@sun-asterisk/sunlint 1.3.0 → 1.3.1

package/config/rules/enhanced-rules-registry.json

@@ -332,6 +332,34 @@
         ]
       }
     },
+    "C035": {
+      "name": "Log all relevant context when handling errors",
+      "description": "When handling errors, must log full information related - structured logging with context",
+      "category": "error-handling",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
+      "analyzer": "./rules/common/C035_error_logging_context/analyzer.js",
+      "config": "./rules/common/C035_error_logging_context/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "logging",
+        "error-handling",
+        "observability",
+        "debugging"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "no-empty-catch",
+          "@typescript-eslint/no-unused-vars"
+        ]
+      }
+    },
     "C037": {
       "name": "Standard Response Objects",
       "description": "API handlers should return standard response objects (not raw strings)",
@@ -445,25 +473,6 @@
         }
       }
     },
-    "C076": {
-      "name": "One Assert Per Test",
-      "description": "Each test should assert only one behavior (Single Assert Rule)",
-      "category": "testing",
-      "severity": "warning",
-      "languages": [
-        "typescript",
-        "javascript"
-      ],
-      "analyzer": "eslint",
-      "eslintRule": "custom/c076",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": [
-        "testing",
-        "unit-test",
-        "assertion"
-      ]
-    },
     "S001": {
       "name": "Fail Securely",
       "description": "Verify that if there is an error in access control, the system fails securely",
@@ -541,34 +550,56 @@
         "typescript",
         "javascript"
       ],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s005",
+      "analyzer": "./rules/security/S005_no_origin_auth/analyzer.js",
       "version": "1.0.0",
       "status": "stable",
       "tags": [
         "security",
         "authentication",
         "headers"
-      ]
+      ],
+      "strategy": {
+        "preferred": "ast",
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
+        "accuracy": {
+          "ast": 95,
+          "regex": 85
+        }
+      },
+      "engineMappings": {
+        "eslint": [
+          "custom/typescript_s005"
+        ]
+      }
     },
     "S006": {
-      "name": "Activation Recovery Secret Not Plaintext",
-      "description": "Activation recovery secret must not be in plaintext",
+      "name": "No Plaintext Recovery/Activation Codes",
+      "description": "Do not send recovery or activation codes in plaintext",
       "category": "security",
       "severity": "error",
       "languages": [
-        "typescript",
-        "javascript"
+        "All languages"
       ],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s006",
+      "analyzer": "./rules/security/S006_no_plaintext_recovery_codes/analyzer.js",
+      "config": "./rules/security/S006_no_plaintext_recovery_codes/config.json",
       "version": "1.0.0",
       "status": "stable",
       "tags": [
         "security",
-        "secrets",
-        "encryption"
-      ]
+        "owasp",
+        "cryptographic-failures",
+        "authentication"
+      ],
+      "strategy": {
+        "preferred": "regex",
+        "fallback": "heuristic"
+      },
+      "engineMappings": {
+        "heuristic": "S006_no_plaintext_recovery_codes"
+      }
     },
     "S007": {
       "name": "No Plaintext OTP",
@@ -577,17 +608,40 @@
       "severity": "error",
       "languages": [
         "typescript",
-        "javascript"
+        "javascript",
+        "dart",
+        "kotlin",
+        "java",
+        "python",
+        "go",
+        "swift"
       ],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s007",
+      "analyzer": "./rules/security/S007_no_plaintext_otp/analyzer.js",
+      "config": "./rules/security/S007_no_plaintext_otp/config.json",
       "version": "1.0.0",
       "status": "stable",
       "tags": [
         "security",
         "otp",
-        "encryption"
-      ]
+        "encryption",
+        "owasp",
+        "cryptographic-failures",
+        "authentication"
+      ],
+      "strategy": {
+        "preferred": "heuristic",
+        "fallbacks": [
+          "heuristic",
+          "regex"
+        ],
+        "accuracy": {
+          "heuristic": 90,
+          "regex": 75
+        }
+      },
+      "engineMappings": {
+        "heuristic": "S007_no_plaintext_otp"
+      }
     },
     "S008": {
       "name": "Crypto Agility",
@@ -1525,13 +1579,15 @@
         ]
       },
       "strategy": {
-        "preferred": "ast",
+        "preferred": "semantic",
         "fallbacks": [
-          "ast",
+          "semantic",
+          "ast", 
           "regex"
         ],
         "accuracy": {
-          "ast": 90,
+          "semantic": 95,
+          "ast": 85,
           "regex": 70
         }
       }
@@ -1620,35 +1676,6 @@
         "accuracy": {}
       }
     },
-    "C035": {
-      "id": "C035",
-      "name": "Rule C035",
-      "description": "Auto-migrated rule C035 from ESLint mapping",
-      "category": "general",
-      "severity": "warning",
-      "languages": [
-        "typescript",
-        "javascript"
-      ],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": [
-        "migrated"
-      ],
-      "engineMappings": {
-        "eslint": [
-          "no-empty-catch",
-          "@typescript-eslint/no-unused-vars"
-        ]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": [
-          "regex"
-        ],
-        "accuracy": {}
-      }
-    },
     "C041": {
       "id": "C041",
       "name": "Rule C041",
@@ -1735,22 +1762,27 @@
     },
     "C072": {
       "id": "C072",
-      "name": "Rule C072",
-      "description": "Auto-migrated rule C072 from ESLint mapping",
-      "category": "general",
+      "name": "Single Test Behavior",
+      "description": "Each test should assert only one behavior",
+      "category": "testing",
       "severity": "warning",
       "languages": [
         "typescript",
         "javascript"
       ],
       "version": "1.0.0",
-      "status": "migrated",
+      "status": "stable",
       "tags": [
-        "migrated"
+        "testing",
+        "unit-test",
+        "single-behavior"
       ],
       "engineMappings": {
         "eslint": [
-          "custom/one-assert-per-test"
+          "custom/c072-one-assert-per-test"
+        ],
+        "heuristic": [
+          "rules/common/C072_single_test_behavior/analyzer.js"
         ]
       },
       "strategy": {
@@ -1789,6 +1821,36 @@
         "accuracy": {}
       }
     },
+    "C076": {
+      "id": "C076",
+      "name": "Explicit Function Argument Types",
+      "description": "All public functions must declare explicit types for arguments",
+      "category": "type-safety",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "type-safety",
+        "public-api",
+        "explicit-types"
+      ],
+      "engineMappings": {
+        "heuristic": [
+          "rules/common/C076_explicit_function_types/semantic-analyzer.js"
+        ]
+      },
+      "strategy": {
+        "preferred": "symbol",
+        "fallbacks": [
+          "symbol"
+        ],
+        "accuracy": {}
+      }
+    },
     "T002": {
       "id": "T002",
       "name": "Rule T002",
@@ -2300,7 +2362,6 @@
         "C047",
         "C072",
         "C075",
-        "C076",
         "T002",
         "T003",
         "T004",

package/config/rules/rules-registry-generated.json

@@ -914,7 +914,7 @@
     },
     "C039": {
       "name": "Do not store temporary data in global or static mutable fields",
-      "description": "No description available",
+      "description": "Prevent issues related to shared state and race conditions in concurrent environments. Ensure thread-safety and testability. Using global or static mutable fields can introduce hard-to-detect and hard-to-fix bugs.",
       "category": "Common",
       "severity": "major",
       "languages": [
@@ -937,7 +937,7 @@
     },
     "C040": {
       "name": "Do not spread validation logic across multiple classes",
-      "description": "No description available",
+      "description": "Centralize validation logic to simplify maintenance, increase reusability, and ensure consistency. Centralized validation helps reduce bugs and simplifies updating validation rules.",
       "category": "Common",
       "severity": "major",
       "languages": [

package/config/rules/rules-registry.json

@@ -59,6 +59,18 @@
       "status": "experimental",
       "tags": ["validation", "separation", "architecture"]
     },
+    "C035": {
+      "name": "Error Logging Context",
+      "description": "Khi xử lý lỗi, phải ghi log đầy đủ thông tin liên quan - structured logging with context",
+      "category": "logging",
+      "severity": "warning",
+      "languages": ["typescript", "javascript"],
+      "analyzer": "./rules/common/C035_error_logging_context/analyzer.js",
+      "config": "./rules/common/C035_error_logging_context/config.json",
+      "version": "1.0.0",
+      "status": "experimental",
+      "tags": ["logging", "error-handling", "context", "structured-logging"]
+    },
     "C043": {
       "name": "No Console Or Print",
       "description": "Do not use console.log or print in production code",
@@ -651,7 +663,7 @@
     "quality": {
       "name": "Code Quality",
       "description": "Rules for code quality improvement",
-      "rules": ["C002", "C003", "C006", "C010", "C013", "C014", "C017", "C018", "C023", "C029", "C030", "C035", "C041", "C042", "C043", "C047", "C072", "C075", "C076", "T002", "T003", "T004", "T007", "T010", "T019", "T020", "T021", "R001", "R002", "R003", "R004", "R005", "R006"],
+      "rules": ["C002", "C003", "C006", "C010", "C013", "C014", "C017", "C018", "C023", "C029", "C030", "C035", "C041", "C042", "C043", "C047", "C072", "C075", "T002", "T003", "T004", "T007", "T010", "T019", "T020", "T021", "R001", "R002", "R003", "R004", "R005", "R006"],
       "severity": "warning"
     },
     "security": {

package/core/cli-action-handler.js

@@ -109,21 +109,29 @@ class CliActionHandler {
   }
 
   /**
-   * Run analysis with modern orchestrator
-   * Following Rule C006: Verb-noun naming
-   * Following Rule C012: Command Query Separation - analysis is a command
+   * Run analysis using modern orchestrator
    */
   async runModernAnalysis(rulesToRun, files, config) {
     if (this.isModernMode) {
       console.log(chalk.blue('🚀 Using modern engine architecture'));
       
-      // Initialize orchestrator with configuration
+      // Initialize orchestrator with configuration including targetFiles for optimization
       await this.orchestrator.initialize({
         enabledEngines: this.determineEnabledEngines(config),
         aiConfig: config.ai || {},
         eslintConfig: config.eslint || {},
-        heuristicConfig: config.heuristic || {}
+        heuristicConfig: { 
+          ...config.heuristic || {},
+          targetFiles: this.options.targetFiles,  // Pass filtered files for semantic optimization
+          maxSemanticFiles: this.options.maxSemanticFiles !== undefined ? parseInt(this.options.maxSemanticFiles) : 1000,  // Configurable semantic file limit
+          verbose: this.options.verbose  // Pass verbose for debugging
+        }
       });
+      
+      if (this.options.verbose) {
+        console.log(`🔧 Debug: maxSemanticFiles option = ${this.options.maxSemanticFiles}`);
+        console.log(`🔧 Debug: parsed maxSemanticFiles = ${this.options.maxSemanticFiles !== undefined ? parseInt(this.options.maxSemanticFiles) : 1000}`);
+      }
 
       // Run analysis with new orchestrator
       const results = await this.orchestrator.analyze(files, rulesToRun, {
@@ -136,21 +144,7 @@ class CliActionHandler {
           requestedEngine: this.options.engine
         }
       });
-
       return results;
-    } else {
-      console.log(chalk.yellow('🔄 Using legacy orchestrator'));
-      
-      // Ensure verbose/quiet flags are in config
-      const analysisConfig = {
-        ...config,
-        verbose: this.options.verbose,
-        quiet: this.options.quiet,
-        // Pass requested engine to enable strict engine mode (no fallback)
-        requestedEngine: this.options.engine
-      };
-      
-      return await this.orchestrator.runAnalysis(rulesToRun, this.options, analysisConfig);
     }
   }
 
@@ -268,6 +262,17 @@ class CliActionHandler {
    * Following Rule C031: Separate validation logic
    */
   validateInput(config) {
+    // Validate engine option if specified (check this first, always)
+    if (this.options.engine) {
+      const validEngines = ['eslint', 'heuristic', 'openai'];
+      if (!validEngines.includes(this.options.engine)) {
+        throw new Error(
+          chalk.red(`❌ Invalid engine: ${this.options.engine}\n`) +
+          chalk.gray(`Valid engines: ${validEngines.join(', ')}`)
+        );
+      }
+    }
+
     // Priority 1: CLI --input parameter (highest priority)
     if (this.options.input) {
       // Validate CLI input path exists
@@ -302,17 +307,6 @@ class CliActionHandler {
       }
       return;
     }
-
-    // Validate engine option if specified
-    if (this.options.engine) {
-      const validEngines = ['eslint', 'sunlint', 'heuristic'];
-      if (!validEngines.includes(this.options.engine)) {
-        throw new Error(
-          chalk.red(`❌ Invalid engine: ${this.options.engine}\n`) +
-          chalk.gray(`Valid engines: ${validEngines.join(', ')}`)
-        );
-      }
-    }
   }
 
   /**

package/core/cli-program.js

@@ -26,7 +26,7 @@ function createCliProgram() {
   // TypeScript specific options (Phase 1 focus)
   program
     .option('--typescript', 'Enable TypeScript-specific analysis')
-    .option('--typescript-engine <engine>', 'TypeScript analysis engine (eslint,sunlint,hybrid)', 'sunlint')
+    .option('--typescript-engine <engine>', 'TypeScript analysis engine (eslint,heuristic,hybrid)', 'heuristic')
     .option('--ensure-deps', 'Ensure ESLint dependencies are installed');
 
   // Input/Output options (v1.x: explicit --input required)
@@ -58,7 +58,7 @@ function createCliProgram() {
 
   // Advanced options
   program
-    .option('--engine <engine>', 'Force specific analysis engine (eslint,sunlint)', '')
+    .option('--engine <engine>', 'Force specific analysis engine (eslint,heuristic)', '')
     .option('--dry-run', 'Show what would be analyzed without running')
     .option('--verbose', 'Enable verbose logging')
     .option('--quiet', 'Suppress non-error output')
@@ -67,6 +67,7 @@ function createCliProgram() {
     .option('--no-ai', 'Force disable AI analysis (use heuristic only)')
     .option('--legacy', 'Use legacy analysis architecture')
     .option('--modern', 'Use modern plugin-based architecture (default)')
+    .option('--max-semantic-files <number>', 'Control semantic analysis scope: 0=disable, -1=unlimited, >0=limit (default: 1000)', '1000')
     .option('--list-engines', 'List available analysis engines');
 
   // ESLint Integration options
@@ -107,7 +108,7 @@ Version Strategy:
 Engine Configuration:
   $ sunlint --all --input=src                    # Use config engine setting
   $ sunlint --all --input=src --engine=eslint    # Force ESLint engine 
-  $ sunlint --all --input=src --engine=sunlint   # Force SunLint engine
+  $ sunlint --all --input=src --engine=heuristic # Force Heuristic engine
 
 CI/CD Integration:
   $ sunlint --all --changed-files --format=summary --no-ai
@@ -127,6 +128,13 @@ Advanced File Targeting:
   $ sunlint --languages=typescript,dart --include="src/**,packages/**" --input=.
   $ sunlint --all --only-source --exclude-tests --languages=typescript --input=.
 
+Large Project Optimization:
+  $ sunlint --all --input=. --max-semantic-files=500    # Conservative analysis
+  $ sunlint --all --input=. --max-semantic-files=2000   # Comprehensive analysis  
+  $ sunlint --all --input=. --max-semantic-files=-1     # Unlimited (all files)
+  $ sunlint --all --input=. --max-semantic-files=0      # Disable semantic analysis
+  $ sunlint --all --changed-files --max-semantic-files=300  # Fast CI analysis
+
 Sun* Engineering - Coding Standards Made Simple ☀️
 `);
 

package/core/config-merger.js

@@ -209,8 +209,35 @@ class ConfigMerger {
       // Add flexible patterns for input paths
       const expandedInclude = [...currentInclude];
       for (const inputPath of inputPaths) {
-        expandedInclude.push(inputPath + '/**');
-        expandedInclude.push('**/' + inputPath + '/**');
+        // Check if inputPath is a file or directory
+        const fs = require('fs');
+        const path = require('path');
+        
+        try {
+          const resolvedPath = path.resolve(inputPath);
+          if (fs.existsSync(resolvedPath)) {
+            const stat = fs.statSync(resolvedPath);
+            if (stat.isFile()) {
+              // For files, add the exact path
+              expandedInclude.push(inputPath);
+              expandedInclude.push('**/' + inputPath);
+            } else if (stat.isDirectory()) {
+              // For directories, add recursive patterns
+              expandedInclude.push(inputPath + '/**');
+              expandedInclude.push('**/' + inputPath + '/**');
+            }
+          } else {
+            // If path doesn't exist, assume it's a pattern and add both file and directory variants
+            expandedInclude.push(inputPath);
+            expandedInclude.push(inputPath + '/**');
+            expandedInclude.push('**/' + inputPath);
+            expandedInclude.push('**/' + inputPath + '/**');
+          }
+        } catch (error) {
+          // Fallback to original logic if file system check fails
+          expandedInclude.push(inputPath + '/**');
+          expandedInclude.push('**/' + inputPath + '/**');
+        }
       }
       result.include = expandedInclude;
       

package/core/enhanced-rules-registry.js

@@ -100,7 +100,8 @@ class EnhancedRulesRegistry {
       'C006': ['eslint', 'heuristic', 'openai'],
       'C007': ['eslint', 'heuristic', 'openai'],
       'C014': ['eslint', 'heuristic', 'openai'],
-      'C033': ['eslint', 'heuristic'],
+      'C033': ['heuristic', 'eslint'],
+      'C035': ['heuristic', 'eslint'],
       'C040': ['eslint', 'heuristic'],
       
       // AI-enhanced rules (complex logic analysis)
@@ -109,7 +110,6 @@ class EnhancedRulesRegistry {
       'C015': ['openai', 'heuristic'],
       'C032': ['openai', 'heuristic'],
       'C034': ['openai', 'heuristic'],
-      'C035': ['openai', 'heuristic'],
       'C037': ['openai', 'heuristic', 'eslint'],
       'C038': ['openai', 'heuristic']
     };
@@ -328,4 +328,4 @@ class EnhancedRulesRegistry {
   }
 }
 
-module.exports = EnhancedRulesRegistry;
+module.exports = EnhancedRulesRegistry;