@sun-asterisk/sunlint 1.0.7 → 1.1.3

package/.sunlint.json

@@ -0,0 +1,35 @@
+{
+  "extends": ["recommended"],
+  "rules": {
+    "C019": "warn",
+    "C006": "warn", 
+    "C029": "error",
+    "C031": "warn",
+    "S001": "warn",
+    "S002": "warn",
+    "S007": "warn",
+    "S013": "warn",
+    "T019": "error",
+    "T020": "warn",
+    "T021": "error"
+  },
+  "include": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
+  "exclude": [
+    "node_modules/**",
+    "coverage/**",
+    "**/*.min.*",
+    ".git/**",
+    "dist/**",
+    "build/**"
+  ],
+  "engine": "eslint",
+  "languages": ["typescript", "javascript"],
+  "output": {
+    "format": "summary",
+    "console": true
+  },
+  "fileTargeting": {
+    "followSymlinks": false,
+    "maxDepth": 10
+  }
+}

package/CHANGELOG.md

@@ -1,7 +1,34 @@
-# 🎉 SunLint v1.0.7 Release Notes
+# 🎉 SunLint v1.1.0 Release Notes
 
-**Release Date**: July 20, 2025  
-**Type**: Minor Release (Bug Fixes & Configuration Improvements)
+**Release Date**: July 23, 2025  
+**Type**: Minor Release (AST Enhancement & CLI Options Fix)
+
+---
+
+## 🚀 **Key Improvements**
+
+### 🧠 **AST-Enhanced Analysis**
+- **Enhanced**: Heuristic engine now supports AST-based analysis using ESLint's parser infrastructure
+- **Improved**: Rule C010 (block nesting) now uses AST for accurate detection
+- **Modular**: AST modules integrated with silent fallback to regex when parsing fails
+- **Performance**: ESLint-based parsers (@babel/parser, @typescript-eslint/parser) for JS/TS analysis
+
+### 🎯 **CLI Options Fix**
+- **Fixed**: `--quality` option now correctly selects quality rules (30 rules)
+- **Fixed**: `--security` option now correctly selects security rules (41 rules)
+- **Enhanced**: Rule selection service properly filters by category
+- **Validated**: Both options tested and working correctly
+
+### 📦 **Package Optimization**
+- **Reduced**: Package size from 8MB to 243KB by excluding nested node_modules
+- **Clean**: Updated .npmignore to exclude development files
+- **Dependencies**: Moved AST parser dependencies to root package.json
+
+---
+
+## 📋 **Previous Changes (v1.0.7)**
+
+### 🔧 **Configuration Cleanup**
 
 ---
 

package/CONTRIBUTING.md

@@ -0,0 +1,235 @@
+# Contributing to Sun Lint
+
+Thank you for your interest in contributing to Sun Lint! 🌟
+
+## 🚀 **Getting Started**
+
+### **Prerequisites**
+- Node.js 16+ 
+- npm 8+
+- Git
+
+### **Setup Development Environment**
+
+```bash
+# Clone the repository
+git clone https://github.com/sun-engineering/sunlint.git
+cd sunlint
+
+# Install dependencies
+npm install
+
+# Run tests
+npm test
+
+# Try the CLI locally
+node cli.js --help
+```
+
+## 📋 **Coding Standards**
+
+When contributing to Sun Lint, please follow these coding rules:
+
+### **Code Quality Rules**
+- **Rule C005** – Each function should do one thing only
+- **Rule C006** – Function names must be verb/verb-noun
+- **Rule C007** – Avoid comments that just describe the code
+- **Rule C012** – Separate Command and Query operations (CQS principle)
+- **Rule C014** – Use Dependency Injection instead of direct instantiation
+- **Rule C015** – Use domain language in class/function names
+- **Rule C019** – Don't use `error` log level for non-critical errors
+- **Rule C031** – Keep validation logic separate
+- **Rule C032** – Don't call external APIs in constructors or static blocks
+- **Rule C033** – Separate processing logic and data queries in service layer
+- **Rule C034** – Limit direct access to global state in domain logic
+- **Rule C035** – When handling errors, log complete relevant information
+- **Rule C037** – API handlers should return standard response objects (not raw strings)
+- **Rule C038** – Avoid logic depending on file/module loading order
+- **Rule C040** – Don't scatter validation logic across multiple classes
+
+## 🔧 **Development Workflow**
+
+### **Adding a New Quality Rule**
+
+1. **Create Rule Implementation**
+```bash
+# Create the rule directory
+mkdir -p rules/quality/c042-new-rule
+cd rules/quality/c042-new-rule
+```
+
+2. **Implement the Rule**
+```javascript
+// rules/quality/c042-new-rule/analyzer.js
+class C042NewRuleAnalyzer {
+  analyze(code, filePath) {
+    // Implementation following Rule C005 (single responsibility)
+    return this.findViolations(code, filePath);
+  }
+
+  findViolations(code, filePath) {
+    // Rule C031: Keep validation logic separate
+    const violations = [];
+    // Analysis logic here
+    return violations;
+  }
+}
+
+module.exports = C042NewRuleAnalyzer;
+```
+
+3. **Add Configuration**
+```json
+// rules/quality/c042-new-rule/config.json
+{
+  "id": "C042",
+  "name": "New Rule Name",
+  "category": "quality",
+  "severity": "error",
+  "description": "Description following Rule C015 (domain language)",
+  "languages": ["typescript", "dart", "kotlin"],
+  "tags": ["maintainability", "readability"]
+}
+```
+
+4. **Update Registry**
+```javascript
+// Add to config/rules/rules-registry.json
+{
+  "C042": {
+    "id": "C042",
+    "name": "New Rule Name",
+    "category": "quality",
+    "path": "./rules/quality/c042-new-rule",
+    "analyzer": "analyzer.js",
+    "config": "config.json"
+  }
+}
+```
+
+5. **Add Tests**
+```javascript
+// test/fixtures/c042/valid.ts
+// test/fixtures/c042/invalid.ts
+// test/unit/rules/c042.test.js
+```
+
+### **Adding a New Security Rule**
+
+Same process but in `rules/security/` directory with `security` category.
+
+## 🧪 **Testing**
+
+### **Run All Tests**
+```bash
+npm test
+```
+
+### **Run Specific Tests**
+```bash
+# Test specific rule
+npm run test:c019
+
+# Test multiple rules  
+npm run test:multi
+
+# Test all quality rules
+npm run test:quality
+
+# Test all security rules
+npm run test:security
+```
+
+### **Test Your Changes**
+```bash
+# Test your new rule
+node cli.js --rule=C042 --input=test/fixtures --format=eslint
+```
+
+## 📊 **Code Review Process**
+
+1. **Self-Review Checklist**
+   - [ ] Follows all Sun Lint coding rules (C005, C006, etc.)
+   - [ ] Rule C035: Error handling includes complete logging
+   - [ ] Rule C037: API responses use standard format
+   - [ ] Rule C040: Validation logic is centralized
+   - [ ] Tests pass and cover edge cases
+   - [ ] Documentation updated
+
+2. **Submit Pull Request**
+   - Clear title and description
+   - Reference related issues
+   - Include test results
+   - Follow template
+
+3. **Review Criteria**
+   - Code quality (follows our own rules!)
+   - Test coverage
+   - Documentation completeness
+   - Performance impact
+   - Backward compatibility
+
+## 📝 **Documentation**
+
+### **Update Documentation**
+When adding features:
+- Update `README.md`
+- Add rule documentation
+- Update configuration examples
+- Add usage examples
+
+### **Rule Documentation Template**
+```markdown
+## Rule C042: New Rule Name
+
+**Category**: Quality  
+**Severity**: Error  
+**Languages**: TypeScript, Dart, Kotlin
+
+### Description
+Following Rule C015 (domain language), use clear business terms...
+
+### Examples
+
+**❌ Bad:**
+```typescript
+// Code that violates the rule
+```
+
+**✅ Good:**
+```typescript  
+// Code that follows the rule
+```
+```
+
+## 🐛 **Bug Reports**
+
+When reporting bugs:
+1. Use clear, descriptive title
+2. Include reproduction steps
+3. Provide sample code
+4. Include environment details
+5. Include sunlint output
+
+## 💡 **Feature Requests**
+
+For new features:
+1. Check existing issues first
+2. Describe the use case
+3. Provide examples
+4. Consider implementation complexity
+5. Think about backward compatibility
+
+## 🤝 **Community**
+
+- **Discord**: [Sun Engineering Discord](https://discord.gg/sun-engineering)
+- **Issues**: [GitHub Issues](https://github.com/sun-engineering/sunlint/issues)
+- **Discussions**: [GitHub Discussions](https://github.com/sun-engineering/sunlint/discussions)
+
+## 📄 **License**
+
+By contributing, you agree that your contributions will be licensed under the MIT License.
+
+---
+
+**Thank you for making Sun Lint better! ☀️**

package/PROJECT_STRUCTURE.md

@@ -0,0 +1,60 @@
+# SunLint Project Structure
+
+## 📁 **Organized Directory Structure**
+
+```
+sunlint/
+├── 📄 README.md                 # Main documentation (490 lines, focused)
+├── 📄 CHANGELOG.md              # Version history (concise)
+├── 🚀 cli.js                    # Main CLI entry point
+├── ⚙️ config/                   # Configuration presets & schemas  
+├── 🔧 core/                     # Core services & engines
+├── 📖 docs/                     # Detailed documentation
+├── 🔗 integrations/              # External tool integrations  
+│   └── eslint/                  # ESLint plugin & configurations
+├── 📋 examples/                 # Configuration examples & workflows
+├── 🧪 test/                     # Test projects & fixtures
+├── 📦 release/                  # Release artifacts  
+├── 🎯 rules/                    # SunLint rule implementations
+└── 🛠️ scripts/                  # Build & deployment scripts
+```
+
+## 🎯 **Key Changes Made**
+
+### ✅ **Files Removed**
+- `CLI_STRUCTURE.md` - Temporary documentation (unnecessary)
+
+### ✅ **Structure Reorganized**  
+- **examples/** - Now pure configuration examples & CI/CD workflows
+- **test/** - All test projects consolidated here
+  - `sunlint-test-project/` - ESLint v9 integration test
+  - `conflict-test-project/` - ESLint v8 legacy test  
+  - `examples/integration-project/` - Integration example
+  - `fixtures/` - Unit test files
+- **project-test/** - Real projects (gitignored, separate from test suite)
+
+### ✅ **Documentation Updated**
+- **README.md** - Streamlined from 650 → 490 lines (25% reduction)
+- **CHANGELOG.md** - Security rules section condensed
+- **test/README.md** - Test project documentation
+- **examples/README.md** - Configuration examples guide
+
+## 🎉 **Benefits**
+
+1. **Clear Separation**: Examples vs Tests vs Real Projects
+2. **Reduced Duplication**: Single source of truth for each purpose
+3. **Better Documentation**: Focused README + detailed CHANGELOG
+4. **Cleaner Repository**: No redundant files, proper gitignore
+5. **Developer Friendly**: Clear structure for contributors
+
+## 🔍 **Quick Navigation**
+
+- **Getting Started**: `README.md` 
+- **Version History**: `CHANGELOG.md`
+- **Configuration Help**: `examples/`
+- **Testing**: `test/`
+- **Development**: `docs/ARCHITECTURE.md`
+
+---
+
+**Structure optimized for both users and contributors! 🚀**

package/README.md

@@ -7,10 +7,11 @@
 Sun Lint is a universal coding standards checker providing comprehensive code quality and security analysis. Built by Sun* Engineering Team with integrated security rules from OWASP and industry best practices.
 
 ### **✨ Key Features**
-- ✅ **93+ Coding Rules**: Quality, security, and best practices
-- ✅ **ESLint Integration**: Merge with existing ESLint configurations  
+- ✅ **97+ Coding Rules**: Quality (30), Security (47), TypeScript-specific
+- ✅ **AST-Enhanced Analysis**: Superior accuracy with Babel/ESLint parsers
+- ✅ **Multi-Engine Architecture**: Heuristic + ESLint + OpenAI integration  
 - ✅ **Git Integration**: `--changed-files`, `--staged-files`, `--pr-mode`
-- ✅ **TypeScript Support**: Native TypeScript analysis engine
+- ✅ **TypeScript Support**: Native TypeScript 5.8+ analysis
 - ✅ **CI/CD Ready**: Baseline comparison, fail-on-new-violations
 - ✅ **Advanced File Targeting**: Include/exclude patterns, language filtering
 
@@ -19,13 +20,18 @@ Sun Lint is a universal coding standards checker providing comprehensive code qu
 # Install globally
 npm install -g @sun-asterisk/sunlint
 
-# Basic usage
+# Basic usage (uses config file or default patterns)
+sunlint --all
+sunlint --rules=C019,C006
+
+# Explicit input specification  
 sunlint --all --input=src
 sunlint --rules=C019,C006 --input=src
 sunlint --quality --input=src
+sunlint --security --input=src
 
-# ESLint integration
-sunlint --all --eslint-integration --input=src
+# ESLint integration (multi-engine analysis)
+sunlint --rules=C010,C006 --eslint-integration --input=src
 
 # Git integration  
 sunlint --all --changed-files
@@ -57,14 +63,25 @@ npm install --save-dev @sun-asterisk/sunlint
 Seamlessly integrate with existing ESLint configurations:
 
 ```bash
-# Analyze with both SunLint + existing ESLint rules
+# Analyze with both SunLint + existing ESLint rules  
 sunlint --all --eslint-integration --input=src
+
+# Mix ESLint and heuristic engines based on rule compatibility
+sunlint --rules=C010,C006 --eslint-integration --input=src
 ```
 
-Benefits:
+**✅ Current Status:**
+- ✅ **Multi-engine orchestration**: Rules automatically routed to optimal engine
+- ✅ **ESLint v8/v9 compatibility**: Production-ready with both major versions  
+- ✅ **TypeScript support**: Full TS/TSX parsing with custom rule implementation
+- ✅ **Custom rule integration**: 27+ SunLint custom rules via ESLint engine  
+- ✅ **Smart fallback**: Automatic engine fallback for maximum rule coverage
+- ✅ **Production tested**: Successfully processes real projects with mixed violations
+
+**Benefits:**
 - ✅ **No workflow disruption**: Existing ESLint continues working
-- ✅ **Single command**: Execute 93 SunLint + your existing ESLint rules
-- ✅ **Combined reporting**: Unified violation tracking
+- ✅ **Engine flexibility**: Automatic best-engine selection per rule
+- ✅ **Combined reporting**: Unified violation tracking from multiple engines
 
 ## 🔀 **Git Integration**
 
@@ -107,69 +124,59 @@ sunlint --all --only-source --input=src
 
 ## 📋 **Available Rules**
 
-### **Quality Rules** ✨ (9 rules)
+### **Quality Rules** ✨ (30 rules)
 | Rule ID | Name | Status |
 |---------|------|--------|
-| **C005** | Single Responsibility | ✅ Stable |
-| **C006** | Function Naming | ✅ Stable |
-| **C007** | Comment Quality | ✅ Stable |
-| **C012** | Command Query Separation | ✅ Stable |
+| **C002** | No Duplicate Code | ✅ Stable |
+| **C003** | No Vague Abbreviations | ✅ Stable |
+| **C006** | Function Naming Convention | ✅ Stable |
+| **C010** | Limit Block Nesting | ✅ Stable |
+| **C013** | No Dead Code | ✅ Stable |
 | **C014** | Dependency Injection | ✅ Stable |
-| **C015** | Domain Language | ✅ Stable |
+| **C017** | Limit Constructor Logic | ✅ Stable |
+| **C018** | No Generic Throw | ✅ Stable |
 | **C019** | Log Level Usage | ✅ Stable |
+| **C023** | No Duplicate Variable Names | ✅ Stable |
+| **C029** | Catch Block Logging | ✅ Stable |
+| **C030** | Use Custom Error Classes | ✅ Stable |
 | **C031** | Validation Separation | ✅ Stable |
-| **C037** | API Response Format | ✅ Stable |
-
-### **Security Rules** 🔒 (43 rules)
+| **C041** | No Hardcoded Config | ✅ Stable |
+| **C042** | Boolean Name Prefix | ✅ Stable |
+| **C043** | No Console or Print | ✅ Stable |
+| **C047** | No Duplicate Retry Logic | ✅ Stable |
+| **C075** | Explicit Function Return Types | ✅ Stable |
+| **C076** | Single Test Behavior | ✅ Stable |
+| **T002-T021** | TypeScript-specific rules | ✅ Stable |
+
+### **Security Rules** 🔒 (47 rules)
 | Rule ID | Name | Status |
 |---------|------|--------|
 | **S001** | Fail Securely Access Control | ✅ Stable |
 | **S002** | Prevent IDOR Vulnerabilities | ✅ Stable |
+| **S003** | URL Redirect Validation | ✅ Stable |
 | **S005** | No Origin Header Authentication | ✅ Stable |
+| **S006** | Activation Recovery Not Plaintext | ✅ Stable |
 | **S007** | Secure OTP Storage | ✅ Stable |
 | **S008** | Crypto Agility | ✅ Stable |
+| **S009** | No Insecure Crypto | ✅ Stable |
+| **S010** | Secure Random Generation | ✅ Stable |
+| **S011** | Secure UUID Generation | ✅ Stable |
 | **S012** | No Hardcoded Secrets | ✅ Stable |
 | **S013** | Always Use TLS | ✅ Stable |
-| **S014-S058** | *...36 additional security rules* | ✅ Stable |
+| **S014** | Secure TLS Version | ✅ Stable |
+| **S015** | Valid TLS Certificate | ✅ Stable |
+| **S016-S058** | *...Additional security rules* | ✅ Stable |
 
 ## ⚙️ **Configuration**
 
 Create `.sunlint.json` in your project root:
 
-> **🚨 BREAKING CHANGE**: `ignorePatterns` has been deprecated. Please use `exclude` instead for better consistency.
-
-### **Basic Configuration**
+### **Quick Start Configuration**
 ```json
 {
   "extends": "@sun/sunlint/recommended",
-  "rules": {
-    "C019": "error",
-    "C006": "warn", 
-    "S005": "error"
-  }
-}
-```
-
-### **Advanced Configuration**
-```json
-{
-  "extends": "@sun/sunlint/recommended",
-  
-  "include": ["src/**", "lib/**"],
+  "input": ["src"],
   "exclude": ["**/*.test.*", "**/*.generated.*"],
-  
-  "languages": {
-    "typescript": {
-      "include": ["**/*.ts", "**/*.tsx"],
-      "exclude": ["**/*.d.ts"]
-    }
-  },
-
-  "testPatterns": {
-    "include": ["**/*.test.*", "**/*.spec.*"],
-    "rules": { "C006": "off" }
-  },
-
   "rules": {
     "C019": "error",
     "C006": "warn", 
@@ -178,13 +185,26 @@ Create `.sunlint.json` in your project root:
 }
 ```
 
-### **Preset Configurations**
+### **Available Presets**
 - `@sun/sunlint/recommended` - Balanced rules for all projects
-- `@sun/sunlint/security` - Security-focused rules only
+- `@sun/sunlint/security` - Security-focused rules only  
 - `@sun/sunlint/quality` - Quality-focused rules only
 - `@sun/sunlint/beginner` - Gentle introduction for new teams
 - `@sun/sunlint/ci` - Optimized for CI/CD environments
 
+### **Full Configuration Reference**
+📖 **[View Complete Configuration Guide](./docs/CONFIGURATION.md)**
+
+Complete reference with all available options:
+- File targeting (`include`, `exclude`, `languages`)
+- Rule configurations with detailed descriptions
+- Git integration settings (`changedFiles`, `baseline`)
+- ESLint integration options
+- Performance and caching settings
+- CI/CD optimizations
+
+> **🚨 MIGRATION NOTE**: `ignorePatterns` is deprecated. Use `exclude` instead. Run `npx sunlint migrate-config` to auto-migrate.
+
 ## 🎮 **Usage Examples**
 
 ### **Development**
@@ -213,6 +233,7 @@ sunlint --all --staged-files --format=summary
 
 ## 📚 **Documentation**
 
+- **[Configuration Guide](./docs/CONFIGURATION.md)** - Complete config options with examples
 - [ESLint Integration Guide](./docs/ESLINT_INTEGRATION.md)
 - [CI/CD Guide](./docs/CI-CD-GUIDE.md)
 - [Architecture](./docs/ARCHITECTURE.md)

package/cli.js

@@ -16,6 +16,7 @@ const program = createCliProgram();
 
 // Set up main action handler
 program.action(async (options) => {
+  // Always use modern architecture (legacy removed)
   const actionHandler = new CliActionHandler(options);
   await actionHandler.execute();
 });

package/config/README.md

@@ -0,0 +1,88 @@
+# SunLint Configuration Structure
+
+This folder contains all configuration files for SunLint, organized for clarity and maintainability.
+
+## 📁 Structure Overview
+
+```
+config/
+├── schemas/                    # JSON schemas for validation
+│   └── sunlint-schema.json    # Main SunLint config schema
+├── engines/                    # Analysis engine configurations
+│   ├── engines.json           # Available engines (ESLint, TypeScript, etc.)
+│   └── eslint-rule-mapping.json  # ESLint rule mappings
+├── presets/                    # Pre-defined rule configurations
+│   ├── beginner.json          # Beginner-friendly preset
+│   ├── ci.json                # CI/CD optimized preset
+│   ├── recommended.json       # Recommended preset
+│   └── strict.json            # Strict coding standards
+├── integrations/              # Integration-specific configs
+│   └── eslint/
+│       ├── base.config.js     # Base ESLint configuration
+│       ├── typescript.config.js  # TypeScript ESLint config
+│       └── simple.config.js   # Simplified ESLint config
+├── rules/                     # Rule definitions and registry
+│   └── rules-registry.json   # Master rule registry
+├── defaults/                  # Default configurations
+│   ├── default.json          # Default SunLint settings
+│   └── ai-rules-context.json # AI analysis context
+└── testing/                   # Test configurations and samples
+    └── test-s005-working.ts  # Test file for S005 rule
+```
+
+## 🎯 Key Improvements
+
+### ✅ Eliminated Duplicates
+- **Before**: ESLint configs in both `config/typescript/` and `integrations/eslint/`
+- **After**: All ESLint configs consolidated in `config/integrations/eslint/`
+
+### ✅ Logical Organization
+- **Schemas**: All JSON schemas in one place
+- **Engines**: Engine-specific configurations separated
+- **Presets**: User-facing preset configurations grouped
+- **Integrations**: Third-party integration configs organized by tool
+
+### ✅ Reduced Complexity
+- **Before**: 10+ files scattered in root config/
+- **After**: Organized into 6 logical categories
+
+## 📋 Usage
+
+### For ESLint Integration
+```bash
+# Use the consolidated TypeScript ESLint config
+npx eslint --config config/integrations/eslint/typescript.config.js src/
+
+# Use the base ESLint config
+npx eslint --config config/integrations/eslint/base.config.js src/
+```
+
+### For Rule Presets
+```json
+{
+  "extends": "config/presets/recommended.json"
+}
+```
+
+### For Schema Validation
+```json
+{
+  "$schema": "config/schemas/sunlint-schema.json"
+}
+```
+
+## 🔧 Migration Notes
+
+- **Old `config/typescript/`**: ❌ Removed (duplicated functionality)
+- **ESLint configs**: ✅ Moved to `config/integrations/eslint/`
+- **Default configs**: ✅ Moved to `config/defaults/`
+- **Engine configs**: ✅ Moved to `config/engines/`
+
+## 🚀 Next Steps
+
+1. Update documentation references to new paths
+2. Update CI/CD scripts to use new config locations
+3. Consider adding more integration-specific configs as needed
+
+---
+*Last updated: July 21, 2025 | SunLint Config Refactor*