@sun-asterisk/sunlint 1.3.11 → 1.3.12

package/CHANGELOG.md

@@ -18,12 +18,20 @@
 - **Bonus System**: Up to 10 points bonus for comprehensive rule coverage
 
 #### **Summary Report Generation** 📊
-- **NEW**: `--output-summary <file>` option for JSON summary reports
-- **Format**: CI/CD-ready JSON with quality score, violations, and metrics
-- **Git Integration**: Auto-detects repository URL, branch, and commit hash
-- **Environment Variables**: Supports GitHub Actions env vars (GITHUB_REPOSITORY, GITHUB_SHA, etc.)
+- **NEW**: `--output-summary <file>` option for API-compatible JSON summary reports
+- **Format**: Direct dashboard API compatibility - **no transformation needed!**
+- **Git Integration**: Auto-detects complete repository and commit information
+  - Repository: URL, name, project path (mono-repo support)
+  - Commit: hash, message, author name, author email
+  - PR tracking: Automatic PR number extraction from commit messages/branch names
+- **Environment Variables**: Full GitHub Actions support
+  - `GITHUB_REPOSITORY`, `GITHUB_REF_NAME`, `GITHUB_SHA`
+  - `GITHUB_EVENT_PATH` for commit details
+  - Automatic fallback to git commands if env vars unavailable
+- **Mono-Repo Support**: Automatic `project_path` detection for multi-project repositories
 - **Violation Summary**: Aggregated violations by rule with count and severity
 - **Metrics**: LOC, files analyzed, violations per KLOC, errors/warnings breakdown
+- **API-Ready**: Flat structure format ready for direct POST to dashboard APIs
 
 #### **New Services** 🛠️
 - **ScoringService**: Calculate quality scores with customizable weights

package/core/output-service.js

@@ -111,7 +111,7 @@ class OutputService {
         cwd: process.cwd(),
         filesAnalyzed: totalFiles,
         duration: metadata.duration,
-        version: metadata.version || '1.3.9'
+        version: metadata.version || '1.3.12'
       }
     );
 

package/core/summary-report-service.js

@@ -14,13 +14,19 @@ class SummaryReportService {
   /**
    * Get Git repository information
    * @param {string} cwd - Working directory
-   * @returns {Object} Git info including repository URL, branch, and commit hash
+   * @returns {Object} Git info including repository URL, branch, commit hash, and commit details
    */
   getGitInfo(cwd = process.cwd()) {
     const gitInfo = {
       repository_url: null,
+      repository_name: null,
+      project_path: null,
       branch: null,
-      commit_hash: null
+      commit_hash: null,
+      commit_message: null,
+      author_email: null,
+      author_name: null,
+      pr_number: null
     };
 
     try {
@@ -39,6 +45,12 @@ class SummaryReportService {
         } else {
           gitInfo.repository_url = remoteUrl.replace('.git', '');
         }
+
+        // Extract repository name from URL
+        const urlMatch = gitInfo.repository_url.match(/\/([^\/]+)$/);
+        if (urlMatch) {
+          gitInfo.repository_name = urlMatch[1];
+        }
       } catch (error) {
         // No remote configured
       }
@@ -56,6 +68,55 @@ class SummaryReportService {
       } catch (error) {
         // Can't get commit hash
       }
+
+      // Get commit message
+      try {
+        gitInfo.commit_message = execSync('git log -1 --pretty=%B', { cwd, encoding: 'utf8' }).trim();
+      } catch (error) {
+        // Can't get commit message
+      }
+
+      // Get author email
+      try {
+        gitInfo.author_email = execSync('git log -1 --pretty=%ae', { cwd, encoding: 'utf8' }).trim();
+      } catch (error) {
+        // Can't get author email
+      }
+
+      // Get author name
+      try {
+        gitInfo.author_name = execSync('git log -1 --pretty=%an', { cwd, encoding: 'utf8' }).trim();
+      } catch (error) {
+        // Can't get author name
+      }
+
+      // Get project path (relative to repo root for mono-repo)
+      try {
+        const repoRoot = execSync('git rev-parse --show-toplevel', { cwd, encoding: 'utf8' }).trim();
+        if (cwd !== repoRoot) {
+          gitInfo.project_path = path.relative(repoRoot, cwd);
+        }
+      } catch (error) {
+        // Can't determine project path
+      }
+
+      // Try to extract PR number from commit message or branch name
+      try {
+        // Check commit message for PR patterns like "#123" or "pull request #123"
+        const commitMsg = gitInfo.commit_message || '';
+        const prMatch = commitMsg.match(/#(\d+)/);
+        if (prMatch) {
+          gitInfo.pr_number = parseInt(prMatch[1]);
+        } else {
+          // Check branch name for PR patterns
+          const branchMatch = gitInfo.branch.match(/(?:pr|pull)[/-]?(\d+)/i);
+          if (branchMatch) {
+            gitInfo.pr_number = parseInt(branchMatch[1]);
+          }
+        }
+      } catch (error) {
+        // Can't extract PR number
+      }
     } catch (error) {
       // Not a git repository - return nulls
     }
@@ -79,8 +140,42 @@ class SummaryReportService {
       ? `https://github.com/${process.env.GITHUB_REPOSITORY}`
       : gitInfo.repository_url;
     
+    const repository_name = process.env.GITHUB_REPOSITORY 
+      ? process.env.GITHUB_REPOSITORY.split('/')[1]
+      : (gitInfo.repository_name || null);
+    
     const branch = process.env.GITHUB_REF_NAME || gitInfo.branch;
     const commit_hash = process.env.GITHUB_SHA || gitInfo.commit_hash;
+    
+    // Get commit details from GitHub context or git
+    const commit_message = process.env.GITHUB_EVENT_HEAD_COMMIT_MESSAGE 
+      || (process.env.GITHUB_EVENT_PATH 
+        ? this._getGitHubEventData('head_commit.message')
+        : null)
+      || gitInfo.commit_message;
+    
+    const author_email = process.env.GITHUB_EVENT_HEAD_COMMIT_AUTHOR_EMAIL
+      || (process.env.GITHUB_EVENT_PATH 
+        ? this._getGitHubEventData('head_commit.author.email')
+        : null)
+      || gitInfo.author_email;
+    
+    const author_name = process.env.GITHUB_EVENT_HEAD_COMMIT_AUTHOR_NAME
+      || (process.env.GITHUB_EVENT_PATH 
+        ? this._getGitHubEventData('head_commit.author.name')
+        : null)
+      || gitInfo.author_name;
+    
+    // Get PR number from GitHub event or git
+    let pr_number = null;
+    if (process.env.GITHUB_EVENT_PATH) {
+      pr_number = this._getGitHubEventData('pull_request.number') 
+        || this._getGitHubEventData('number');
+    }
+    pr_number = pr_number || gitInfo.pr_number;
+    
+    // Get project path (for mono-repo support)
+    const project_path = gitInfo.project_path;
 
     // Count violations by rule
     const violationsByRule = {};
@@ -100,42 +195,77 @@ class SummaryReportService {
     const violationsSummary = Object.values(violationsByRule)
       .sort((a, b) => b.count - a.count);
 
-    // Build the summary report
+    // Build the summary report compatible with coding-standards-report API
     const summaryReport = {
+      // API-compatible fields (flat structure)
+      repository_url,
+      repository_name,
+      project_path,
+      branch,
+      commit_hash,
+      commit_message,
+      author_email,
+      author_name,
+      pr_number,
+      score: scoringSummary.score,
+      total_violations: violations.length,
+      error_count: scoringSummary.metrics.errors,
+      warning_count: scoringSummary.metrics.warnings,
+      info_count: 0, // Reserved for future use
+      lines_of_code: scoringSummary.metrics.linesOfCode,
+      files_analyzed: options.filesAnalyzed || 0,
+      sunlint_version: options.version || '1.3.12',
+      analysis_duration_ms: options.duration || 0,
+      violations: violationsSummary,
+      
+      // Additional metadata for backwards compatibility
       metadata: {
         generated_at: new Date().toISOString(),
         tool: 'SunLint',
-        version: options.version || '1.3.9',
+        version: options.version || '1.3.12',
         analysis_duration_ms: options.duration || 0
       },
-      repository: {
-        repository_url,
-        branch,
-        commit_hash
-      },
       quality: {
         score: scoringSummary.score,
         grade: scoringSummary.grade,
         metrics: scoringSummary.metrics
-      },
-      violations: {
-        total: violations.length,
-        by_severity: {
-          errors: scoringSummary.metrics.errors,
-          warnings: scoringSummary.metrics.warnings
-        },
-        by_rule: violationsSummary
-      },
-      analysis: {
-        files_analyzed: options.filesAnalyzed || 0,
-        rules_checked: scoringSummary.metrics.rulesChecked,
-        lines_of_code: scoringSummary.metrics.linesOfCode
       }
     };
 
     return summaryReport;
   }
 
+  /**
+   * Helper method to extract data from GitHub event JSON
+   * @param {string} path - Dot-notation path to the data (e.g., 'head_commit.message')
+   * @returns {any} Extracted value or null
+   * @private
+   */
+  _getGitHubEventData(path) {
+    try {
+      const eventPath = process.env.GITHUB_EVENT_PATH;
+      if (!eventPath || !fs.existsSync(eventPath)) {
+        return null;
+      }
+      
+      const eventData = JSON.parse(fs.readFileSync(eventPath, 'utf8'));
+      const keys = path.split('.');
+      let value = eventData;
+      
+      for (const key of keys) {
+        if (value && typeof value === 'object' && key in value) {
+          value = value[key];
+        } else {
+          return null;
+        }
+      }
+      
+      return value;
+    } catch (error) {
+      return null;
+    }
+  }
+
   /**
    * Generate summary report and save to file
    * @param {Array} violations - Array of violations

package/docs/API_FORMAT_GUIDE.md

@@ -0,0 +1,370 @@
+# API-Compatible Summary Report Format
+
+## Overview
+
+SunLint v1.4.0+ generates summary reports in a format that's **directly compatible** with dashboard APIs, eliminating the need for manual transformation in CI/CD pipelines.
+
+## Output Format
+
+When using `--output-summary=<file>`, SunLint generates a JSON file with the following structure:
+
+```json
+{
+  "repository_url": "https://github.com/sun-asterisk/engineer-excellence",
+  "repository_name": "engineer-excellence",
+  "project_path": "coding-quality/extensions/sunlint",
+  "branch": "main",
+  "commit_hash": "abc123def456",
+  "commit_message": "Merge pull request #123\n\nFix: Update quality scoring",
+  "author_email": "user@example.com",
+  "author_name": "John Doe",
+  "pr_number": 123,
+  "score": 92.6,
+  "total_violations": 39,
+  "error_count": 0,
+  "warning_count": 39,
+  "info_count": 0,
+  "lines_of_code": 4954,
+  "files_analyzed": 22,
+  "sunlint_version": "1.3.9",
+  "analysis_duration_ms": 1464,
+  "violations": [
+    {
+      "rule_code": "C065",
+      "count": 39,
+      "severity": "warning"
+    }
+  ],
+  "metadata": {
+    "generated_at": "2025-10-09T06:59:57.680Z",
+    "tool": "SunLint",
+    "version": "1.3.9",
+    "analysis_duration_ms": 1464
+  },
+  "quality": {
+    "score": 92.6,
+    "grade": "A",
+    "metrics": {
+      "errors": 0,
+      "warnings": 39,
+      "rulesChecked": 1,
+      "linesOfCode": 4954,
+      "violationsPerKLOC": 7.9
+    }
+  }
+}
+```
+
+## Field Descriptions
+
+### Repository Information
+
+| Field | Type | Description | Source |
+|-------|------|-------------|--------|
+| `repository_url` | string | Full HTTPS URL to repository | Git remote or `GITHUB_REPOSITORY` env var |
+| `repository_name` | string | Repository name (without owner) | Extracted from URL or repo name |
+| `project_path` | string\|null | Relative path from repo root (for mono-repo) | Calculated from git root |
+| `branch` | string | Current branch name | Git or `GITHUB_REF_NAME` |
+| `commit_hash` | string | Full commit SHA | Git or `GITHUB_SHA` |
+| `commit_message` | string | Commit message (may include newlines) | Git log or GitHub event |
+| `author_email` | string | Commit author email | Git log or GitHub event |
+| `author_name` | string | Commit author name | Git log or GitHub event |
+| `pr_number` | number\|null | Pull request number (if applicable) | Extracted from commit message or branch name |
+
+### Quality Metrics
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `score` | number | Quality score (0-100) |
+| `total_violations` | number | Total number of violations found |
+| `error_count` | number | Number of error-level violations |
+| `warning_count` | number | Number of warning-level violations |
+| `info_count` | number | Number of info-level violations (reserved) |
+| `lines_of_code` | number | Total lines of code analyzed |
+| `files_analyzed` | number | Number of files analyzed |
+| `sunlint_version` | string | Version of SunLint used |
+| `analysis_duration_ms` | number | Time taken for analysis in milliseconds |
+
+### Violations Array
+
+Each violation object contains:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `rule_code` | string | Rule identifier (e.g., "C065") |
+| `count` | number | Number of times this rule was violated |
+| `severity` | string | Severity level ("error" or "warning") |
+
+## Auto-Detection Features
+
+### 1. Mono-Repo Support
+
+**Automatic `project_path` Detection:**
+- If running from repo root → `project_path: null`
+- If running from subdirectory → `project_path: "relative/path/from/root"`
+
+**Example Mono-Repo Structure:**
+```
+my-monorepo/
+├── project-a/
+│   └── src/
+├── project-b/
+│   └── src/
+└── shared/
+```
+
+Running from `my-monorepo/project-a/`:
+```json
+{
+  "project_path": "project-a",
+  "repository_name": "my-monorepo"
+}
+```
+
+### 2. PR Number Extraction
+
+SunLint automatically extracts PR numbers from:
+
+**Commit Messages:**
+- `"Merge pull request #123"` → `pr_number: 123`
+- `"Fix #456: Update scoring"` → `pr_number: 456`
+- `"Closes #789"` → `pr_number: 789`
+
+**Branch Names:**
+- `"pr-123"` → `pr_number: 123`
+- `"pull/456"` → `pr_number: 456`
+- `"PR-789-feature"` → `pr_number: 789`
+
+### 3. Environment Variable Priority
+
+CI/CD environment variables take precedence over git commands:
+
+```javascript
+// Priority order:
+1. GITHUB_REPOSITORY → repository_url
+2. GITHUB_REF_NAME → branch
+3. GITHUB_SHA → commit_hash
+4. GITHUB_EVENT_PATH (JSON) → commit details
+5. Git commands → fallback for all fields
+```
+
+## Usage in CI/CD
+
+### Before v1.4.0 (Manual Transformation Required)
+
+```yaml
+- name: Generate Report
+  run: sunlint --all --output-summary=report.json
+
+- name: Transform for API
+  run: |
+    jq -n \
+      --arg repo_url "${{ github.repository }}" \
+      --arg commit "${{ github.sha }}" \
+      --argjson report "$(cat report.json)" \
+      '{
+        repository_url: $repo_url,
+        commit_hash: $commit,
+        score: $report.quality.score,
+        total_violations: $report.violations.total,
+        # ... manual mapping for 15+ fields
+      }' > api-payload.json
+```
+
+### v1.4.0+ (Direct Use - No Transformation!)
+
+```yaml
+- name: Generate Report
+  run: sunlint --all --output-summary=report.json
+
+- name: Upload to Dashboard
+  run: |
+    curl -X POST https://dashboard.example.com/api/reports \
+      -H "Content-Type: application/json" \
+      -H "Authorization: Bearer ${{ secrets.API_TOKEN }}" \
+      -d @report.json
+```
+
+**That's it!** No `jq` transformation needed. 🎉
+
+## GitHub Actions Integration
+
+### Full Example
+
+```yaml
+name: Code Quality Check
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  quality:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Full history for git info
+      
+      - name: Run SunLint
+        run: |
+          npx @sun-asterisk/sunlint \
+            --input=src \
+            --all \
+            --output-summary=quality-report.json
+        # Environment variables are automatically available
+        # No need to set them manually!
+      
+      - name: Upload to Dashboard
+        run: |
+          curl -X POST ${{ secrets.DASHBOARD_URL }}/api/reports \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${{ secrets.DASHBOARD_TOKEN }}" \
+            -d @quality-report.json
+```
+
+### Available GitHub Actions Environment Variables
+
+These are **automatically** available and used by SunLint:
+
+```yaml
+# Automatically set by GitHub Actions:
+GITHUB_REPOSITORY: "owner/repo"
+GITHUB_REF_NAME: "main"
+GITHUB_SHA: "abc123..."
+GITHUB_EVENT_PATH: "/github/workflow/event.json"
+
+# From event.json:
+- head_commit.message
+- head_commit.author.email
+- head_commit.author.name
+- pull_request.number (for PR events)
+```
+
+## Local Development
+
+When running locally (not in CI/CD), SunLint uses git commands:
+
+```bash
+# Local run - auto-detects from git
+sunlint --input=src --all --output-summary=local-report.json
+
+# Result uses local git information:
+{
+  "repository_url": "https://github.com/owner/repo",  # from git remote
+  "branch": "feature/my-branch",                      # from git branch
+  "commit_hash": "def456...",                         # from git log
+  "commit_message": "WIP: My feature",                # from git log
+  "author_email": "me@example.com",                   # from git config
+  "author_name": "My Name",                           # from git config
+  "pr_number": null                                   # no PR locally
+}
+```
+
+## Compatibility
+
+### Dashboard API Requirements
+
+The output format is compatible with APIs expecting:
+
+✅ Flat structure (no nested objects for main fields)  
+✅ Repository metadata (URL, name, path, branch, commit)  
+✅ Commit details (message, author email, author name)  
+✅ PR tracking (PR number)  
+✅ Quality metrics (score, violations, LOC)  
+✅ Violations summary (grouped by rule)
+
+### Backwards Compatibility
+
+Additional nested objects are included for backwards compatibility:
+
+```json
+{
+  // API-compatible flat fields
+  "score": 92.6,
+  "total_violations": 39,
+  
+  // Legacy nested structure (for backwards compatibility)
+  "metadata": { ... },
+  "quality": { ... }
+}
+```
+
+## Troubleshooting
+
+### Missing Git Information
+
+**Problem**: Some fields are `null` in the output
+
+**Solution**: Ensure you're running from a git repository with commits
+
+```bash
+# Check git status
+git status
+
+# Verify remote is configured
+git remote -v
+
+# Ensure commits exist
+git log -1
+```
+
+### Incorrect project_path
+
+**Problem**: `project_path` is not null when it should be
+
+**Solution**: Run SunLint from the repository root:
+
+```bash
+cd /path/to/repo-root
+sunlint --input=. --all --output-summary=report.json
+```
+
+### PR Number Not Detected
+
+**Problem**: `pr_number` is `null` in PR builds
+
+**Solution**: 
+
+1. For GitHub Actions PR events, use `pull_request` trigger
+2. Ensure commit message includes PR reference (e.g., "#123")
+3. Use PR branch naming convention (e.g., "pr-123" or "pull/123")
+
+```yaml
+on:
+  pull_request:  # This sets pull_request.number in event.json
+    branches: [ main ]
+```
+
+## Migration Guide
+
+### From Manual Transformation to Direct API Upload
+
+**Before:**
+```yaml
+- run: sunlint --all --output-summary=sunlint-report.json
+- run: |
+    # 30+ lines of jq transformation
+    jq -n --arg repo ... > api-payload.json
+- run: curl -X POST ... -d @api-payload.json
+```
+
+**After:**
+```yaml
+- run: sunlint --all --output-summary=sunlint-report.json
+- run: curl -X POST ... -d @sunlint-report.json
+```
+
+**Benefits:**
+- ✅ **Simpler**: 3 lines instead of 30+
+- ✅ **Faster**: No jq processing overhead
+- ✅ **More reliable**: No transformation errors
+- ✅ **Maintainable**: SunLint handles format updates
+
+## See Also
+
+- [Quality Scoring Guide](QUALITY_SCORING_GUIDE.md)
+- [CI/CD Integration Guide](CI-CD-GUIDE.md)
+- [Configuration Guide](CONFIGURATION.md)

package/docs/QUALITY_SCORING_GUIDE.md

@@ -152,13 +152,25 @@ jobs:
 
 The summary report automatically detects and uses Git information from environment variables (commonly available in CI/CD):
 
-| Variable | Description | Source |
-|----------|-------------|--------|
-| `GITHUB_REPOSITORY` | Repository name (e.g., `owner/repo`) | GitHub Actions |
-| `GITHUB_REF_NAME` | Branch or tag name | GitHub Actions |
-| `GITHUB_SHA` | Commit hash | GitHub Actions |
-
-If these variables are not available, the tool will automatically detect Git information from the local repository.
+| Variable | Description | Source | Fallback |
+|----------|-------------|--------|----------|
+| `GITHUB_REPOSITORY` | Repository name (e.g., `owner/repo`) | GitHub Actions | Git remote URL |
+| `GITHUB_REF_NAME` | Branch or tag name | GitHub Actions | `git rev-parse --abbrev-ref HEAD` |
+| `GITHUB_SHA` | Commit hash | GitHub Actions | `git rev-parse HEAD` |
+| `GITHUB_EVENT_PATH` | Path to event payload JSON | GitHub Actions | - |
+| `GITHUB_EVENT_HEAD_COMMIT_MESSAGE` | Commit message | GitHub Actions | `git log -1 --pretty=%B` |
+| `GITHUB_EVENT_HEAD_COMMIT_AUTHOR_EMAIL` | Author email | GitHub Actions | `git log -1 --pretty=%ae` |
+| `GITHUB_EVENT_HEAD_COMMIT_AUTHOR_NAME` | Author name | GitHub Actions | `git log -1 --pretty=%an` |
+
+**Additional Fields Auto-Detected:**
+- **`repository_name`**: Extracted from repository URL
+- **`project_path`**: Relative path from repo root (for mono-repo support)
+- **`commit_message`**: From git log or GitHub event
+- **`author_email`**: From git log or GitHub event
+- **`author_name`**: From git log or GitHub event
+- **`pr_number`**: Extracted from commit message (e.g., "#123") or branch name (e.g., "pr-123")
+
+If environment variables are not available, the tool will automatically detect all Git information from the local repository.
 
 ## CLI Options
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.3.11",
+  "version": "1.3.12",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {

package/rules/common/C023_no_duplicate_variable/symbol-based-analyzer.js

@@ -66,8 +66,8 @@ class C023SymbolBasedAnalyzer {
     }
   }
 
-  checkScope(node, violations) {
-    const seen = new Map();
+  checkScope(node, violations, parentSeen = new Map()) {
+    const seen = new Map(parentSeen);
 
     node.forEachChild((child) => {
       switch (child.getKind()) {
@@ -83,56 +83,55 @@ class C023SymbolBasedAnalyzer {
         case SyntaxKind.ArrowFunction:
         case SyntaxKind.MethodDeclaration:
         case SyntaxKind.Constructor: { // ✅ also cover constructors
-          const func = child;
-          // Params
-          func.getParameters().forEach((p) =>
-            this.checkDuplicate(p, seen, violations)
+          const funcSeen = new Map();
+          child.getParameters().forEach((p) =>
+            this.checkDuplicate(p, funcSeen, violations)
           );
-          // Body as new scope
-          const body = func.getBody?.();
-          if (body) this.checkScope(body, violations);
+          const body = child.getBody && child.getBody();
+          if (body) this.checkScope(body, violations, funcSeen);
           break;
         }
 
         case SyntaxKind.Block: {
-          this.checkScope(child, violations);
+          this.checkScope(child, violations, new Map(seen));
           break;
         }
 
         case SyntaxKind.CatchClause: {
+          const catchSeen = new Map(seen);
           const catchVar = child.getVariableDeclaration();
           if (catchVar) {
-            // ✅ register catch param in scope
-            this.checkDuplicate(catchVar, seen, violations);
+            this.checkDuplicate(catchVar, catchSeen, violations);
           }
-          // Traverse catch block (same scope as catch param)
-          this.checkScope(child.getBlock(), violations);
+          this.checkScope(child.getBlock(), violations, catchSeen);
           break;
         }
 
         case SyntaxKind.ForStatement:
         case SyntaxKind.ForOfStatement:
         case SyntaxKind.ForInStatement: {
-          const initializer = child.getInitializer?.();
-          if (initializer) {
-            initializer.getDeclarations?.().forEach((decl) =>
-              this.checkDuplicate(decl, seen, violations)
+          const loopSeen = new Map(seen);
+          const initializer = child.getInitializer && child.getInitializer();
+          if (initializer && initializer.getDeclarations) {
+            initializer.getDeclarations().forEach((decl) =>
+              this.checkDuplicate(decl, loopSeen, violations)
             );
           }
-          const statement = child.getStatement?.();
-          if (statement) this.checkScope(statement, violations);
+          const statement = child.getStatement && child.getStatement();
+          if (statement) this.checkScope(statement, violations, loopSeen);
           break;
         }
 
         default: {
-          this.checkScope(child, violations);
+          this.checkScope(child, violations, seen);
         }
       }
     });
   }
 
   checkDuplicate(node, seen, violations) {
-    const name = node.getName?.();
+    const nameNode = node.getNameNode();
+    const name = nameNode.getText();
     if (!name) return;
     const filePath = node.getSourceFile().getFilePath();
 

package/docs/AI.md

@@ -1,163 +0,0 @@
-# 🤖 AI-Powered Analysis
-
-Sunlint supports AI-powered code analysis alongside traditional pattern-based analysis for more intelligent and context-aware rule checking.
-
-## Overview
-
-- **🎯 Smart Analysis**: Uses AI to understand code context and intent
-- **🔄 Fallback Strategy**: Automatically falls back to pattern analysis if AI fails
-- **⚡ Performance**: AI analysis runs per-file with caching support
-- **🔧 Configurable**: Multiple AI providers and models supported
-
-## Configuration
-
-### In `.sunlint.json`:
-
-```json
-{
-  "ai": {
-    "enabled": true,
-    "provider": "openai",
-    "model": "gpt-4o-mini",
-    "apiKey": "${OPENAI_API_KEY}",
-    "fallbackToPattern": true
-  }
-}
-```
-
-### Environment Variables:
-
-```bash
-export OPENAI_API_KEY="your-openai-api-key"
-```
-
-## Supported Providers
-
-### OpenAI
-- **Models**: `gpt-4`, `gpt-4o-mini`, `gpt-3.5-turbo`
-- **API Key**: Required via `OPENAI_API_KEY` environment variable
-- **Cost**: Pay-per-use based on OpenAI pricing
-
-### GitHub Copilot (Planned)
-- **Integration**: VS Code extension integration
-- **Models**: GitHub Copilot models
-- **Authentication**: VS Code Copilot session
-
-## AI-Enhanced Rules
-
-### C019 - Log Level Usage
-✅ **AI-Enabled**: Understands code context to determine appropriate log levels
-
-**AI Analysis Features:**
-- **Context Understanding**: Analyzes surrounding code to determine error criticality
-- **Intent Recognition**: Understands whether errors are expected or exceptional
-- **Semantic Analysis**: Goes beyond pattern matching to understand meaning
-
-**Example:**
-```typescript
-// AI understands this is a validation error, suggests warn level
-if (!user.email) {
-  console.error('Missing email'); // AI: Should use console.warn()
-}
-
-// AI understands this is a critical system error, keeps error level
-try {
-  await database.connect();
-} catch (error) {
-  console.error('Database connection failed:', error); // AI: Appropriate error level
-}
-```
-
-## Usage
-
-### CLI Commands
-
-**Enable AI for specific rule:**
-```bash
-sunlint --rule=C019 --input=src --ai
-```
-
-**Enable AI for all rules:**
-```bash
-sunlint --quality --input=src --ai
-```
-
-**Debug AI analysis:**
-```bash
-sunlint --rule=C019 --input=src --ai --verbose
-```
-
-### VS Code Integration
-
-1. **Debug Configuration**: Use "Debug Sunlint - AI Analysis"
-2. **Task**: Run "Sunlint: AI Analysis Test"
-3. **Set API Key**: Configure `OPENAI_API_KEY` in environment
-
-## Output Differences
-
-### Pattern Analysis Output:
-```
-WARNING: Error log level used for non-critical issue - should use warn/info level
-  at src/user.ts:15:5 (C019)
-```
-
-### AI Analysis Output:
-```
-WARNING: Email validation error should use console.warn() - this is user input validation, not a system error
-  at src/user.ts:15:5 (C019)
-  Suggestion: Change to console.warn('User email validation failed:', email)
-```
-
-## Performance Considerations
-
-- **Caching**: AI responses are cached per file content hash
-- **Concurrency**: AI calls are made concurrently with rate limiting
-- **Timeout**: 30-second timeout per AI request
-- **Cost**: Monitor API usage in OpenAI dashboard
-
-## Troubleshooting
-
-### Common Issues
-
-**API Key Not Found:**
-```bash
-⚠️  AI API key not found, falling back to pattern analysis
-```
-Solution: Set `OPENAI_API_KEY` environment variable
-
-**API Rate Limit:**
-```bash
-AI Analysis failed: OpenAI API error: 429 Too Many Requests
-```
-Solution: Reduce `maxConcurrentRules` in config or wait
-
-**Network Issues:**
-```bash
-AI Analysis failed: OpenAI API error: Network timeout
-```
-Solution: Check internet connection, increase `timeoutMs`
-
-### Debug AI Issues
-
-1. **Enable verbose mode**: `--verbose`
-2. **Check API key**: `echo $OPENAI_API_KEY`
-3. **Test connection**: Use debug configuration
-4. **Check API quota**: Visit OpenAI dashboard
-
-## Future Enhancements
-
-- **🔄 GitHub Copilot Integration**: Direct integration with VS Code Copilot
-- **📊 Custom Models**: Support for fine-tuned models
-- **🎯 Rule-Specific Prompts**: Specialized prompts per rule type
-- **💾 Smart Caching**: Semantic caching across similar code patterns
-- **📈 Analytics**: AI vs Pattern analysis effectiveness metrics
-
-## Cost Estimation
-
-**OpenAI API Costs** (approximate):
-- **gpt-4o-mini**: ~$0.001 per 1K tokens
-- **gpt-4**: ~$0.03 per 1K tokens
-- **Average file**: ~500 tokens
-- **1000 files with gpt-4o-mini**: ~$0.50
-
-**Recommendation**: Start with `gpt-4o-mini` for cost-effectiveness.