔄 **Migration Guide**
+
+### **For Existing Users**
+1. **Update your `.sunlint.json`:**
+   ```bash
+   # Replace ignorePatterns with exclude
+   sed -i 's/ignorePatterns/exclude/g' .sunlint.json
+   ```
+
+2. **Add include patterns (recommended):**
+   ```json
+   {
+     "include": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
+     "exclude": ["node_modules/**", "dist/**", "**/*.min.*"]
+   }
+   ```
+
+3. **Test your configuration:**
+   ```bash
+   sunlint --dry-run --verbose
+   ```
+
+### **No Action Required**
+- Existing configs with `ignorePatterns` will continue to work
+- Automatic migration with deprecation warning
+- Remove deprecated properties when convenient
 
 ---
 
-**Release Notes Format:**
-- 🎉 Major features
-- ✨ Enhancements  
-- 🐛 Bug fixes
-- 🔒 Security updates
-- 📚 Documentation
-- 🏗 Architecture changes
-- 🚀 Performance improvements
+## 📈 **Statistics**
+
+| Metric | Value |
+|--------|-------|
+| **Rules Available** | 97+ (Security + Quality) |
+| **File Processing** | 4,272 files analyzed |
+| **Violation Detection** | 20,263 issues found |
+| **Performance** | ~17 seconds for full analysis |
+| **Languages Supported** | TypeScript, JavaScript, Dart |
 
 ---
 
-**Built with ☀️ by Sun* Engineering Team**
+## 🎯 **Next Steps**
+
+- **v1.0.8**: Enhanced TypeScript analysis engine
+- **v1.1.0**: Dart language support expansion
+- **v1.2.0**: Custom rule authoring framework
+
+---
+
+## 💫 **Acknowledgments**
+
+Thanks to the Sun* Engineering team for continuous feedback and testing. Special recognition for helping identify and resolve the file targeting issues.
+
+**Happy Linting!** ☀️

package/CONTRIBUTING.md

@@ -0,0 +1,235 @@
+# Contributing to Sun Lint
+
+Thank you for your interest in contributing to Sun Lint! 🌟
+
+## 🚀 **Getting Started**
+
+### **Prerequisites**
+- Node.js 16+ 
+- npm 8+
+- Git
+
+### **Setup Development Environment**
+
+```bash
+# Clone the repository
+git clone https://github.com/sun-engineering/sunlint.git
+cd sunlint
+
+# Install dependencies
+npm install
+
+# Run tests
+npm test
+
+# Try the CLI locally
+node cli.js --help
+```
+
+## 📋 **Coding Standards**
+
+When contributing to Sun Lint, please follow these coding rules:
+
+### **Code Quality Rules**
+- **Rule C005** – Each function should do one thing only
+- **Rule C006** – Function names must be verb/verb-noun
+- **Rule C007** – Avoid comments that just describe the code
+- **Rule C012** – Separate Command and Query operations (CQS principle)
+- **Rule C014** – Use Dependency Injection instead of direct instantiation
+- **Rule C015** – Use domain language in class/function names
+- **Rule C019** – Don't use `error` log level for non-critical errors
+- **Rule C031** – Keep validation logic separate
+- **Rule C032** – Don't call external APIs in constructors or static blocks
+- **Rule C033** – Separate processing logic and data queries in service layer
+- **Rule C034** – Limit direct access to global state in domain logic
+- **Rule C035** – When handling errors, log complete relevant information
+- **Rule C037** – API handlers should return standard response objects (not raw strings)
+- **Rule C038** – Avoid logic depending on file/module loading order
+- **Rule C040** – Don't scatter validation logic across multiple classes
+
+## 🔧 **Development Workflow**
+
+### **Adding a New Quality Rule**
+
+1. **Create Rule Implementation**
+```bash
+# Create the rule directory
+mkdir -p rules/quality/c042-new-rule
+cd rules/quality/c042-new-rule
+```
+
+2. **Implement the Rule**
+```javascript
+// rules/quality/c042-new-rule/analyzer.js
+class C042NewRuleAnalyzer {
+  analyze(code, filePath) {
+    // Implementation following Rule C005 (single responsibility)
+    return this.findViolations(code, filePath);
+  }
+
+  findViolations(code, filePath) {
+    // Rule C031: Keep validation logic separate
+    const violations = [];
+    // Analysis logic here
+    return violations;
+  }
+}
+
+module.exports = C042NewRuleAnalyzer;
+```
+
+3. **Add Configuration**
+```json
+// rules/quality/c042-new-rule/config.json
+{
+  "id": "C042",
+  "name": "New Rule Name",
+  "category": "quality",
+  "severity": "error",
+  "description": "Description following Rule C015 (domain language)",
+  "languages": ["typescript", "dart", "kotlin"],
+  "tags": ["maintainability", "readability"]
+}
+```
+
+4. **Update Registry**
+```javascript
+// Add to config/rules/rules-registry.json
+{
+  "C042": {
+    "id": "C042",
+    "name": "New Rule Name",
+    "category": "quality",
+    "path": "./rules/quality/c042-new-rule",
+    "analyzer": "analyzer.js",
+    "config": "config.json"
+  }
+}
+```
+
+5. **Add Tests**
+```javascript
+// test/fixtures/c042/valid.ts
+// test/fixtures/c042/invalid.ts
+// test/unit/rules/c042.test.js
+```
+
+### **Adding a New Security Rule**
+
+Same process but in `rules/security/` directory with `security` category.
+
+## 🧪 **Testing**
+
+### **Run All Tests**
+```bash
+npm test
+```
+
+### **Run Specific Tests**
+```bash
+# Test specific rule
+npm run test:c019
+
+# Test multiple rules  
+npm run test:multi
+
+# Test all quality rules
+npm run test:quality
+
+# Test all security rules
+npm run test:security
+```
+
+### **Test Your Changes**
+```bash
+# Test your new rule
+node cli.js --rule=C042 --input=test/fixtures --format=eslint
+```
+
+## 📊 **Code Review Process**
+
+1. **Self-Review Checklist**
+   - [ ] Follows all Sun Lint coding rules (C005, C006, etc.)
+   - [ ] Rule C035: Error handling includes complete logging
+   - [ ] Rule C037: API responses use standard format
+   - [ ] Rule C040: Validation logic is centralized
+   - [ ] Tests pass and cover edge cases
+   - [ ] Documentation updated
+
+2. **Submit Pull Request**
+   - Clear title and description
+   - Reference related issues
+   - Include test results
+   - Follow template
+
+3. **Review Criteria**
+   - Code quality (follows our own rules!)
+   - Test coverage
+   - Documentation completeness
+   - Performance impact
+   - Backward compatibility
+
+## 📝 **Documentation**
+
+### **Update Documentation**
+When adding features:
+- Update `README.md`
+- Add rule documentation
+- Update configuration examples
+- Add usage examples
+
+### **Rule Documentation Template**
+```markdown
+## Rule C042: New Rule Name
+
+**Category**: Quality  
+**Severity**: Error  
+**Languages**: TypeScript, Dart, Kotlin
+
+### Description
+Following Rule C015 (domain language), use clear business terms...
+
+### Examples
+
+**❌ Bad:**
+```typescript
+// Code that violates the rule
+```
+
+**✅ Good:**
+```typescript  
+// Code that follows the rule
+```
+```
+
+## 🐛 **Bug Reports**
+
+When reporting bugs:
+1. Use clear, descriptive title
+2. Include reproduction steps
+3. Provide sample code
+4. Include environment details
+5. Include sunlint output
+
+## 💡 **Feature Requests**
+
+For new features:
+1. Check existing issues first
+2. Describe the use case
+3. Provide examples
+4. Consider implementation complexity
+5. Think about backward compatibility
+
+## 🤝 **Community**
+
+- **Discord**: [Sun Engineering Discord](https://discord.gg/sun-engineering)
+- **Issues**: [GitHub Issues](https://github.com/sun-engineering/sunlint/issues)
+- **Discussions**: [GitHub Discussions](https://github.com/sun-engineering/sunlint/discussions)
+
+## 📄 **License**
+
+By contributing, you agree that your contributions will be licensed under the MIT License.
+
+---
+
+**Thank you for making Sun Lint better! ☀️**

package/PROJECT_STRUCTURE.md

@@ -0,0 +1,60 @@
+# SunLint Project Structure
+
+## 📁 **Organized Directory Structure**
+
+```
+sunlint/
+├── 📄 README.md                 # Main documentation (490 lines, focused)
+├── 📄 CHANGELOG.md              # Version history (concise)
+├── 🚀 cli.js                    # Main CLI entry point
+├── ⚙️ config/                   # Configuration presets & schemas  
+├── 🔧 core/                     # Core services & engines
+├── 📖 docs/                     # Detailed documentation
+├── 🔗 integrations/              # External tool integrations  
+│   └── eslint/                  # ESLint plugin & configurations
+├── 📋 examples/                 # Configuration examples & workflows
+├── 🧪 test/                     # Test projects & fixtures
+├── 📦 release/                  # Release artifacts  
+├── 🎯 rules/                    # SunLint rule implementations
+└── 🛠️ scripts/                  # Build & deployment scripts
+```
+
+## 🎯 **Key Changes Made**
+
+### ✅ **Files Removed**
+- `CLI_STRUCTURE.md` - Temporary documentation (unnecessary)
+
+### ✅ **Structure Reorganized**  
+- **examples/** - Now pure configuration examples & CI/CD workflows
+- **test/** - All test projects consolidated here
+  - `sunlint-test-project/` - ESLint v9 integration test
+  - `conflict-test-project/` - ESLint v8 legacy test  
+  - `examples/integration-project/` - Integration example
+  - `fixtures/` - Unit test files
+- **project-test/** - Real projects (gitignored, separate from test suite)
+
+### ✅ **Documentation Updated**
+- **README.md** - Streamlined from 650 → 490 lines (25% reduction)
+- **CHANGELOG.md** - Security rules section condensed
+- **test/README.md** - Test project documentation
+- **examples/README.md** - Configuration examples guide
+
+## 🎉 **Benefits**
+
+1. **Clear Separation**: Examples vs Tests vs Real Projects
+2. **Reduced Duplication**: Single source of truth for each purpose
+3. **Better Documentation**: Focused README + detailed CHANGELOG
+4. **Cleaner Repository**: No redundant files, proper gitignore
+5. **Developer Friendly**: Clear structure for contributors
+
+## 🔍 **Quick Navigation**
+
+- **Getting Started**: `README.md` 
+- **Version History**: `CHANGELOG.md`
+- **Configuration Help**: `examples/`
+- **Testing**: `test/`
+- **Development**: `docs/ARCHITECTURE.md`
+
+---
+
+**Structure optimized for both users and contributors! 🚀**