@sun-asterisk/sunlint 1.0.7 → 1.1.3

package/scripts/test-scripts/test-rules-on-real-projects.js

@@ -0,0 +1,86 @@
+const HeuristicEngine = require('./engines/heuristic-engine.js');
+
+async function testRuleOnRealProjects(ruleId, ruleName) {
+  console.log(`\n🔍 Testing ${ruleId} - ${ruleName}`);
+  console.log('=' .repeat(50));
+  
+  const engine = new HeuristicEngine();
+  await engine.initialize({ verbose: false });
+  
+  // Test files from both BE and FE projects
+  const testFiles = [
+    // Backend files
+    'examples/project-samples/replace-be/lambda/refpl-dev-cognito-custom-message-lambda/app.ts',
+    'examples/project-samples/replace-be/lambda/refpl-dev-cognito-custom-message-lambda/common/utils.ts',
+    'examples/project-samples/replace-be/lambda/refpl-dev-cognito-custom-message-lambda/common/mailTemplates.ts',
+    
+    // Frontend files  
+    'examples/project-samples/replace-fe/.storybook/preview.tsx',
+    'examples/project-samples/replace-fe/s055-simple.ts'
+  ];
+  
+  let totalViolations = 0;
+  
+  for (const file of testFiles) {
+    try {
+      const result = await engine.analyze([file], [{ id: ruleId }], { verbose: false });
+      const violations = result.results[0]?.violations || [];
+      
+      if (violations.length > 0) {
+        console.log(`\n📁 ${file}:`);
+        console.log(`   ${violations.length} violation(s) found`);
+        violations.forEach(v => {
+          console.log(`   ⚠️  Line ${v.line}: ${v.message}`);
+          if (v.code) console.log(`       Code: ${v.code.trim()}`);
+        });
+      } else {
+        console.log(`✅ ${file}: No violations`);
+      }
+      
+      totalViolations += violations.length;
+    } catch (error) {
+      console.log(`❌ ${file}: Error - ${error.message}`);
+    }
+  }
+  
+  console.log(`\n📊 Total violations for ${ruleId}: ${totalViolations}`);
+  return totalViolations;
+}
+
+async function main() {
+  console.log('🚀 Testing recently improved rules on real projects\n');
+  
+  const rulesToTest = [
+    { id: 'S027', name: 'No Hardcoded Secrets' },
+    { id: 'S026', name: 'JSON Schema Validation' },
+    { id: 'C047', name: 'No Duplicate Retry Logic' },
+    { id: 'C013', name: 'No Dead Code' },
+    { id: 'C042', name: 'Boolean Name Prefix' }
+  ];
+  
+  const results = {};
+  
+  for (const rule of rulesToTest) {
+    try {
+      const violations = await testRuleOnRealProjects(rule.id, rule.name);
+      results[rule.id] = violations;
+    } catch (error) {
+      console.log(`❌ Failed to test ${rule.id}: ${error.message}`);
+      results[rule.id] = 'ERROR';
+    }
+  }
+  
+  console.log('\n🎯 SUMMARY');
+  console.log('=' .repeat(50));
+  Object.entries(results).forEach(([ruleId, violations]) => {
+    if (violations === 'ERROR') {
+      console.log(`❌ ${ruleId}: Test failed`);
+    } else if (violations === 0) {
+      console.log(`✅ ${ruleId}: No violations (Good!)`);;
+    } else {
+      console.log(`⚠️  ${ruleId}: ${violations} violations (Review needed)`);
+    }
+  });
+}
+
+main().catch(console.error);

package/scripts/trigger-release.sh

@@ -0,0 +1,285 @@
+#!/bin/bash
+
+# SunLint v1.0.5 Release Trigger Script
+# This script helps trigger and monitor the GitHub Actions release workflow
+
+set -e
+
+echo "🚀 =========================================="
+echo "☀️  SunLint v1.0.5 Release Trigger"
+echo "🚀 =========================================="
+echo ""
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Configuration
+REPO="sun-asterisk/engineer-excellence"
+WORKFLOW_FILE="release-sunlint.yml"
+VERSION="1.0.5"
+RELEASE_TYPE="both"  # both, github-package, global-tarball
+
+# Check if GitHub CLI is installed
+if ! command -v gh &> /dev/null; then
+    echo -e "${RED}❌ GitHub CLI (gh) is required but not installed.${NC}"
+    echo "Install it from: https://cli.github.com/"
+    echo ""
+    echo "macOS: brew install gh"
+    echo "Ubuntu: sudo apt install gh"
+    exit 1
+fi
+
+# Check if user is authenticated
+if ! gh auth status &> /dev/null; then
+    echo -e "${RED}❌ Not authenticated with GitHub CLI.${NC}"
+    echo "Please run: gh auth login"
+    exit 1
+fi
+
+echo -e "${GREEN}✅ GitHub CLI authenticated${NC}"
+echo ""
+
+# Function to run pre-release tests
+run_pre_release_tests() {
+    echo -e "${BLUE}🧪 Running pre-release tests...${NC}"
+    
+    if [ -f "scripts/pre-release-test.sh" ]; then
+        ./scripts/pre-release-test.sh
+        if [ $? -eq 0 ]; then
+            echo -e "${GREEN}✅ Pre-release tests passed!${NC}"
+            echo ""
+            return 0
+        else
+            echo -e "${RED}❌ Pre-release tests failed!${NC}"
+            echo ""
+            return 1
+        fi
+    else
+        echo -e "${YELLOW}⚠️  Pre-release test script not found, skipping...${NC}"
+        echo ""
+        return 0
+    fi
+}
+
+# Function to trigger GitHub Actions workflow
+trigger_release_workflow() {
+    echo -e "${BLUE}🚀 Triggering GitHub Actions release workflow...${NC}"
+    echo ""
+    echo "Parameters:"
+    echo "  Repository: $REPO"
+    echo "  Workflow: $WORKFLOW_FILE"
+    echo "  Version: $VERSION"
+    echo "  Release Type: $RELEASE_TYPE"
+    echo ""
+    
+    # Trigger the workflow
+    if gh workflow run "$WORKFLOW_FILE" \
+        --repo "$REPO" \
+        --field version="$VERSION" \
+        --field release_type="$RELEASE_TYPE"; then
+        
+        echo -e "${GREEN}✅ Workflow triggered successfully!${NC}"
+        echo ""
+        
+        # Wait a moment for the workflow to start
+        echo "⏳ Waiting for workflow to start..."
+        sleep 5
+        
+        # Get the latest workflow run
+        echo -e "${BLUE}📋 Latest workflow runs:${NC}"
+        gh run list --repo "$REPO" --workflow="$WORKFLOW_FILE" --limit=3
+        
+        echo ""
+        echo -e "${BLUE}🔗 Workflow monitoring links:${NC}"
+        echo "• Actions: https://github.com/$REPO/actions/workflows/release-sunlint.yml"
+        echo "• Releases: https://github.com/$REPO/releases"
+        echo "• Packages: https://github.com/$REPO/packages"
+        
+        return 0
+    else
+        echo -e "${RED}❌ Failed to trigger workflow!${NC}"
+        return 1
+    fi
+}
+
+# Function to monitor workflow progress
+monitor_workflow() {
+    echo ""
+    echo -e "${BLUE}👀 Monitoring workflow progress...${NC}"
+    
+    # Get the latest run ID
+    RUN_ID=$(gh run list --repo "$REPO" --workflow="$WORKFLOW_FILE" --limit=1 --json databaseId --jq '.[0].databaseId')
+    
+    if [ -n "$RUN_ID" ]; then
+        echo "Workflow Run ID: $RUN_ID"
+        echo ""
+        
+        # Watch the workflow
+        echo "📺 Watching workflow (Ctrl+C to stop monitoring)..."
+        gh run watch "$RUN_ID" --repo "$REPO" --exit-status
+        
+        # Check final status
+        STATUS=$(gh run view "$RUN_ID" --repo "$REPO" --json conclusion --jq '.conclusion')
+        
+        if [ "$STATUS" = "success" ]; then
+            echo -e "${GREEN}🎉 Release workflow completed successfully!${NC}"
+            show_release_summary
+        else
+            echo -e "${RED}💥 Release workflow failed with status: $STATUS${NC}"
+            echo ""
+            echo "🔍 Check logs: gh run view $RUN_ID --repo $REPO --log"
+        fi
+    else
+        echo -e "${YELLOW}⚠️  Could not find workflow run to monitor${NC}"
+    fi
+}
+
+# Function to show release summary
+show_release_summary() {
+    echo ""
+    echo "🎊 =========================================="
+    echo "🎉 SunLint v$VERSION Released Successfully!"
+    echo "🎊 =========================================="
+    echo ""
+    
+    echo -e "${GREEN}📦 Installation Methods:${NC}"
+    echo ""
+    echo "1. GitHub Package Registry:"
+    echo "   npm install -g @sun-asterisk/sunlint"
+    echo ""
+    echo "2. Direct GitHub Release:"
+    echo "   npm install -g https://github.com/$REPO/releases/download/sunlint-v$VERSION/sunlint-$VERSION.tgz"
+    echo ""
+    
+    echo -e "${BLUE}🔗 Release Links:${NC}"
+    echo "• Release Page: https://github.com/$REPO/releases/tag/sunlint-v$VERSION"
+    echo "• GitHub Package: https://github.com/$REPO/packages"
+    echo "• Documentation: https://github.com/$REPO/tree/main/coding-quality/extensions/sunlint"
+    echo ""
+    
+    echo -e "${YELLOW}🧪 Test Installation:${NC}"
+    echo "npm install -g @sun-asterisk/sunlint && sunlint --version"
+    echo ""
+    
+    echo -e "${GREEN}✨ Next Steps:${NC}"
+    echo "1. Test installation from both sources"
+    echo "2. Update internal documentation"
+    echo "3. Announce to development teams"
+    echo "4. Monitor adoption metrics"
+}
+
+# Main execution flow
+main() {
+    echo -e "${YELLOW}🔍 Pre-flight checks...${NC}"
+    echo ""
+    
+    # Check if we're in the right directory
+    if [ ! -f "cli.js" ] || [ ! -f "package.json" ]; then
+        echo -e "${RED}❌ Not in SunLint directory!${NC}"
+        echo "Please run this script from: coding-quality/extensions/sunlint/"
+        exit 1
+    fi
+    
+    # Check current version in package.json
+    CURRENT_VERSION=$(node -e "console.log(require('./package.json').version)")
+    echo "Current package.json version: $CURRENT_VERSION"
+    
+    if [ "$CURRENT_VERSION" != "$VERSION" ]; then
+        echo -e "${YELLOW}⚠️  Version mismatch! Updating package.json...${NC}"
+        npm version "$VERSION" --no-git-tag-version
+        echo -e "${GREEN}✅ Version updated to $VERSION${NC}"
+    fi
+    echo ""
+    
+    # Run pre-release tests
+    if ! run_pre_release_tests; then
+        echo -e "${RED}💥 Pre-release tests failed! Aborting release.${NC}"
+        exit 1
+    fi
+    
+    # Confirm release
+    echo -e "${YELLOW}⚠️  About to trigger release workflow for SunLint v$VERSION${NC}"
+    echo "This will:"
+    echo "• Run tests"
+    echo "• Build package"
+    echo "• Publish to GitHub Package Registry"
+    echo "• Create GitHub Release with tarball"
+    echo ""
+    
+    read -p "🚀 Proceed with release? (y/N): " -n 1 -r
+    echo ""
+    
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        # Trigger the workflow
+        if trigger_release_workflow; then
+            # Ask if user wants to monitor
+            echo ""
+            read -p "👀 Monitor workflow progress? (Y/n): " -n 1 -r
+            echo ""
+            
+            if [[ ! $REPLY =~ ^[Nn]$ ]]; then
+                monitor_workflow
+            else
+                echo -e "${BLUE}🔗 Monitor manually at:${NC}"
+                echo "https://github.com/$REPO/actions/workflows/release-sunlint.yml"
+            fi
+        else
+            echo -e "${RED}💥 Failed to trigger release!${NC}"
+            exit 1
+        fi
+    else
+        echo -e "${YELLOW}🛑 Release cancelled by user${NC}"
+        exit 0
+    fi
+}
+
+# Parse command line arguments
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --version)
+            VERSION="$2"
+            shift 2
+            ;;
+        --type)
+            RELEASE_TYPE="$2"
+            shift 2
+            ;;
+        --skip-tests)
+            SKIP_TESTS=true
+            shift
+            ;;
+        --monitor-only)
+            monitor_workflow
+            exit 0
+            ;;
+        --help)
+            echo "Usage: $0 [options]"
+            echo ""
+            echo "Options:"
+            echo "  --version VERSION    Release version (default: $VERSION)"
+            echo "  --type TYPE          Release type: both|github-package|global-tarball (default: $RELEASE_TYPE)"
+            echo "  --skip-tests         Skip pre-release tests"
+            echo "  --monitor-only       Only monitor existing workflow"
+            echo "  --help               Show this help"
+            echo ""
+            echo "Examples:"
+            echo "  $0                                    # Release v1.0.5 with all checks"
+            echo "  $0 --version 1.0.6                   # Release specific version"
+            echo "  $0 --type github-package              # Only GitHub Package Registry"
+            echo "  $0 --monitor-only                     # Monitor existing workflow"
+            exit 0
+            ;;
+        *)
+            echo "Unknown option: $1"
+            echo "Use --help for usage information"
+            exit 1
+            ;;
+    esac
+done
+
+# Run main function
+main

package/scripts/validate-rule-structure.js

@@ -0,0 +1,148 @@
+#!/usr/bin/env node
+
+/**
+ * Validation script to ensure all rule test fixtures follow standardized structure
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const RULES_DIR = 'examples/rule-test-fixtures/rules';
+
+function validateRuleStructure() {
+    console.log('🔍 Validating Rule Test Fixtures Structure\n');
+    
+    const rulesPath = path.resolve(__dirname, '..', RULES_DIR);
+    const ruleDirs = fs.readdirSync(rulesPath, { withFileTypes: true })
+        .filter(dirent => dirent.isDirectory())
+        .map(dirent => dirent.name)
+        .filter(name => !name.startsWith('.') && name !== 'README.md');
+
+    let allValid = true;
+    const results = [];
+
+    for (const ruleDir of ruleDirs) {
+        const rulePath = path.join(rulesPath, ruleDir);
+        const result = {
+            rule: ruleDir,
+            hasClean: false,
+            hasViolations: false,
+            cleanFiles: [],
+            violationFiles: [],
+            issues: []
+        };
+
+        // Check for clean directory
+        const cleanPath = path.join(rulePath, 'clean');
+        if (fs.existsSync(cleanPath)) {
+            result.hasClean = true;
+            result.cleanFiles = fs.readdirSync(cleanPath).filter(f => !f.startsWith('.'));
+        } else {
+            result.issues.push('Missing clean/ directory');
+            allValid = false;
+        }
+
+        // Check for violations directory  
+        const violationsPath = path.join(rulePath, 'violations');
+        if (fs.existsSync(violationsPath)) {
+            result.hasViolations = true;
+            result.violationFiles = fs.readdirSync(violationsPath).filter(f => !f.startsWith('.'));
+        } else {
+            result.issues.push('Missing violations/ directory');
+            allValid = false;
+        }
+
+        // Check for loose files (should be moved to clean/violations)
+        const allFiles = fs.readdirSync(rulePath, { withFileTypes: true });
+        const looseFiles = allFiles
+            .filter(dirent => dirent.isFile() && !dirent.name.startsWith('.') && dirent.name !== 'README.md')
+            .map(dirent => dirent.name);
+        
+        if (looseFiles.length > 0) {
+            result.issues.push(`Loose files found: ${looseFiles.join(', ')}`);
+            allValid = false;
+        }
+
+        results.push(result);
+    }
+
+    // Display results
+    console.log(`📊 Validation Results for ${results.length} rules:\n`);
+    
+    for (const result of results) {
+        const status = result.issues.length === 0 ? '✅' : '❌';
+        console.log(`${status} ${result.rule}`);
+        
+        if (result.hasClean) {
+            console.log(`   ✅ clean/ (${result.cleanFiles.length} files)`);
+        } else {
+            console.log(`   ❌ clean/ directory missing`);
+        }
+        
+        if (result.hasViolations) {
+            console.log(`   ✅ violations/ (${result.violationFiles.length} files)`);
+        } else {
+            console.log(`   ❌ violations/ directory missing`);
+        }
+
+        if (result.issues.length > 0) {
+            result.issues.forEach(issue => console.log(`   ⚠️  ${issue}`));
+        }
+        
+        console.log('');
+    }
+
+    // Summary
+    const validRules = results.filter(r => r.issues.length === 0).length;
+    const invalidRules = results.length - validRules;
+
+    console.log('📈 Summary:');
+    console.log(`   ✅ Valid rules: ${validRules}`);
+    console.log(`   ❌ Invalid rules: ${invalidRules}`);
+    console.log(`   📁 Total rules: ${results.length}`);
+
+    if (allValid) {
+        console.log('\n🎉 All rules follow standardized structure!');
+    } else {
+        console.log('\n⚠️  Some rules need structure fixes.');
+    }
+
+    return allValid;
+}
+
+// Create missing clean folders for empty rules
+function createMissingFolders() {
+    console.log('\n🛠️  Creating missing folders...\n');
+    
+    const rulesPath = path.resolve(__dirname, '..', RULES_DIR);
+    const ruleDirs = fs.readdirSync(rulesPath, { withFileTypes: true })
+        .filter(dirent => dirent.isDirectory())
+        .map(dirent => dirent.name)
+        .filter(name => !name.startsWith('.') && name !== 'README.md');
+
+    for (const ruleDir of ruleDirs) {
+        const rulePath = path.join(rulesPath, ruleDir);
+        
+        // Create clean folder if missing
+        const cleanPath = path.join(rulePath, 'clean');
+        if (!fs.existsSync(cleanPath)) {
+            fs.mkdirSync(cleanPath, { recursive: true });
+            console.log(`✅ Created: ${ruleDir}/clean/`);
+        }
+        
+        // Create violations folder if missing
+        const violationsPath = path.join(rulePath, 'violations');
+        if (!fs.existsSync(violationsPath)) {
+            fs.mkdirSync(violationsPath, { recursive: true });
+            console.log(`✅ Created: ${ruleDir}/violations/`);
+        }
+    }
+}
+
+if (require.main === module) {
+    createMissingFolders();
+    const isValid = validateRuleStructure();
+    process.exit(isValid ? 0 : 1);
+}
+
+module.exports = { validateRuleStructure, createMissingFolders };

package/scripts/verify-install.sh

@@ -0,0 +1,82 @@
+#!/bin/bash
+
+# SunLint v1.0.4 Quick Verification Script
+# Following Rule C005: Single responsibility - verify installation only
+
+echo "🧪 SunLint v1.0.4 Quick Verification"
+echo "=================================="
+
+# Check if sunlint is installed
+if ! command -v sunlint &> /dev/null; then
+    echo "❌ SunLint not found in PATH"
+    echo "💡 Install with: npm install -g ./sun-sunlint-1.0.4.tgz"
+    exit 1
+fi
+
+# Check version
+echo "📋 Checking version..."
+VERSION=$(sunlint --version 2>/dev/null | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+' || echo "unknown")
+if [ "$VERSION" = "1.0.4" ]; then
+    echo "✅ Version: $VERSION"
+else
+    echo "❌ Expected version 1.0.4, got: $VERSION"
+    exit 1
+fi
+
+# Create test file
+echo "📁 Creating test file..."
+TEST_FILE="/tmp/sunlint-test-security.ts"
+cat > "$TEST_FILE" << 'EOF'
+function doAdminTask() {}
+function isAuthenticated(req: any): boolean { return true; }
+
+function doPost(request: any, response: any) {
+  const origin = request.getHeader("Origin");
+  if (origin === "https://admin.example.com") {
+    doAdminTask();
+  }
+}
+EOF
+
+# Test security rules
+echo "🔒 Testing security rules..."
+SECURITY_OUTPUT=$(sunlint --security --typescript --input="$TEST_FILE" 2>&1)
+if echo "$SECURITY_OUTPUT" | grep -q "S005"; then
+    echo "✅ Security rules working (S005 detected)"
+else
+    echo "❌ Security rules not working"
+    echo "Output: $SECURITY_OUTPUT"
+    rm -f "$TEST_FILE"
+    exit 1
+fi
+
+# Test quality rules  
+echo "✨ Testing quality rules..."
+QUALITY_OUTPUT=$(sunlint --quality --typescript --input="$TEST_FILE" 2>&1)
+if echo "$QUALITY_OUTPUT" | grep -q "No violations found"; then
+    echo "✅ Quality rules working"
+else
+    echo "⚠️  Quality rules output: $QUALITY_OUTPUT"
+fi
+
+# Test all rules
+echo "🎯 Testing all rules..."
+ALL_OUTPUT=$(sunlint --all --typescript --input="$TEST_FILE" 2>&1)
+if echo "$ALL_OUTPUT" | grep -q "44 rules"; then
+    echo "✅ All rules loaded (44 total)"
+else
+    echo "⚠️  All rules output: $ALL_OUTPUT"
+fi
+
+# Cleanup
+rm -f "$TEST_FILE"
+
+echo ""
+echo "🎉 SunLint v1.0.4 verification completed!"
+echo ""
+echo "📖 Usage examples:"
+echo "   sunlint --security --typescript --input=src/"
+echo "   sunlint --quality --typescript --input=src/"  
+echo "   sunlint --all --typescript --input=src/"
+echo ""
+echo "✅ Ready to secure your codebase!"