@sun-asterisk/sunlint 1.3.17 → 1.3.18

package/core/analysis-orchestrator.js

@@ -547,9 +547,17 @@ class AnalysisOrchestrator {
     for (const engineResult of engineResults) {
       uniqueEngines.add(engineResult.engine);
       
-      // Add engine-specific results
-      if (engineResult.results) {
-        mergedResults.results.push(...engineResult.results);
+      // Add engine-specific results with validation
+      if (engineResult.results && Array.isArray(engineResult.results)) {
+        // Filter out invalid entries (non-objects or config objects)
+        const validResults = engineResult.results.filter(result => {
+          if (!result || typeof result !== 'object') return false;
+          // Skip objects that look like metadata/config
+          if (result.semanticEngine || result.project || result._context) return false;
+          // Must have either file/filePath or be a valid result object
+          return result.file || result.filePath || result.violations || result.messages;
+        });
+        mergedResults.results.push(...validResults);
       }
       
       // Track engine statistics

package/core/output-service.js

@@ -28,9 +28,9 @@ class OutputService {
     try {
       const packageJsonPath = path.join(__dirname, '..', 'package.json');
       const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
-      return packageJson.version || '1.3.16';
+      return packageJson.version || '1.3.18';
     } catch (error) {
-      return '1.3.16'; // Fallback version
+      return '1.3.18'; // Fallback version
     }
   }
 
@@ -140,6 +140,17 @@ class OutputService {
     const allViolations = [];
     let totalFiles = results.filesAnalyzed || results.summary?.totalFiles || results.totalFiles || results.fileCount || 0;
 
+    // Helper function to validate violation object
+    const isValidViolation = (violation) => {
+      if (!violation || typeof violation !== 'object') return false;
+      // Skip config/metadata objects (have nested objects like semanticEngine, project, etc.)
+      if (violation.semanticEngine || violation.project || violation._context) return false;
+      // Must have ruleId as string
+      const ruleId = violation.ruleId || violation.rule;
+      if (!ruleId || typeof ruleId !== 'string') return false;
+      return true;
+    };
+
     // Collect all violations - handle both file-based and rule-based results
     if (results.results) {
       results.results.forEach(result => {
@@ -147,16 +158,20 @@ class OutputService {
           // Handle rule-based format (MultiRuleRunner)
           if (result.ruleId) {
             result.violations.forEach(violation => {
-              allViolations.push(violation); // violation already has file path
+              if (isValidViolation(violation)) {
+                allViolations.push(violation); // violation already has file path
+              }
             });
           } 
           // Handle file-based format (legacy)
           else {
             result.violations.forEach(violation => {
-              allViolations.push({
-                ...violation,
-                file: result.filePath || result.file // Use filePath first, then file
-              });
+              if (isValidViolation(violation)) {
+                allViolations.push({
+                  ...violation,
+                  file: result.filePath || result.file // Use filePath first, then file
+                });
+              }
             });
           }
         }
@@ -164,7 +179,7 @@ class OutputService {
         // Handle ESLint format (messages array)
         if (result.messages) {
           result.messages.forEach(message => {
-            allViolations.push({
+            const violation = {
               file: result.filePath || message.file,
               ruleId: message.ruleId,
               severity: message.severity === 2 ? 'error' : 'warning',
@@ -172,7 +187,10 @@ class OutputService {
               line: message.line,
               column: message.column,
               source: message.source || 'eslint'
-            });
+            };
+            if (isValidViolation(violation)) {
+              allViolations.push(violation);
+            }
           });
         }
       });

package/core/summary-report-service.js

@@ -23,9 +23,9 @@ class SummaryReportService {
     try {
       const packageJsonPath = path.join(__dirname, '..', 'package.json');
       const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
-      return packageJson.version || '1.3.16';
+      return packageJson.version || '1.3.18';
     } catch (error) {
-      return '1.3.16'; // Fallback version
+      return '1.3.18'; // Fallback version
     }
   }
 
@@ -198,7 +198,25 @@ class SummaryReportService {
     // Count violations by rule
     const violationsByRule = {};
     violations.forEach(violation => {
-      const ruleId = violation.ruleId || 'unknown';
+      // Validate that this is actually a violation object (not metadata/config)
+      // A valid violation should have ruleId/rule as string and message
+      if (!violation || typeof violation !== 'object') {
+        return; // Skip non-objects
+      }
+      
+      // Skip objects that look like metadata/config (have nested objects like semanticEngine, project, etc.)
+      if (violation.semanticEngine || violation.project || violation.options) {
+        return; // Skip config objects
+      }
+      
+      // Get ruleId from various possible fields
+      const ruleId = violation.ruleId || violation.rule || 'unknown';
+      
+      // Ensure ruleId is a string (not an object)
+      if (typeof ruleId !== 'string') {
+        return; // Skip invalid ruleId
+      }
+      
       if (!violationsByRule[ruleId]) {
         violationsByRule[ruleId] = {
           rule_code: ruleId,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.3.17",
+  "version": "1.3.18",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {

package/rules/common/C047_no_duplicate_retry_logic/analyzer.js

@@ -47,7 +47,9 @@ class C047Analyzer {
 
   async analyze(files, language, options = {}) {
     const violations = [];
+    this.retryPatterns = []; // ✅ Reset once for entire analysis, not per file
     
+    // Phase 1: Collect all retry patterns from all files
     for (const filePath of files) {
       if (options.verbose) {
         console.log(`🔍 Running C047 analysis on ${require('path').basename(filePath)}`);
@@ -55,41 +57,65 @@ class C047Analyzer {
       
       try {
         const content = require('fs').readFileSync(filePath, 'utf8');
-        this.retryPatterns = []; // Reset for each file
-        const fileViolations = this.analyzeFile(content, filePath);
-        violations.push(...fileViolations);
+        this.collectRetryPatterns(content, filePath);
       } catch (error) {
         console.warn(`⚠️ Failed to analyze ${filePath}: ${error.message}`);
       }
     }
     
+    // ✅ Safety check: If no valid retry patterns found, return empty (no violations)
+    if (this.retryPatterns.length === 0) {
+      if (options.verbose) {
+        console.log('🔍 [C047] No retry patterns found - skipping');
+      }
+      return violations;
+    }
+    
+    if (options.verbose) {
+      console.log(`🔍 [C047] Found ${this.retryPatterns.length} retry patterns:`);
+      this.retryPatterns.forEach((p, i) => {
+        console.log(`  [${i}] ${p.filePath}:${p.line} - type: ${p.type}`);
+      });
+    }
+    
+    // Phase 2: Detect duplicates across all collected patterns
+    const duplicateGroups = this.enhancedDuplicateDetection();
+    
+    // ✅ Safety check: If no duplicate groups found, return empty (no violations)
+    if (duplicateGroups.length === 0) {
+      return violations;
+    }
+    
+    // Phase 3: Generate violations for each file
+    for (const filePath of files) {
+      try {
+        const fileViolations = this.generateViolationsForFile(duplicateGroups, filePath);
+        violations.push(...fileViolations);
+      } catch (error) {
+        console.warn(`⚠️ Failed to generate violations for ${filePath}: ${error.message}`);
+      }
+    }
+    
     return violations;
   }
-
-  analyzeFile(content, filePath) {
-    const violations = [];
+  
+  collectRetryPatterns(content, filePath) {
     const lines = content.split('\n');
-    
-    // Find all retry patterns in the file
     this.findRetryPatterns(lines, filePath);
     
     // Add architectural context to patterns
     this.retryPatterns.forEach(pattern => {
-      if (!pattern.context) {
-        const contextLines = lines.slice(Math.max(0, pattern.line - 10), pattern.line + 10);
+      if (!pattern.context && pattern.filePath === filePath) {
+        const lineIndex = pattern.line - 1;
+        const contextLines = lines.slice(Math.max(0, lineIndex - 10), lineIndex + 10);
         const contextContent = contextLines.join('\n');
         pattern.context = this.analyzeArchitecturalContext(filePath, contextContent);
       }
     });
-    
-    // Enhanced duplicate detection with architectural intelligence
-    const duplicateGroups = this.enhancedDuplicateDetection();
-    
-    // Generate violations with architectural context
-    const enhancedViolations = this.generateEnhancedViolations(duplicateGroups, filePath);
-    violations.push(...enhancedViolations);
-    
-    return violations;
+  }
+  
+  generateViolationsForFile(duplicateGroups, filePath) {
+    return this.generateEnhancedViolations(duplicateGroups, filePath);
   }
   
   findRetryPatterns(lines, filePath) {
@@ -114,7 +140,8 @@ class C047Analyzer {
           this.retryPatterns.push({
             ...pattern,
             line: i + 1,
-            column: line.indexOf(line.trim()) + 1
+            column: line.indexOf(line.trim()) + 1,
+            filePath: filePath  // ✅ Store file path with pattern
           });
         }
       }
@@ -132,12 +159,26 @@ class C047Analyzer {
           continue;
         }
         
+        // Skip if it's just a data field assignment (not retry logic)
+        // e.g., "retryAttempt: payment.retryCount || 0" in logging context
+        if (line.includes(':') && !line.includes('const') && !line.includes('let') && !line.includes('var')) {
+          // This is likely an object property, not a variable declaration
+          continue;
+        }
+        
+        // Skip if it's part of error logging object (common false positive)
+        if (contextText.includes('logger.error') || contextText.includes('console.error') || 
+            contextText.includes('log.error') || line.includes('error:') || line.includes('message:')) {
+          continue;
+        }
+        
         const pattern = this.extractRetryPattern(lines, i, 'variable');
         if (pattern) {
           this.retryPatterns.push({
             ...pattern,
             line: i + 1,
-            column: line.indexOf(line.trim()) + 1
+            column: line.indexOf(line.trim()) + 1,
+            filePath: filePath  // ✅ Store file path with pattern
           });
         }
       }
@@ -159,7 +200,8 @@ class C047Analyzer {
           this.retryPatterns.push({
             ...pattern,
             line: i + 1,
-            column: line.indexOf(line.trim()) + 1
+            column: line.indexOf(line.trim()) + 1,
+            filePath: filePath  // ✅ Store file path with pattern
           });
         }
       }
@@ -205,10 +247,20 @@ class C047Analyzer {
       return false;
     }
     
+    // ✅ Skip object properties (data fields) - not variable declarations
+    // Pattern: "propertyName: value," or "propertyName: value }" 
+    const trimmed = line.trim();
+    if (/^\w+\s*:\s*.+[,}]?\s*$/.test(trimmed) && 
+        !trimmed.startsWith('const') && 
+        !trimmed.startsWith('let') && 
+        !trimmed.startsWith('var')) {
+      return false;
+    }
+    
     // Check for variable declarations with retry-related names that involve logic
     const declarationPatterns = [
-      /(?:const|let|var)\s+.*(?:retry|attempt|tries|maxretries|maxattempts)/,
-      /(?:retry|attempt|tries|maxretries|maxattempts)\s*[:=]/
+      /(?:const|let|var)\s+.*(?:retry|attempt|tries|maxretries|maxattempts)/
+      // ✅ Removed the object property pattern that causes false positives
     ];
     
     // Only consider it a retry pattern if it has logical complexity
@@ -560,25 +612,29 @@ class C047Analyzer {
     };
   }
 
-  generateEnhancedViolations(duplicateGroups, filePath) {
+  generateEnhancedViolations(duplicateGroups, currentFilePath) {
     const violations = [];
     
     duplicateGroups.forEach(group => {
-      const firstPattern = group.patterns[0];
-      
-      violations.push({
-        file: filePath,
-        line: firstPattern.line,
-        column: firstPattern.column || 1,
-        message: `${group.legitimacy.reason} (${group.patterns.length} similar patterns found). Consider using a centralized retry utility.`,
-        severity: group.legitimacy.severity || 'warning',
-        ruleId: this.ruleId,
-        type: 'duplicate_retry_logic',
-        duplicateCount: group.patterns.length,
-        architecturalContext: {
-          layers: [...new Set(group.patterns.map(p => p.context?.layer))],
-          purposes: [...new Set(group.patterns.map(p => p.context?.purpose))],
-          confidence: group.legitimacy.confidence
+      // Create violations for each pattern in the group
+      group.patterns.forEach(pattern => {
+        // Only create violation for patterns in the current file being analyzed
+        if (pattern.filePath === currentFilePath) {
+          violations.push({
+            file: pattern.filePath || currentFilePath,
+            line: pattern.line,
+            column: pattern.column || 1,
+            message: `${group.legitimacy.reason} (${group.patterns.length} similar patterns found). Consider using a centralized retry utility.`,
+            severity: group.legitimacy.severity || 'warning',
+            ruleId: this.ruleId,
+            type: 'duplicate_retry_logic',
+            duplicateCount: group.patterns.length,
+            architecturalContext: {
+              layers: [...new Set(group.patterns.map(p => p.context?.layer))],
+              purposes: [...new Set(group.patterns.map(p => p.context?.purpose))],
+              confidence: group.legitimacy.confidence
+            }
+          });
         }
       });
     });

package/rules/common/C047_no_duplicate_retry_logic/symbol-analyzer-enhanced.js

@@ -600,6 +600,21 @@ class C047SymbolAnalyzerEnhanced {
         if (!catchClause) continue;
         
         const catchBlock = catchClause.getBlock();
+        const catchText = catchBlock.getText().toLowerCase();
+        
+        // ✅ STRICT VALIDATION: Must have retry indicators (maxRetries, attempts, delay, backoff)
+        const hasRetryIndicators = /(?:maxretries|maxattempts|attempt|retry|backoff|delay|timeout)/i.test(catchText);
+        if (!hasRetryIndicators) {
+          // Skip try-catch without retry logic (e.g., just logging errors)
+          continue;
+        }
+        
+        // ✅ Skip logging-only catch blocks (common false positive)
+        const isLoggingOnly = /(?:logger\.|console\.|log\.)(?:error|warn|info)/i.test(catchText) &&
+                             !hasRetryIndicators;
+        if (isLoggingOnly) {
+          continue;
+        }
         
         // Look for retry calls in catch block
         const callExpressions = catchBlock.getDescendantsOfKind(require('ts-morph').SyntaxKind.CallExpression);
@@ -615,8 +630,8 @@ class C047SymbolAnalyzerEnhanced {
             );
           }
           
-          // Pattern 2: Direct API retry
-          if (this.isApiCall(callText)) {
+          // Pattern 2: Direct API retry (ONLY if has retry indicators)
+          if (this.isApiCall(callText) && hasRetryIndicators) {
             return this.createRetryPattern(
               functionName, filePath, 'exception_api_retry',
               func.getStartLineNumber(), 'try-catch with API re-call'

package/docs/CONSTANTS-ARCHITECTURE.md

@@ -1,288 +0,0 @@
-# SunLint Constants Architecture
-
-## Overview
-
-SunLint now uses a centralized constants sub-package located at `core/constants/` to manage all constants and configuration values. This improves code organization, maintainability, and extensibility.
-
-## Structure
-
-```
-core/
-  constants/
-    categories.js    # Category-principle mappings and functions
-    defaults.js      # Default configurations and values  
-    engines.js       # Engine capabilities and configurations
-    rules.js         # Rule-related constants and utilities
-    index.js         # Barrel export for all constants
-```
-
-## Migration Guide
-
-### Before (Old approach)
-```javascript
-// Scattered constants across multiple files
-const { getValidCategories } = require('./core/category-constants');
-const defaultRules = ['C006', 'C019']; // Hardcoded in various files
-const SUPPORTED_ENGINES = { /* scattered */ };
-```
-
-### After (New centralized approach)
-```javascript
-// Option 1: Import specific module
-const { getValidCategories } = require('./core/constants/categories');
-const { getDefaultRuleSet } = require('./core/constants/defaults');
-const { SUPPORTED_ENGINES } = require('./core/constants/engines');
-
-// Option 2: Import from barrel export
-const { 
-  getValidCategories, 
-  getDefaultRuleSet, 
-  SUPPORTED_ENGINES 
-} = require('./core/constants');
-
-// Option 3: Import entire module
-const constants = require('./core/constants');
-const categories = constants.getValidCategories();
-```
-
-## Modules
-
-### 1. Categories (`core/constants/categories.js`)
-
-**Purpose**: Category-principle mappings, validation, and normalization.
-
-**Key Exports**:
-```javascript
-// Constants
-SUNLINT_PRINCIPLES       // Object with all principle constants
-CATEGORY_PRINCIPLE_MAP   // Category to principle mapping
-CATEGORY_DESCRIPTIONS    // Human-readable descriptions
-
-// Functions
-getValidCategories()     // Get all valid categories
-getCategoryPrinciples(category)  // Get principles for category
-isValidCategory(category)        // Validate category
-normalizeCategory(category)      // Normalize and validate
-getCategoryStats()              // Get statistics
-```
-
-**Example Usage**:
-```javascript
-const { getValidCategories, normalizeCategory } = require('./core/constants/categories');
-
-const validCategories = getValidCategories();
-// ['security', 'quality', 'performance', ...]
-
-const normalized = normalizeCategory('QUALITY');
-// 'quality'
-```
-
-### 2. Defaults (`core/constants/defaults.js`)
-
-**Purpose**: Default configurations, rule sets, and standard values.
-
-**Key Exports**:
-```javascript
-// Constants
-DEFAULT_RULE_SETS        // Predefined rule sets (MINIMAL, ESSENTIAL, etc.)
-DEFAULT_CONFIG          // Default configuration object
-DEFAULT_SEVERITIES      // Severity levels
-DEFAULT_TIMEOUTS        // Timeout configurations
-DEFAULT_LIMITS          // File size and processing limits
-
-// Functions
-getDefaultRuleSet(name)     // Get predefined rule set
-getDefaultConfig(overrides) // Get configuration with overrides
-getLanguageExtensions(lang) // Get file extensions for language
-isFileSizeValid(size)      // Check file size limits
-```
-
-**Example Usage**:
-```javascript
-const { getDefaultRuleSet, getDefaultConfig } = require('./core/constants/defaults');
-
-const essentialRules = getDefaultRuleSet('ESSENTIAL');
-// ['C001', 'C002', 'C003', ...]
-
-const config = getDefaultConfig({ verbose: true });
-// { verbose: true, useRegistry: true, ... }
-```
-
-### 3. Engines (`core/constants/engines.js`)
-
-**Purpose**: Engine capabilities, configurations, and language support.
-
-**Key Exports**:
-```javascript
-// Constants
-SUPPORTED_ENGINES       // Object with all supported engines
-ENGINE_CAPABILITIES     // Engine features and language support
-ENGINE_MODES           // Execution modes (sequential, parallel, etc.)
-ENGINE_PERFORMANCE     // Performance characteristics
-
-// Functions
-getEngineLanguages(engine)      // Get supported languages
-getEnginesForLanguage(language) // Get engines for language
-getRecommendedEngine(language)  // Get best engine for language
-isLanguageSupported(engine, lang) // Check support
-getEnginePerformance(engine)    // Get performance info
-```
-
-**Example Usage**:
-```javascript
-const { getEnginesForLanguage, getRecommendedEngine } = require('./core/constants/engines');
-
-const jsEngines = getEnginesForLanguage('javascript');
-// [{ name: 'heuristic', priority: 1, features: [...] }, ...]
-
-const recommended = getRecommendedEngine('typescript');
-// 'heuristic'
-```
-
-### 4. Rules (`core/constants/rules.js`)
-
-**Purpose**: Rule-related constants, metadata, and utilities.
-
-**Key Exports**:
-```javascript
-// Constants
-RULE_SEVERITIES         // Severity levels (ERROR, WARNING, etc.)
-RULE_STATUS            // Execution status values
-RULE_TYPES             // Analysis types (HEURISTIC, AST, etc.)
-RULE_SCOPES            // Operation scopes (FILE, PROJECT, etc.)
-RULE_LANGUAGE_PATTERNS // Regex patterns for rule IDs
-RULE_TIMEOUTS          // Timeout values by rule type
-
-// Functions
-getLanguageFromRuleId(ruleId)   // Extract language from rule ID
-isValidRuleId(ruleId)          // Validate rule ID format
-getRuleTimeout(type)           // Get timeout for rule type
-getDefaultRuleMetadata(overrides) // Get rule metadata template
-isValidSeverity(severity)      // Validate severity level
-```
-
-**Example Usage**:
-```javascript
-const { getLanguageFromRuleId, isValidRuleId } = require('./core/constants/rules');
-
-const language = getLanguageFromRuleId('C001');
-// 'common'
-
-const isValid = isValidRuleId('CUSTOM_RULE');
-// true
-```
-
-## Backward Compatibility
-
-The following files are maintained for backward compatibility but are deprecated:
-
-- `core/category-constants.js` - Proxies to `core/constants/categories.js`
-- `core/categories.js` - Proxies to `core/constants/categories.js`
-
-**Migration Path**:
-1. Update imports to use `core/constants/*` directly
-2. Replace deprecated file imports gradually
-3. Legacy files will be removed in future versions
-
-## Benefits
-
-### 1. **Better Organization**
-- Related constants grouped together
-- Clear separation of concerns
-- Easier to locate and modify constants
-
-### 2. **Improved Maintainability**
-- Single source of truth for each type of constant
-- Centralized documentation and examples
-- Easier to add new constants or modify existing ones
-
-### 3. **Enhanced Extensibility**
-- Modular structure supports new constant types
-- Barrel export provides flexible import options
-- Framework for adding new engines, rules, categories
-
-### 4. **Developer Experience**
-- Clearer imports with specific module names
-- Better IDE support and autocomplete
-- Self-documenting code structure
-
-## Best Practices
-
-### 1. **Import Strategy**
-```javascript
-// ✅ Good: Import specific functions
-const { getValidCategories, normalizeCategory } = require('./core/constants/categories');
-
-// ✅ Good: Import from barrel for multiple modules
-const { getValidCategories, getDefaultRuleSet } = require('./core/constants');
-
-// ❌ Avoid: Importing entire modules unnecessarily
-const allConstants = require('./core/constants');
-```
-
-### 2. **Adding New Constants**
-```javascript
-// Add to appropriate module (e.g., categories.js)
-const NEW_CATEGORY_FEATURE = 'new-feature';
-
-// Export in module
-module.exports = {
-  NEW_CATEGORY_FEATURE,
-  // ... other exports
-};
-
-// Update barrel export (index.js) if needed
-```
-
-### 3. **Extending Functionality**
-```javascript
-// Add utility functions to appropriate modules
-function getAdvancedCategoryInfo(category) {
-  // Implementation
-}
-
-// Export with other functions
-module.exports = {
-  // ... existing exports
-  getAdvancedCategoryInfo
-};
-```
-
-## Testing
-
-Each constants module includes comprehensive tests:
-
-```bash
-# Test entire constants structure
-node test-constants-structure.js
-
-# Test backward compatibility
-node test-centralized-categories.js
-```
-
-## Future Enhancements
-
-### Planned Features
-1. **Dynamic Configuration Loading** - Load constants from external files
-2. **Environment-specific Constants** - Different values for dev/prod
-3. **Validation Schemas** - JSON Schema validation for all constants
-4. **Hot Reloading** - Update constants without restarting
-
-### Extension Points
-- Add new constant modules (e.g., `integrations.js`, `plugins.js`)
-- Extend barrel export for new modules
-- Add validation functions for new constant types
-
----
-
-## Quick Reference
-
-| Module | Purpose | Key Functions |
-|--------|---------|---------------|
-| `categories.js` | Category management | `getValidCategories()`, `normalizeCategory()` |
-| `defaults.js` | Default values | `getDefaultConfig()`, `getDefaultRuleSet()` |
-| `engines.js` | Engine configuration | `getEnginesForLanguage()`, `getRecommendedEngine()` |
-| `rules.js` | Rule utilities | `getLanguageFromRuleId()`, `isValidRuleId()` |
-| `index.js` | Barrel export | All functions from all modules |
-
-For detailed API documentation, see the JSDoc comments in each module file.