@sun-asterisk/sunlint 1.3.1 → 1.3.3

package/rules/common/C024_no_scatter_hardcoded_constants/symbol-based-analyzer.js

@@ -0,0 +1,181 @@
+/**
+ * C024 Symbol-based Analyzer - Advanced Do not scatter hardcoded constants throughout the logic
+ * Purpose: The rule prevents scattering hardcoded constants throughout the logic. Instead, constants should be defined in a single place to improve maintainability and readability.
+ */
+
+const { SyntaxKind } = require('ts-morph');
+
+class C024SymbolBasedAnalyzer {
+  constructor(semanticEngine = null) {
+    this.ruleId = 'C024';
+    this.ruleName = 'Error Scatter hardcoded constants throughout the logic (Symbol-Based)';
+    this.semanticEngine = semanticEngine;
+    this.verbose = false;
+    this.safeStrings = ["UNKNOWN", "N/A"]; // allowlist of special fallback values
+  }
+
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C024 Symbol-Based] Analyzer initialized, verbose: ${this.verbose}`);
+    }
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    // This is the main entry point called by the hybrid analyzer
+    return await this.analyzeFileWithSymbols(filePath, options);
+  }
+
+  async analyzeFileWithSymbols(filePath, options = {}) {
+    const violations = [];
+
+    // Enable verbose mode if requested
+    const verbose = options.verbose || this.verbose;
+
+    if (!this.semanticEngine?.project) {
+      if (verbose) {
+        console.warn('[C024 Symbol-Based] No semantic engine available, skipping analysis');
+      }
+      return violations;
+    }
+
+    if (verbose) {
+      console.log(`🔍 [C024 Symbol-Based] Starting analysis for ${filePath}`);
+    }
+
+    try {
+      const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
+      if (!sourceFile) {
+        return violations;
+      }
+
+      // skip constants files
+      if (this.isConstantsFile(filePath)) return violations;
+      // Detect hardcoded constants
+      sourceFile.forEachDescendant((node) => {
+        this.checkLiterals(node, sourceFile, violations);
+        this.checkConstDeclaration(node, sourceFile, violations);
+        this.checkStaticReadonly(node, sourceFile, violations);
+      });
+
+
+      if (verbose) {
+        console.log(`🔍 [C024 Symbol-Based] Total violations found: ${violations.length}`);
+      }
+
+      return violations;
+    } catch (error) {
+      if (verbose) {
+        console.warn(`[C024 Symbol-Based] Analysis failed for ${filePath}:`, error.message);
+      }
+
+      return violations;
+    }
+  }
+
+  // --- push violation object ---
+  pushViolation(violations, node, filePath, text, message) {
+    violations.push({
+      ruleId: this.ruleId,
+      severity: "warning",
+      message: message || `Hardcoded constant found: "${text}"`,
+      source: this.ruleId,
+      file: filePath,
+      line: node.getStartLineNumber(),
+      column: node.getStart() - node.getStartLinePos(),
+      description:
+        "[SYMBOL-BASED] Hardcoded constants should be defined in a single place to improve maintainability.",
+      suggestion: "Define constants in a dedicated file or section",
+      category: "constants",
+    });
+  }
+
+  // --- check literals like "ADMIN", 123, true ---
+  checkLiterals(node, sourceFile, violations) {
+    const kind = node.getKind();
+    if (
+      kind === SyntaxKind.StringLiteral ||
+      kind === SyntaxKind.NumericLiteral ||
+      kind === SyntaxKind.TrueKeyword ||
+      kind === SyntaxKind.FalseKeyword
+    ) {
+      const text = node.getText().replace(/['"`]/g, ""); // strip quotes
+      if (this.isAllowedLiteral(node, text)) return;
+
+      this.pushViolation(
+        violations,
+        node,
+        sourceFile.getFilePath(),
+        node.getText()
+      );
+    }
+  }
+
+  // --- check const declarations outside constants.ts ---
+  checkConstDeclaration(node, sourceFile, violations) {
+    const kind = node.getKind();
+    if (kind === SyntaxKind.VariableDeclaration) {
+      const parentKind = node.getParent()?.getKind();
+      if (
+        parentKind === SyntaxKind.VariableDeclarationList &&
+        node.getParent().getDeclarationKind() === "const"
+      ) {
+        this.pushViolation(
+          violations,
+          node,
+          sourceFile.getFilePath(),
+          node.getName(),
+          `Const declaration "${node.getName()}" should be moved into constants file`
+        );
+      }
+    }
+  }
+
+  // --- check static readonly properties inside classes ---
+  checkStaticReadonly(node, sourceFile, violations) {
+    const kind = node.getKind();
+    if (kind === SyntaxKind.PropertyDeclaration) {
+      const modifiers = node.getModifiers().map((m) => m.getText());
+      if (modifiers.includes("static") && modifiers.includes("readonly")) {
+        this.pushViolation(
+          violations,
+          node,
+          sourceFile.getFilePath(),
+          node.getName(),
+          `Static readonly property "${node.getName()}" should be moved into constants file`
+        );
+      }
+    }
+  }
+
+  // --- helper: allow safe literals ---
+  isAllowedLiteral(node, text) {
+    // skip imports
+    if (node.getParent()?.getKind() === SyntaxKind.ImportDeclaration) {
+      return true;
+    }
+
+    // allow short strings
+    if (typeof text === "string" && text.length <= 1) return true;
+
+    // allow sentinel numbers
+    if (text === "0" || text === "1" || text === "-1") return true;
+
+    // allow known safe strings (like "UNKNOWN")
+    if (this.safeStrings.includes(text)) return true;
+
+    return false;
+  }
+
+  // helper to check if file is a constants file
+  isConstantsFile(filePath) {
+    const lower = filePath.toLowerCase();
+    return lower.endsWith("constants.ts") || lower.includes("/constants/");
+  }
+}
+
+module.exports = C024SymbolBasedAnalyzer;

package/rules/common/C030_use_custom_error_classes/analyzer.js

@@ -0,0 +1,200 @@
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * Rule C030 - Use Custom Error Classes
+ * Enforce using application-specific error classes instead of generic system errors
+ * Examples to flag: throw new Error(), throw new TypeError(), Promise.reject(new Error(...))
+ */
+class C030UseCustomErrorClassesAnalyzer {
+  constructor(options = {}) {
+    this.ruleId = 'C030';
+    this.ruleName = 'Use Custom Error Classes';
+    this.description = 'Use custom error classes instead of generic system errors';
+    this.severity = 'warning';
+    this.verbose = options.verbose || false;
+
+    this.builtinErrorNames = [
+      'Error',
+      'TypeError',
+      'RangeError',
+      'ReferenceError',
+      'SyntaxError',
+      'URIError',
+      'EvalError'
+    ];
+
+    // Precompile regexes for speed
+    const namesGroup = this.builtinErrorNames.join('|');
+    this.patterns = [
+      // throw new Error(...)
+      new RegExp(`\\bthrow\\s+new\\s+(${namesGroup})\\s*\\(`),
+      // throw Error(...)
+      new RegExp(`\\bthrow\\s+(${namesGroup})\\s*\\(`),
+      // Promise.reject(new Error(...))
+      new RegExp(`Promise\\.reject\\s*\\(\\s*new\\s+(${namesGroup})\\s*\\(`),
+      // reject(new Error(...))
+      new RegExp(`\\breject\\s*\\(\\s*new\\s+(${namesGroup})\\s*\\(`),
+      // Throwing string literals (single, double quotes)
+      /\bthrow\s+['"][^'"]*['"]/,
+      // Throwing template literals
+      /\bthrow\s+`[^`]*`/,
+      // Throwing numbers
+      /\bthrow\s+\d+/,
+      // Throwing variables (simple identifiers) - remove $ anchor to allow comments
+      /\bthrow\s+[a-zA-Z_$][a-zA-Z0-9_$]*(?:\s*;|\s*\/\/|\s*$)/
+    ];
+  }
+
+  async analyze(files, language, config = {}) {
+    const violations = [];
+
+    for (const filePath of files) {
+      try {
+        // Handle both file paths and direct content
+        let content;
+        if (typeof filePath === 'string' && fs.existsSync(filePath)) {
+          content = fs.readFileSync(filePath, 'utf8');
+        } else if (typeof filePath === 'object' && filePath.content) {
+          // Handle test cases with direct content
+          content = filePath.content;
+          filePath = filePath.path || 'test.js';
+        } else {
+          if (this.verbose) {
+            console.warn(`C030: Skipping invalid file path: ${filePath}`);
+          }
+          continue;
+        }
+        
+        const fileViolations = await this.analyzeFile(filePath, content, language, config);
+        violations.push(...fileViolations);
+      } catch (error) {
+        if (this.verbose) {
+          console.warn(`C030 analysis error for ${path.basename(filePath)}: ${error.message}`);
+        }
+      }
+    }
+
+    return violations;
+  }
+
+  async analyzeFile(filePath, content, language, config = {}) {
+    const violations = [];
+
+    // Only target JS/TS for now
+    if (!this.isJsLike(filePath)) {
+      return violations;
+    }
+
+    const lines = content.split('\n');
+
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const trimmed = line.trim();
+
+      // Skip comments-only lines quickly
+      if (this.isCommentOnly(trimmed)) {
+        continue;
+      }
+
+      for (const pattern of this.patterns) {
+        const match = trimmed.match(pattern);
+        if (match) {
+          const column = line.indexOf(match[0]) + 1;
+          const builtInName = this.extractBuiltinName(match);
+          const violationType = this.getViolationType(pattern, trimmed);
+
+          const suggestion = this.getSuggestion(builtInName, violationType);
+
+          violations.push({
+            ruleId: this.ruleId,
+            file: filePath,
+            line: i + 1,
+            column: Math.max(column, 1),
+            message: this.getMessage(violationType),
+            severity: this.severity,
+            code: trimmed,
+            type: violationType,
+            suggestion
+          });
+
+          // Avoid double-reporting same line on multiple patterns
+          break;
+        }
+      }
+    }
+
+    return violations;
+  }
+
+  isJsLike(filePath) {
+    return /\.(js|jsx|ts|tsx|mjs|cjs)$/.test(filePath);
+  }
+
+  isCommentOnly(trimmedLine) {
+    return trimmedLine.startsWith('//') || trimmedLine.startsWith('/*') || trimmedLine === '';
+  }
+
+  extractBuiltinName(regexMatch) {
+    if (!regexMatch || regexMatch.length < 2) return null;
+    const candidate = regexMatch[1];
+    return this.builtinErrorNames.includes(candidate) ? candidate : null;
+  }
+
+  getViolationType(pattern, line) {
+    if (pattern.source.includes('new\\s+(')) {
+      return 'generic_system_error_constructor';
+    } else if (pattern.source.includes('\\s+(') && pattern.source.includes('\\(')) {
+      return 'generic_system_error_call';
+    } else if (pattern.source.includes('Promise\\.reject')) {
+      return 'promise_reject_generic_error';
+    } else if (pattern.source.includes('reject\\s*\\(')) {
+      return 'reject_generic_error';
+    } else if (pattern.source.includes('`[^`]*`')) {
+      return 'throw_template_literal';
+    } else if (pattern.source.includes("['\"")) {
+      return 'throw_string_literal';
+    } else if (pattern.source.includes('\\d+')) {
+      return 'throw_number';
+    } else if (pattern.source.includes('[a-zA-Z_$]')) {
+      return 'throw_variable';
+    }
+    return 'generic_system_error_usage';
+  }
+
+  getMessage(violationType) {
+    const messages = {
+      'generic_system_error_constructor': 'Use custom error classes instead of generic system error constructors',
+      'generic_system_error_call': 'Use custom error classes instead of generic system error calls',
+      'promise_reject_generic_error': 'Use custom error classes instead of rejecting with generic errors',
+      'reject_generic_error': 'Use custom error classes instead of rejecting with generic errors',
+      'throw_string_literal': 'Use custom error classes instead of throwing string literals',
+      'throw_template_literal': 'Use custom error classes instead of throwing template literals',
+      'throw_number': 'Use custom error classes instead of throwing numbers',
+      'throw_variable': 'Use custom error classes instead of throwing variables',
+      'generic_system_error_usage': 'Use custom error classes instead of generic system errors'
+    };
+    return messages[violationType] || messages['generic_system_error_usage'];
+  }
+
+  getSuggestion(builtInName, violationType) {
+    if (builtInName) {
+      return `Define and throw a custom error class (e.g., DomainError extends Error) instead of ${builtInName}`;
+    }
+    
+    const suggestions = {
+      'throw_string_literal': 'Define and throw a custom error class (e.g., DomainError extends Error) instead of throwing string literals',
+      'throw_template_literal': 'Define and throw a custom error class (e.g., DomainError extends Error) instead of throwing template literals',
+      'throw_number': 'Define and throw a custom error class (e.g., DomainError extends Error) instead of throwing numbers',
+      'throw_variable': 'Define and throw a custom error class (e.g., DomainError extends Error) instead of throwing variables',
+      'promise_reject_generic_error': 'Define and throw a custom error class (e.g., DomainError extends Error) instead of rejecting with generic errors',
+      'reject_generic_error': 'Define and throw a custom error class (e.g., DomainError extends Error) instead of rejecting with generic errors'
+    };
+    
+    return suggestions[violationType] || 'Define and throw a custom error class (e.g., DomainError extends Error)';
+  }
+}
+
+module.exports = new C030UseCustomErrorClassesAnalyzer();
+
+

package/rules/common/C035_error_logging_context/analyzer.js

@@ -171,7 +171,9 @@ class C035Analyzer {
       }
     }
     
-    console.log(`🔧 [C035] No analysis methods succeeded, returning empty`);
+    if (options?.verbose) {
+      console.log(`🔧 [C035] No analysis methods succeeded, returning empty`);
+    }
     return [];
   }
 

package/rules/common/C048_no_bypass_architectural_layers/analyzer.js

@@ -0,0 +1,180 @@
+/**
+ * C048 Main Analyzer - Do not bypass architectural layers (controller/service/repository)
+ * Primary: Maintain a clear layered architecture, ensuring logic and data flow are well-structured and maintainable.
+ * Fallback: Regex-based for all other cases
+ */
+
+const C048SymbolBasedAnalyzer = require('./symbol-based-analyzer');
+
+class C048Analyzer {
+  constructor(options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C048] Constructor called with options:`, !!options);
+      console.log(`🔧 [C048] Options type:`, typeof options, Object.keys(options || {}));
+    }
+
+    this.ruleId = 'C048';
+    this.ruleName = 'Do not bypass architectural layers (controller/service/repository)';
+    this.description = 'Maintain a clear layered architecture, ensuring logic and data flow are well-structured and maintainable.';
+    this.semanticEngine = options.semanticEngine || null;
+    this.verbose = options.verbose || false;
+
+    // Configuration
+    this.config = {
+      useSymbolBased: true,      // Primary approach
+      fallbackToRegex: false,     // Only when symbol fails completely
+      symbolBasedOnly: false     // Can be set to true for pure mode
+    };
+
+    // Initialize both analyzers
+    try {
+      this.symbolAnalyzer = new C048SymbolBasedAnalyzer(this.semanticEngine);
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔧 [C048] Symbol analyzer created successfully`);
+      }
+    } catch (error) {
+      console.error(`🔧 [C048] Error creating symbol analyzer:`, error);
+    }
+  }
+
+  /**
+   * Initialize with semantic engine
+   */
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+
+    // Initialize both analyzers
+    await this.symbolAnalyzer.initialize(semanticEngine);
+
+    // Ensure verbose flag is propagated
+    this.symbolAnalyzer.verbose = this.verbose;
+
+    if (this.verbose) {
+      console.log(`🔧 [C048 Hybrid] Analyzer initialized - verbose: ${this.verbose}`);
+    }
+  }
+
+  async analyze(files, language, options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C048] analyze() method called with ${files.length} files, language: ${language}`);
+    }
+
+    const violations = [];
+
+    for (const filePath of files) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C048] Processing file: ${filePath}`);
+        }
+
+        const fileViolations = await this.analyzeFile(filePath, options);
+        violations.push(...fileViolations);
+
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C048] File ${filePath}: Found ${fileViolations.length} violations`);
+        }
+      } catch (error) {
+        console.warn(`❌ [C048] Analysis failed for ${filePath}:`, error.message);
+      }
+    }
+
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C048] Total violations found: ${violations.length}`);
+    }
+
+    return violations;
+  }
+
+  async analyzeFile(filePath, options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C048] analyzeFile() called for: ${filePath}`);
+    }
+
+    // 1. Try Symbol-based analysis first (primary)
+    if (this.config.useSymbolBased &&
+        this.semanticEngine?.project &&
+        this.semanticEngine?.initialized) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C048] Trying symbol-based analysis...`);
+        }
+        const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
+        if (sourceFile) {
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`🔧 [C048] Source file found, analyzing with symbol-based...`);
+          }
+          const violations = await this.symbolAnalyzer.analyzeFileWithSymbols(filePath, { ...options, verbose: options.verbose });
+
+          // Mark violations with analysis strategy
+          violations.forEach(v => v.analysisStrategy = 'symbol-based');
+
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`✅ [C048] Symbol-based analysis: ${violations.length} violations`);
+          }
+          return violations; // Return even if 0 violations - symbol analysis completed successfully
+        } else {
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`⚠️ [C048] Source file not found in project`);
+          }
+        }
+      } catch (error) {
+        console.warn(`⚠️ [C048] Symbol analysis failed: ${error.message}`);
+        // Continue to fallback
+      }
+    } else {
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔄 [C048] Symbol analysis conditions check:`);
+        console.log(`  - useSymbolBased: ${this.config.useSymbolBased}`);
+        console.log(`  - semanticEngine: ${!!this.semanticEngine}`);
+        console.log(`  - semanticEngine.project: ${!!this.semanticEngine?.project}`);
+        console.log(`  - semanticEngine.initialized: ${this.semanticEngine?.initialized}`);
+        console.log(`🔄 [C048] Symbol analysis unavailable, using regex fallback`);
+      }
+    }
+
+    if (options?.verbose) {
+      console.log(`🔧 [C048] No analysis methods succeeded, returning empty`);
+    }
+    return [];
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    console.log(`🔧 [C048] analyzeFileBasic() called for: ${filePath}`);
+    console.log(`🔧 [C048] semanticEngine exists: ${!!this.semanticEngine}`);
+    console.log(`🔧 [C048] symbolAnalyzer exists: ${!!this.symbolAnalyzer}`);
+
+    try {
+      // Try symbol-based analysis first
+      if (this.semanticEngine?.isSymbolEngineReady?.() &&
+          this.semanticEngine.project) {
+
+        if (this.verbose) {
+          console.log(`🔍 [C048] Using symbol-based analysis for ${filePath}`);
+        }
+
+        const violations = await this.symbolAnalyzer.analyzeFileBasic(filePath, options);
+        return violations;
+      }
+    } catch (error) {
+      if (this.verbose) {
+        console.warn(`⚠️ [C048] Symbol analysis failed: ${error.message}`);
+      }
+    }
+  }
+
+  /**
+   * Methods for compatibility with different engine invocation patterns
+   */
+  async analyzeFileWithSymbols(filePath, options = {}) {
+    return this.analyzeFile(filePath, options);
+  }
+
+  async analyzeWithSemantics(filePath, options = {}) {
+    return this.analyzeFile(filePath, options);
+  }
+}
+
+module.exports = C048Analyzer;

package/rules/common/C048_no_bypass_architectural_layers/config.json

@@ -0,0 +1,50 @@
+{
+  "id": "C048",
+  "name": "C048_do_not_bypass_architectural_layers",
+  "category": "architecture",
+  "description": "C048 - Do not bypass architectural layers (controller/service/repository)",
+  "severity": "warning",
+  "enabled": true,
+  "semantic": {
+    "enabled": true,
+    "priority": "high",
+    "fallback": "heuristic"
+  },
+  "patterns": {
+    "include": [
+      "**/*.js",
+      "**/*.ts",
+      "**/*.jsx",
+      "**/*.tsx"
+    ],
+    "exclude": [
+      "**/*.test.*",
+      "**/*.spec.*",
+      "**/*.mock.*",
+      "**/test/**",
+      "**/tests/**",
+      "**/spec/**"
+    ]
+  },
+  "options": {
+    "strictMode": false,
+    "allowedDbMethods": [],
+    "repositoryPatterns": [
+      "*Repository*",
+      "*Repo*",
+      "*DAO*",
+      "*Store*"
+    ],
+    "servicePatterns": [
+      "*Service*",
+      "*UseCase*",
+      "*Handler*",
+      "*Manager*"
+    ],
+    "complexityThreshold": {
+      "methodLength": 200,
+      "cyclomaticComplexity": 5,
+      "nestedDepth": 3
+    }
+  }
+}