@sun-asterisk/sunlint 1.2.1 → 1.2.2

package/config/rule-analysis-strategies.js

@@ -12,9 +12,9 @@ module.exports = {
       accuracy: { ast: 95, regex: 75 }
     },
     'C012': {
-      reason: 'Cyclomatic complexity needs control flow analysis',
+      reason: 'Command Query Separation requires function behavior analysis',
       methods: ['ast', 'regex'],
-      accuracy: { ast: 90, regex: 60 }
+      accuracy: { ast: 95, regex: 80 }
     },
     'C015': {
       reason: 'Function parameter counting benefits from AST',
@@ -25,6 +25,16 @@ module.exports = {
       reason: 'Constructor logic analysis needs AST context',
       methods: ['ast', 'regex'],
       accuracy: { ast: 90, regex: 70 }
+    },
+    'S015': {
+      reason: 'TLS certificate validation requires AST context analysis',
+      methods: ['ast', 'regex'],
+      accuracy: { ast: 95, regex: 80 }
+    },
+    'S023': {
+      reason: 'JSON injection detection requires AST context analysis',
+      methods: ['ast', 'regex'],
+      accuracy: { ast: 95, regex: 60 }
     }
   },
 
@@ -55,6 +65,12 @@ module.exports = {
       strategy: 'ast-primary-regex-fallback',
       accuracy: { ast: 90, regex: 75, combined: 95 }
     },
+    'C041': {
+      reason: 'Hardcoded secrets need AST literal analysis like ESLint',
+      methods: ['ast', 'regex'],
+      strategy: 'ast-primary-regex-fallback',
+      accuracy: { ast: 95, regex: 70, combined: 95 }
+    },
     'C047': {
       reason: 'Retry logic detection needs pattern + structure',
       methods: ['regex', 'ast'],

package/engines/eslint-engine.js

@@ -359,14 +359,10 @@ class ESLintEngine extends AnalysisEngineInterface {
         console.warn(`⚠️ [ESLintEngine] Skipped ${skippedRules.typescript.length} TypeScript ESLint rules - plugin not available`);
       }
       
-      // Merge with analysis config using filtered rules
+      // Use only SunLint analysis config (filteredRules) - do not merge with project rules
       const mergedConfig = {
-        ...baseConfig,
         ...eslintConfig,
-        rules: {
-          ...baseConfig.rules,
-          ...filteredRules
-        }
+        rules: filteredRules  // Only use SunLint specified rules
       };
       
       // Create temporary config file in project directory
@@ -384,10 +380,7 @@ class ESLintEngine extends AnalysisEngineInterface {
             }
           }
         },
-        rules: {
-          ...baseConfig.rules,
-          ...filteredRules
-        }
+        rules: filteredRules  // Only use SunLint specified rules
       };
       
       const configContent = `// Temporary flat config generated by SunLint
@@ -408,7 +401,7 @@ export default [
         }
       }
     },
-    rules: ${JSON.stringify({...baseConfig.rules, ...filteredRules}, null, 2)}
+    rules: ${JSON.stringify(filteredRules, null, 2)}
   }
 ];
 `;
@@ -1453,6 +1446,11 @@ export default [
       };
 
       for (const message of eslintResult.messages) {
+        // Only process custom/ rules (SunLint rules) - ignore project-specific rules and inline directives
+        if (!message.ruleId || !message.ruleId.startsWith('custom/')) {
+          continue;
+        }
+
         const violation = {
           ruleId: this.mapESLintRuleToSunLint(message.ruleId, originalRules),
           message: message.message,

package/engines/heuristic-engine.js

@@ -81,43 +81,67 @@ class HeuristicEngine extends AnalysisEngineInterface {
 
         for (const ruleFolder of ruleFolders) {
           const ruleId = this.extractRuleIdFromFolder(ruleFolder);
-          const analyzerPath = path.join(categoryPath, ruleFolder, 'analyzer.js');
           
-          if (fs.existsSync(analyzerPath)) {
+          // Priority 1: Check for AST analyzer (enhanced accuracy)
+          const astAnalyzerPath = path.join(categoryPath, ruleFolder, 'ast-analyzer.js');
+          const regexAnalyzerPath = path.join(categoryPath, ruleFolder, 'analyzer.js');
+          
+          let selectedAnalyzer = null;
+          let analyzerPath = null;
+          let analyzerType = 'regex';
+          
+          // Try AST analyzer first
+          if (fs.existsSync(astAnalyzerPath)) {
             try {
-              // Load analyzer dynamically - handle both class and instance exports
-              const analyzerModule = require(analyzerPath);
-              const analyzer = analyzerModule.default || analyzerModule;
-              
-              // Check if it's a class constructor, instance, or factory function
-              if (typeof analyzer === 'function') {
-                // It's a class constructor
-                this.ruleAnalyzers.set(ruleId, {
-                  path: analyzerPath,
-                  class: analyzer,
-                  folder: ruleFolder,
-                  category: categoryFolder,
-                  type: 'class'
-                });
-                this.supportedRulesList.push(ruleId);
-              } else if (analyzer && typeof analyzer === 'object' && analyzer.analyze) {
-                // It's an analyzer instance with analyze method
-                this.ruleAnalyzers.set(ruleId, {
-                  path: analyzerPath,
-                  instance: analyzer,
-                  folder: ruleFolder,
-                  category: categoryFolder,
-                  type: 'instance'
-                });
-                this.supportedRulesList.push(ruleId);
-              } else {
-                console.warn(`⚠️ Analyzer for ${ruleId} has unsupported format:`, typeof analyzer);
-              }
-              
+              const analyzerModule = require(astAnalyzerPath);
+              selectedAnalyzer = analyzerModule.default || analyzerModule;
+              analyzerPath = astAnalyzerPath;
+              analyzerType = 'ast';
+            } catch (error) {
+              console.debug(`AST analyzer for ${ruleId} failed to load, falling back to regex:`, error.message);
+            }
+          }
+          
+          // Fallback to regex analyzer
+          if (!selectedAnalyzer && fs.existsSync(regexAnalyzerPath)) {
+            try {
+              const analyzerModule = require(regexAnalyzerPath);
+              selectedAnalyzer = analyzerModule.default || analyzerModule;
+              analyzerPath = regexAnalyzerPath;
+              analyzerType = 'regex';
             } catch (error) {
               console.warn(`⚠️ Failed to load analyzer for ${ruleId}:`, error.message);
             }
           }
+          
+          if (selectedAnalyzer) {
+            // Check if it's a class constructor, instance, or factory function
+            if (typeof selectedAnalyzer === 'function') {
+              // It's a class constructor
+              this.ruleAnalyzers.set(ruleId, {
+                path: analyzerPath,
+                class: selectedAnalyzer,
+                folder: ruleFolder,
+                category: categoryFolder,
+                type: 'class',
+                analyzerType: analyzerType // 'ast' or 'regex'
+              });
+              this.supportedRulesList.push(ruleId);
+            } else if (selectedAnalyzer && typeof selectedAnalyzer === 'object' && selectedAnalyzer.analyze) {
+              // It's an analyzer instance with analyze method
+              this.ruleAnalyzers.set(ruleId, {
+                path: analyzerPath,
+                instance: selectedAnalyzer,
+                folder: ruleFolder,
+                category: categoryFolder,
+                type: 'instance',
+                analyzerType: analyzerType // 'ast' or 'regex'
+              });
+              this.supportedRulesList.push(ruleId);
+            } else {
+              console.warn(`⚠️ Analyzer for ${ruleId} has unsupported format:`, typeof selectedAnalyzer);
+            }
+          }
         }
       }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {
@@ -74,6 +74,7 @@
     "config/",
     "engines/",
     "integrations/",
+    "rules/",
     "scripts/",
     "docs/",
     ".sunlint.json",

package/rules/README.md

@@ -0,0 +1,252 @@
+# SunLint Heuristic Rules System
+
+Enhanced heuristic rules engine with organized rule categories and migration support.
+
+## 📁 Structure
+
+```
+rules/
+├── # SunLint Heuristic Rules Structure
+
+## 📁 Clean Rule Organization
+
+```
+rules/
+├── 📚 docs/                    # Rule documentation
+│   ├── C002_no_duplicate_code.md
+│   └── C031_validation_separation.md
+├── 🧪 tests/                   # Rule unit tests  
+│   └── C002_no_duplicate_code.test.js
+├── 🛠️ utils/                   # Shared utilities
+│   ├── ast-utils.js           # AST parsing helpers
+│   ├── pattern-matchers.js    # Pattern matching utilities
+│   └── rule-helpers.js        # Rule helper functions
+├── 🔹 common/                  # C-series rules (Common standards)
+│   ├── C002_no_duplicate_code/
+│   │   ├── analyzer.js        # 🔍 Core analysis logic
+│   │   └── config.json        # ⚙️ Rule configuration
+│   ├── C006_function_naming/
+│   ├── C019_log_level_usage/
+│   ├── C029_catch_block_logging/
+│   └── C031_validation_separation/
+├── 🔒 security/               # S-series rules (Security standards)
+└── 📘 typescript/             # T-series rules (TypeScript specific)
+```
+
+## ✅ Key Improvements
+
+### **1. Clean Rule Folders**
+- **Before**: `README.md`, `test.js`, `analyzer.js`, `config.json` mixed together
+- **After**: Only **core files** in rule folders (`analyzer.js`, `config.json`)
+
+### **2. Centralized Documentation**
+- **Before**: README scattered in each rule folder
+- **After**: All docs in `rules/docs/[RuleId].md`
+
+### **3. Centralized Testing**  
+- **Before**: `test.js` in each rule folder
+- **After**: All tests in `rules/tests/[RuleId].test.js`
+
+### **4. Correct Categorization**
+- **Before**: ❌ `rules/coding/` (incorrect - C ≠ Coding)
+- **After**: ✅ `rules/common/` (correct - C = Common)
+
+## 🔍 Rule Analyzer Structure
+
+Each rule analyzer follows a clean structure:
+
+```javascript
+// rules/common/C019_log_level_usage/analyzer.js
+class C019Analyzer {
+  constructor() {
+    this.ruleId = 'C019';
+    this.ruleName = 'Log Level Usage';
+    // ...
+  }
+
+  async analyze(files, language, config) {
+    // Core analysis logic only
+  }
+}
+```
+
+```json
+// rules/common/C019_log_level_usage/config.json
+{
+  "ruleId": "C019",
+  "name": "Log Level Usage",
+  "description": "Don't use error level for non-critical issues",
+  "severity": "warning",
+  "languages": ["typescript", "javascript", "dart"]
+}
+```
+
+## 🚀 Benefits
+
+1. **Clean Separation**: Core logic separated from docs/tests
+2. **Easy Maintenance**: Find docs/tests in centralized locations
+3. **Correct Semantics**: C = Common (not Coding)
+4. **Scalable**: Easy to add new rules/categories
+5. **Engine Compatible**: Heuristic engine auto-discovers all rules
+
+## 📊 Migration Summary
+
+| **Aspect** | **Before** | **After** |
+|------------|------------|-----------|
+| **Rule Folders** | Mixed content | Core only (`analyzer.js`, `config.json`) |
+| **Documentation** | Scattered | Centralized in `docs/` |
+| **Tests** | Scattered | Centralized in `tests/` |
+| **Categories** | ❌ `coding/` | ✅ `common/` |
+| **Structure** | Flat | Nested by category |
+| **Discoverable Rules** | 0 (broken) | 5 (working) |
+
+---
+*Rules structure cleaned and optimized for maintainability! 🎉*
+├── index.js                     # Rule registry and loader
+├── common/                      # 🛠️ Shared utilities
+│   ├── ast-utils.js            # AST parsing utilities
+│   ├── pattern-matchers.js     # Common pattern matching
+│   └── rule-helpers.js         # Rule development helpers
+├── coding/                      # 🔹 C-series: Coding standards (4 → expanding)
+│   ├── C006_function_naming/   # Function naming conventions
+│   ├── C019_log_level_usage/   # Log level usage patterns
+│   ├── C029_catch_block_logging/ # Exception logging standards
+│   └── C031_validation_separation/ # Input validation separation
+├── security/                    # 🔒 S-series: Security rules (0 → 49 planned)
+│   └── (ready for migration from ESLint)
+├── typescript/                  # 📘 T-series: TypeScript rules (0 → 10 planned)
+│   └── (ready for migration from ESLint)
+└── migration/                   # 🔄 ESLint → Heuristic migration
+    ├── mapping.json            # Rule mapping configuration
+    ├── converter.js            # Auto-migration tool
+    └── compatibility.js        # Compatibility layer
+```
+
+## 🎯 Current Status
+
+### ✅ **Active Heuristic Rules (4)**
+| Rule ID | Name | Type | Status |
+|---------|------|------|--------|
+| **C006** | Function Naming | Coding | ✅ Production |
+| **C019** | Log Level Usage | Coding | ✅ Production |
+| **C029** | Catch Block Logging | Coding | ✅ Production |  
+| **C031** | Validation Separation | Coding | ✅ Production |
+
+### 🚀 **Migration Pipeline (77 rules)**
+| Category | ESLint Rules | Heuristic Target | Status |
+|----------|--------------|------------------|--------|
+| **Coding** | 22 rules | rules/coding/ | 🔄 Ready for migration |
+| **Security** | 49 rules | rules/security/ | 🔄 Ready for migration |
+| **TypeScript** | 10 rules | rules/typescript/ | 🔄 Ready for migration |
+
+## 🛠️ Rule Development
+
+### **Heuristic Rule Structure**
+Each rule follows this standard structure:
+```
+rules/{category}/{RULE_ID}/
+├── analyzer.js          # Core heuristic logic
+├── config.json         # Rule configuration
+├── test.js            # Rule-specific tests  
+└── README.md          # Rule documentation
+```
+
+### **Rule Development Helpers**
+Use shared utilities in `rules/common/`:
+- `ast-utils.js` - AST traversal and analysis
+- `pattern-matchers.js` - Common code pattern detection
+- `rule-helpers.js` - Rule configuration and reporting
+
+### **Example: Adding New Rule**
+```bash
+# Create new coding rule
+mkdir rules/coding/C045_new_rule/
+cd rules/coding/C045_new_rule/
+
+# Create rule files
+touch analyzer.js config.json test.js README.md
+```
+
+## 🔄 Migration Process
+
+### **ESLint → Heuristic Migration**
+
+1. **Mapping**: Define rule equivalencies in `migration/mapping.json`
+```json
+{
+  "eslint": "c006-function-name-verb-noun",  
+  "heuristic": "C006_function_naming",
+  "compatibility": "partial",
+  "migration_priority": "high"
+}
+```
+
+2. **Conversion**: Use `migration/converter.js` for automated migration
+```bash
+node rules/migration/converter.js --rule=C006 --target=heuristic
+```
+
+3. **Testing**: Validate against existing ESLint rule behavior
+```bash
+node rules/migration/compatibility.js --test=C006
+```
+
+## 🚀 Future Expansion
+
+### **Phase 2A: Security Rules Migration**
+Target: Migrate 49 security rules to heuristic engine
+- Priority: S001, S003, S012 (critical security)
+- Timeline: After ESLint deprecation decision
+
+### **Phase 2B: TypeScript Rules Migration**  
+Target: Migrate 10 TypeScript rules to heuristic engine
+- Priority: T002, T003, T004 (interface standards)
+- Timeline: Post security migration
+
+### **Phase 3: Advanced Heuristics**
+- Multi-file analysis capabilities
+- Cross-language rule support
+- AI-assisted pattern detection
+
+## 📊 Engine Comparison
+
+| Feature | ESLint Engine | Heuristic Engine | Status |
+|---------|---------------|------------------|--------|
+| **Rules Count** | 81 rules | 4 → 81 rules | 🔄 Migration |
+| **Performance** | AST heavy | Pattern optimized | 🚀 Faster |
+| **Languages** | JS/TS only | Multi-language | 🌟 Flexible |
+| **Customization** | Limited | Full control | ✅ Better |
+| **Maintenance** | ESLint dependent | Self-contained | 🛡️ Stable |
+
+## 🎯 Integration
+
+### **Engine Loading**
+The heuristic engine automatically loads rules from this structure:
+```javascript
+// core/analysis-orchestrator.js
+const heuristicRules = require('../rules/index.js');
+```
+
+### **Rule Registry**
+All rules are registered in `rules/index.js`:
+```javascript
+module.exports = {
+  coding: {
+    C006: require('./coding/C006_function_naming/analyzer.js'),
+    C019: require('./coding/C019_log_level_usage/analyzer.js'),
+    // ...
+  },
+  security: {
+    // Ready for S-series rules
+  },
+  typescript: {
+    // Ready for T-series rules  
+  }
+};
+```
+
+---
+
+**🏗️ Architecture**: Scalable, organized, migration-ready  
+**🎯 Goal**: 81 heuristic rules (ESLint independence)  
+**🚀 Status**: 4 active, 77 ready for migration

package/rules/common/C002_no_duplicate_code/analyzer.js

@@ -0,0 +1,65 @@
+/**
+ * C002_no_duplicate_code - Heuristic Rule Analyzer
+ * Category: coding
+ * 
+ * TODO: Migrate logic from ESLint rule
+ * ESLint rule: integrations/eslint/plugin/rules/coding/c002-no_duplicate_code.js
+ */
+
+const ts = require('typescript');
+const { PatternMatcher } = require('../../utils/pattern-matchers');
+const { RuleHelper } = require('../../utils/rule-helpers');
+
+class C002_no_duplicate_codeAnalyzer {
+    constructor(config = {}) {
+        this.config = config;
+        this.patternMatcher = new PatternMatcher();
+        this.helper = new RuleHelper();
+    }
+
+    /**
+     * Analyze code content for rule violations
+     * @param {string} content - File content
+     * @param {string} filePath - File path
+     * @param {Object} context - Analysis context
+     * @returns {Array} Array of violations
+     */
+    analyze(content, filePath, context = {}) {
+        const violations = [];
+
+        // TODO: Implement heuristic analysis logic
+        // This should replicate the ESLint rule behavior using pattern matching
+        
+        try {
+            // Example pattern-based analysis
+            // const patterns = this.getViolationPatterns();
+            // const matches = this.patternMatcher.findMatches(content, patterns);
+            // 
+            // matches.forEach(match => {
+            //     violations.push(this.helper.createViolation({
+            //         ruleId: 'C002_no_duplicate_code',
+            //         message: 'Rule violation detected',
+            //         line: match.line,
+            //         column: match.column,
+            //         severity: 'error'
+            //     }));
+            // });
+
+        } catch (error) {
+            console.warn(`Error analyzing ${filePath} with C002_no_duplicate_code:`, error.message);
+        }
+
+        return violations;
+    }
+
+    /**
+     * Get violation patterns for this rule
+     * @returns {Array} Array of patterns to match
+     */
+    getViolationPatterns() {
+        // TODO: Define patterns based on ESLint rule logic
+        return [];
+    }
+}
+
+module.exports = C002_no_duplicate_codeAnalyzer;

package/rules/common/C002_no_duplicate_code/config.json

@@ -0,0 +1,23 @@
+{
+  "id": "C002_no_duplicate_code",
+  "name": "C002_no_duplicate_code",
+  "category": "coding",
+  "description": "C002_no_duplicate_code heuristic rule - migrated from ESLint",
+  "severity": "error",
+  "enabled": true,
+  "migration": {
+    "from_eslint": "c002-no-duplicate-code",
+    "compatibility": "partial",
+    "status": "pending"
+  },
+  "patterns": {
+    "include": [
+      "**/*.js",
+      "**/*.ts"
+    ],
+    "exclude": [
+      "**/*.test.*",
+      "**/*.spec.*"
+    ]
+  }
+}