@sun-asterisk/sunlint 1.2.2 → 1.3.1

package/integrations/eslint/plugin/index.js

@@ -22,7 +22,6 @@ const c043 = require("./rules/common/c043-no-console-or-print.js");
 const c047 = require("./rules/common/c047-no-duplicate-retry-logic.js");
 const c072 = require("./rules/common/c072-one-assert-per-test.js");
 const c075 = require("./rules/common/c075-explicit-function-return-types.js");
-const c076 = require("./rules/common/c076-single-behavior-per-test.js");
 
 // 📘 TypeScript Rules (T-series)
 const t002 = require("./rules/typescript/t002-interface-prefix-i.js");
@@ -85,33 +84,32 @@ const s058 = require("./rules/security/s058-no-ssrf.js");
 
 module.exports = {
   rules: {
-    "c002": c002,
-    "c003": c003,
-    "c006": c006,
-    "c010": c010,
-    "c013": c013,
-    "c014": c014,
-    "c017": c017,
-    "c018": c018,
-    "c030": c030,
-    "c035": c035,
-    "c023": c023,
-    "c029": c029,
-    "c041": c041,
-    "c042": c042,
-    "c043": c043,
-    "c047": c047,
-    "c072": c072,
-    "c075": c075,
-    "c076": c076,
-    "t002": t002,
-    "t003": t003,
-    "t004": t004,
-    "t007": t007,
-    "t010": t010,
-    "t019": t019,
-    "t020": t020,
-    "t021": t021,
+    "c002-no-duplicate-code": c002,
+    "c003-no-vague-abbreviations": c003,
+    "c006-function-name-verb-noun": c006,
+    "c010-limit-block-nesting": c010,
+    "c013-no-dead-code": c013,
+    "c014-abstract-dependency-preferred": c014,
+    "c017-limit-constructor-logic": c017,
+    "c018-no-generic-throw": c018,
+    "c030-use-custom-error-classes": c030,
+    "c035-no-empty-catch": c035,
+    "c023-no-duplicate-variable-name-in-scope": c023,
+    "c029-catch-block-logging": c029,
+    "c041-no-config-inline": c041,
+    "c042-boolean-name-prefix": c042,
+    "c043-no-console-or-print": c043,
+    "c047-no-duplicate-retry-logic": c047,
+    "c072-one-assert-per-test": c072,
+    "c075-explicit-function-return-types": c075,
+    "t002-interface-prefix-i": t002,
+    "t003-ts-ignore-reason": t003,
+    "t004-no-empty-type": t004,
+    "t007-no-fn-in-constructor": t007,
+    "t010-no-nested-union-tuple": t010,
+    "t019-no-this-assign": t019,
+    "t020-no-default-multi-export": t020,
+    "t021-limit-nested-generics": t021,
     // Security rules
     "typescript_s001": s001,
     "typescript_s002": s002,

package/origin-rules/common-en.md

@@ -675,7 +675,7 @@
 
 - **Objective**: Protect sensitive application data, avoid security risks, and comply with security standards. Exposing sensitive information can lead to serious security and privacy issues.
 
-- **Details**
+- **Details**:
   - Use environment variables or separate config files to store secrets
   - Add secret files to `.gitignore` to prevent committing them
   - Use secret management tools such as Vault or AWS Secrets Manager
@@ -692,7 +692,7 @@
 
 - **Objective**: Ensure clarity and readability by making boolean variables self-explanatory. This naming convention improves code maintainability and documentation.
 
-- **Details**
+- **Details**:
   - Use `is` for state attributes (e.g., `isActive`, `isEnabled`)
   - Use `has` for ownership (e.g., `hasPermission`, `hasChildren`)
   - Use `should` for decision flags (e.g., `shouldUpdate`, `shouldRetry`)
@@ -709,7 +709,7 @@
 
 - **Objective**: Ensure logging is done in a controlled and effective manner in production. Using `print` or `console.log` can lead to performance issues, security risks, and log management difficulties.
 
-- **Details**
+- **Details**:
   - Use a dedicated logging framework instead of `print` or `console.log`
   - Set appropriate log levels for each environment (debug, info, warn, error)
   - Ensure logs contain useful metadata like timestamp, level, and context
@@ -726,7 +726,7 @@
 
 - **Objective**: Leverage well-tested, optimized, and community-maintained libraries to reduce bugs and improve development efficiency.
 
-- **Details**
+- **Details**:
   - Prefer using standard language libraries
   - Use trusted and popular community libraries
   - Evaluate library compatibility and performance
@@ -743,7 +743,7 @@
 
 - **Objective**: Ensure APIs return appropriate HTTP status codes so clients can handle errors effectively. HTTP 500 should be reserved for unexpected system errors.
 
-- **Details**
+- **Details**:
   - Use specific HTTP status codes based on error type:
     - 400 for validation errors
     - 401 for authentication failures
@@ -763,7 +763,7 @@
 
 - **Objective**: Keep code readable, maintainable, and efficient by avoiding the use of overly complex regular expressions in business-critical logic.
 
-- **Details**
+- **Details**:
   - Move complex regex into constants or helper functions
   - Prefer string manipulation libraries over complex regex
   - Break down complex regex into simpler processing steps
@@ -781,7 +781,7 @@
 
 - **Objective**: Centralize retry logic to improve consistency, maintainability, and observability of error handling and retry mechanisms.
 
-- **Details**
+- **Details**:
   - Create a dedicated utility class or service for retry logic
   - Centralize retry policy configuration (retry count, delay, backoff)
   - Use decorator pattern or AOP to apply retry logic
@@ -799,7 +799,7 @@
 
 - **Objective**: Maintain a clear layered architecture, ensuring logic and data flow are well-structured and maintainable.
 
-- **Details**
+- **Details**:
   - Controllers should only call Services, not Repositories directly
   - Services should only call Repositories, not Controllers
   - Repositories should only handle data access, not call Services

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.2.2",
+  "version": "1.3.1",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {
@@ -40,17 +40,18 @@
     "demo:file-targeting": "./demo-file-targeting.sh",
     "lint": "node cli.js --config=.sunlint.json --input=.",
     "lint:eslint-integration": "node cli.js --all --eslint-integration --input=.",
-    "build": "npm run copy-rules && echo 'Build completed with rules copy'",
+    "build": "npm run copy-rules && npm run generate-registry && echo 'Build completed with rules copy and registry generation'",
     "copy-rules": "node scripts/copy-rules.js",
+    "generate-registry": "node scripts/generate-rules-registry.js",
     "clean": "rm -rf coverage/ *.log reports/ *.tgz",
     "postpack": "echo '📦 Package created successfully! Size: ' && ls -lh *.tgz | awk '{print $5}'",
     "start": "node cli.js --help",
     "version": "node cli.js --version",
-    "pack": "npm run copy-rules && npm pack",
+    "pack": "npm run copy-rules && npm run generate-registry && npm pack",
     "publish:github": "npm publish --registry=https://npm.pkg.github.com",
     "publish:npmjs": "npm publish --registry=https://registry.npmjs.org",
     "publish:test": "npm publish --dry-run --registry=https://registry.npmjs.org",
-    "prepublishOnly": "npm run clean && npm run copy-rules"
+    "prepublishOnly": "npm run clean && npm run copy-rules && npm run generate-registry"
   },
   "keywords": [
     "linting",
@@ -99,7 +100,8 @@
     "espree": "^10.3.0",
     "minimatch": "^10.0.3",
     "node-fetch": "^3.3.2",
-    "table": "^6.8.2"
+    "table": "^6.8.2",
+    "ts-morph": "^26.0.0"
   },
   "peerDependencies": {
     "typescript": ">=4.0.0"
@@ -126,8 +128,10 @@
   },
   "devDependencies": {
     "@types/node": "^22.10.1",
+    "eslint-plugin-import": "^2.32.0",
     "glob": "^11.0.3",
-    "jest": "^29.7.0"
+    "jest": "^29.7.0",
+    "typescript": "^5.8.3"
   },
   "bugs": {
     "url": "https://github.com/sun-asterisk/engineer-excellence/issues"

package/rules/common/C003_no_vague_abbreviations/analyzer.js

@@ -295,7 +295,7 @@ class C003NoVagueAbbreviations {
             const violation = this.checkVariableName(variableName, content, lineNumber, match.index);
             if (violation) {
               violations.push({
-                rule: 'C003',
+                ruleId: 'C003',
                 severity: 'warning',
                 message: violation.message,
                 line: lineNumber,

package/rules/common/C017_constructor_logic/analyzer.js

@@ -51,6 +51,13 @@ class C017Analyzer {
       if (this.isConstructorStart(trimmedLine)) {
         const constructorInfo = this.extractConstructorInfo(lines, index);
         
+        // Debug logging to understand boundary detection
+        if (config?.verbose) {
+          console.log(`[DEBUG] Constructor found at line ${lineNumber}`);
+          console.log(`[DEBUG] Constructor body lines: ${constructorInfo.body.length}`);
+          console.log(`[DEBUG] Constructor content:`, constructorInfo.body.map((l, i) => `${lineNumber + i}: ${l}`));
+        }
+        
         const complexLogic = this.findComplexLogic(constructorInfo.body);
         
         complexLogic.forEach(logic => {
@@ -81,34 +88,94 @@ class C017Analyzer {
     const constructorLines = [];
     let braceDepth = 0;
     let foundConstructorBrace = false;
+    let inConstructor = false;
+    let parenthesesDepth = 0;
+    let inCallback = false;
 
     for (let i = startIndex; i < lines.length; i++) {
       const line = lines[i];
-      constructorLines.push(line);
+      const trimmedLine = line.trim();
       
       // Check if this is the constructor line with opening brace
-      if (this.isConstructorStart(line.trim())) {
-        // Count braces in the constructor line itself
+      if (this.isConstructorStart(trimmedLine)) {
+        inConstructor = true;
+        constructorLines.push(line);
+        
+        // Special case: empty constructor () {}
+        if (trimmedLine.includes(') {}')) {
+          foundConstructorBrace = true;
+          braceDepth = 0; // Already closed
+          break; // Stop immediately for empty constructor
+        }
+        
+        // Count braces and parentheses in the constructor line itself
         for (const char of line) {
           if (char === '{') {
             foundConstructorBrace = true;
             braceDepth = 1; // Start counting from 1 for the constructor block
+          } else if (char === '(') {
+            parenthesesDepth++;
+          } else if (char === ')') {
+            parenthesesDepth--;
           }
         }
-      } else if (foundConstructorBrace) {
-        // Count braces in subsequent lines
+      } else if (inConstructor && foundConstructorBrace) {
+        constructorLines.push(line);
+        
+        // Track callback functions and nested structures
         for (const char of line) {
-          if (char === '{') {
+          if (char === '(') {
+            parenthesesDepth++;
+            // Detect callback patterns: .use(, .then(, .catch(, etc.
+            if (line.includes('.use(') || line.includes('.then(') || 
+                line.includes('.catch(') || line.includes('.finally(') ||
+                line.includes('=>')) {
+              inCallback = true;
+            }
+          } else if (char === ')') {
+            parenthesesDepth--;
+            if (parenthesesDepth <= 0) {
+              inCallback = false;
+            }
+          } else if (char === '{') {
             braceDepth++;
           } else if (char === '}') {
             braceDepth--;
           }
         }
         
-        // If we've closed all braces, we're done
-        if (braceDepth === 0) {
+        // If we've closed all braces and not in callback, we're done
+        if (braceDepth === 0 && !inCallback) {
           break;
         }
+      } else if (inConstructor) {
+        // Haven't found the opening brace yet, keep looking
+        constructorLines.push(line);
+        
+        // Check for empty constructor pattern: ) {}
+        if (trimmedLine.includes(') {}')) {
+          foundConstructorBrace = true;
+          braceDepth = 0; // Already closed
+          break; // Stop immediately
+        }
+        
+        for (const char of line) {
+          if (char === '{') {
+            foundConstructorBrace = true;
+            braceDepth = 1;
+            break;
+          }
+        }
+      }
+        }
+        
+        for (const char of line) {
+          if (char === '{') {
+            foundConstructorBrace = true;
+            braceDepth = 1;
+            break;
+          }
+        }
       }
     }
 
@@ -120,6 +187,14 @@ class C017Analyzer {
 
   findComplexLogic(constructorBody) {
     const complexLogic = [];
+    let inCallbackFunction = false;
+    let callbackDepth = 0;
+    
+    // Check if this is an empty constructor first
+    // TEMPORARILY DISABLED for debugging
+    // if (this.isEmptyConstructor(constructorBody)) {
+    //   return complexLogic; // Return empty array - no violations for empty constructors
+    // }
     
     constructorBody.forEach((line, index) => {
       const trimmedLine = line.trim();
@@ -135,7 +210,27 @@ class C017Analyzer {
         return;
       }
 
-      // Analyze line for complex logic patterns
+      // Track callback functions to avoid flagging their content
+      if (this.isCallbackStart(trimmedLine)) {
+        inCallbackFunction = true;
+        callbackDepth = 1;
+        return;
+      }
+
+      if (inCallbackFunction) {
+        // Count braces to track callback boundaries
+        const openBraces = (trimmedLine.match(/\{/g) || []).length;
+        const closeBraces = (trimmedLine.match(/\}/g) || []).length;
+        callbackDepth += openBraces - closeBraces;
+        
+        if (callbackDepth <= 0) {
+          inCallbackFunction = false;
+          callbackDepth = 0;
+        }
+        return; // Skip analysis inside callbacks
+      }
+
+      // Analyze line for complex logic patterns only if not in callback
       const logicType = this.analyzeLineComplexity(trimmedLine);
       
       if (logicType) {
@@ -153,6 +248,55 @@ class C017Analyzer {
     return complexLogic;
   }
 
+  isEmptyConstructor(constructorBody) {
+    // Check if constructor body contains only dependency injection parameters and closing brace
+    const meaningfulLines = constructorBody.filter(line => {
+      const trimmed = line.trim();
+      
+      // Skip empty lines, comments, and constructor declaration
+      if (!trimmed || 
+          trimmed.startsWith('//') || 
+          trimmed.startsWith('/*') || 
+          trimmed.startsWith('*') ||
+          this.isConstructorStart(trimmed) ||
+          trimmed === '{' || 
+          trimmed === '}' ||
+          trimmed === ') {}') {
+        return false;
+      }
+      
+      // Skip constructor parameter declarations (NestJS style)
+      if (trimmed.startsWith('@') || // Decorators like @InjectRepository
+          trimmed.match(/^\s*(private|public|protected)\s+readonly\s+\w+/) || // DI parameters
+          trimmed.match(/^\s*(private|public|protected)\s+\w+/) || // Other parameters
+          trimmed.endsWith(',') || // Parameter continuation
+          trimmed.endsWith(') {')) { // Constructor parameter closing
+        return false;
+      }
+      
+      // This is a meaningful line (logic, assignments, calls, etc.)
+      return true;
+    });
+    
+    return meaningfulLines.length === 0;
+  }
+
+  isCallbackStart(line) {
+    // Patterns that indicate callback function starts
+    const callbackPatterns = [
+      /\.(use|then|catch|finally|map|filter|forEach|reduce)\s*\(/,
+      /=>\s*\{/,
+      /function\s*\(/,
+      /\(\s*\w+\s*\)\s*=>/,
+      /interceptors\.(request|response)\.use\(/,
+      /\.addEventListener\(/,
+      /setTimeout\(/,
+      /setInterval\(/
+    ];
+
+    return callbackPatterns.some(pattern => pattern.test(line));
+  }
+
   analyzeLineComplexity(line) {
     // Simple property assignments are OK
     if (this.isSimpleAssignment(line)) {
@@ -179,6 +323,16 @@ class C017Analyzer {
       return null;
     }
 
+    // Configuration setup is OK
+    if (this.isConfigurationSetup(line)) {
+      return null;
+    }
+
+    // Interceptor setup is OK (axios, etc.)
+    if (this.isInterceptorSetup(line)) {
+      return null;
+    }
+
     // Detect complex logic patterns
     const complexPatterns = [
       {
@@ -209,7 +363,7 @@ class C017Analyzer {
         pattern: /\w+\s*\(\s*[^)]*\)\s*[;{]/,
         type: 'method_call',
         description: 'complex method calls',
-        confidence: 0.6 // Lower confidence, only flag complex calls
+        confidence: 0.4 // Reduced confidence to minimize false positives
       },
       {
         pattern: /new\s+\w+\s*\([^)]*\)\s*\./,
@@ -238,16 +392,75 @@ class C017Analyzer {
   }
 
   isSimpleAssignment(line) {
-    // Patterns for simple assignments
+    // Patterns for simple assignments - expanded to catch more legitimate patterns
     const simplePatterns = [
       /^this\.\w+\s*=\s*[^;]+;?$/,          // this.property = value;
       /^this\.\w+\s*=\s*\w+;?$/,            // this.property = parameter;
       /^this\.\w+\s*=\s*(null|undefined|true|false|\d+|'[^']*'|"[^"]*");?$/, // this.property = literal;
+      /^this\.\w+\s*=\s*this\.\w+\s*\.\s*get\s*\(/,  // this.property = this.configService.get(
+      /^this\.\w+\s*=\s*new\s+\w+\s*\(/,             // this.property = new SomeClass(
+      /^this\.\w+\s*=\s*\w+\s*\.\s*\w+\s*\(/,       // this.property = service.method(
+      // Enhanced patterns for configuration initialization
+      /^this\.\w+\s*=\s*new\s+\w+Client\s*\(/,       // this.s3 = new S3Client(
+      /^this\.\w+\s*=\s*new\s+\w+\s*\(\s*\{/,        // this.prop = new Class({ config })
+      /^this\.\w+\s*=\s*\w+\s*\.\s*create\s*\(/,     // this.prop = Factory.create(
+      /^this\.\w+\s*=\s*\w+\s*\.\s*getInstance\s*\(/, // this.prop = Service.getInstance(
     ];
 
     return simplePatterns.some(pattern => pattern.test(line));
   }
 
+  isConfigurationSetup(line) {
+    // Check if this is configuration/options object setup
+    const configPatterns = [
+      /^\s*\w+:\s*/, // Property definition in object literal
+      /level:\s*/, // Log level setting
+      /timestamp:\s*/, // Timestamp configuration
+      /formatters:\s*/, // Formatter configuration
+      /mixin:\s*/, // Mixin configuration
+      /transport:\s*/, // Transport configuration
+      /options:\s*/, // Options configuration
+      /target:\s*/, // Target configuration
+      /baseURL:\s*/, // Axios baseURL
+      /timeout:\s*/, // Axios timeout
+      /region:\s*/, // AWS region configuration
+      /credentials:\s*/, // AWS credentials
+      /endpoint:\s*/, // API endpoint
+      /apiVersion:\s*/, // API version
+      /maxRetries:\s*/, // Retry configuration  
+      /headers:\s*/, // HTTP headers
+      /defaultHeaders:\s*/, // Default headers
+      /interceptors:\s*/, // Request/response interceptors
+      /transformRequest:\s*/, // Request transformation
+      /transformResponse:\s*/, // Response transformation
+      /validateStatus:\s*/, // Status validation
+      /responseType:\s*/, // Response type
+      /maxContentLength:\s*/, // Content length limit
+      /ssl:\s*/, // SSL configuration
+      /auth:\s*/, // Authentication
+      /withCredentials:\s*/, // CORS credentials
+      /maxRedirects:\s*/, // Max redirects
+    ];
+
+    return configPatterns.some(pattern => pattern.test(line));
+  }
+
+  isInterceptorSetup(line) {
+    // Check if this is axios interceptor setup (should be allowed in constructor)
+    const interceptorPatterns = [
+      /interceptors\.(request|response)\.use/,
+      /\.use\s*\(/,
+      /\.then\s*\(/,
+      /\.catch\s*\(/,
+      /\.finally\s*\(/,
+      /=>\s*\{?/,
+      /=>\s*[^{]/, // Arrow function without braces
+      /function\s*\(/
+    ];
+
+    return interceptorPatterns.some(pattern => pattern.test(line));
+  }
+
   isSuperCall(line) {
     return line.includes('super(') || line.startsWith('super.');
   }
@@ -279,7 +492,7 @@ class C017Analyzer {
   }
 
   isAllowedMethodCall(line) {
-    // Method calls that are typically OK in constructors
+    // Method calls that are typically OK in constructors - expanded list
     const allowedMethods = [
       'makeObservable',
       'makeAutoObservable',
@@ -289,22 +502,46 @@ class C017Analyzer {
       'Object.assign',
       'Object.defineProperty',
       'console.log',
-      'console.warn'
+      'console.warn',
+      // Common initialization patterns
+      'createLogger',
+      'initializeLogger',
+      'setupConfiguration',
+      'initializeService',
+      'configure',
+      'init',
+      'setup',
+      // Common service/config patterns
+      'get',
+      'getService',
+      'getInstance',
+      // Dependency injection patterns
+      'inject',
+      'resolve',
+      // Axios/HTTP setup patterns
+      'interceptors',
+      'use',
+      'defaults',
+      'timeout',
+      'baseURL',
+      'headers'
     ];
 
+    const lowerLine = line.toLowerCase();
     return allowedMethods.some(method => 
-      line.includes(method)
+      lowerLine.includes(method.toLowerCase())
     );
   }
 
   hasComplexExpression(line) {
     // Check for complex expressions (multiple operators, complex calculations)
+    // Made more restrictive to reduce false positives
     const complexityIndicators = [
       /[+\-*/]\s*[+\-*/]/,    // Multiple arithmetic operators
       /\?\s*.*\s*:/,          // Ternary operators
-      /&&|\|\|/,              // Logical operators
-      /\[[^\]]*\]/,           // Array access
-      /\.[^.]*\./             // Chained property access
+      /&&.*&&|\|\|.*\|\|/,    // Multiple logical operators (more restrictive)
+      /\[[^\]]*\].*\[[^\]]*\]/, // Multiple array accesses
+      /\.[^.]*\.[^.]*\./      // Triple+ chained property access (more restrictive)
     ];
 
     return complexityIndicators.some(pattern => pattern.test(line));