@sun-asterisk/sunlint 1.3.23 → 1.3.25

package/config/rules/enhanced-rules-registry.json

@@ -31,6 +31,38 @@
         "heuristic": ["rules/common/C019_log_level_usage/analyzer.js"]
       }
     },
+    "C020": {
+      "name": "Unused Imports",
+      "description": "Không import các module hoặc symbol không sử dụng",
+      "category": "code-quality",
+      "severity": "warning",
+      "languages": ["typescript", "javascript"],
+      "analyzer": "./rules/common/C020_unused_imports/analyzer.js",
+      "config": "./rules/common/C020_unused_imports/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": ["imports", "cleanup", "unused-code"],
+      "engineMappings": {
+        "eslint": ["no-unused-vars", "@typescript-eslint/no-unused-vars"],
+        "heuristic": ["rules/common/C020_unused_imports/analyzer.js"]
+      }
+    },
+    "C021": {
+      "name": "Import Organization",
+      "description": "Tổ chức và sắp xếp imports theo nhóm và thứ tự alphabet",
+      "category": "code-quality",
+      "severity": "info",
+      "languages": ["typescript", "javascript"],
+      "analyzer": "./rules/common/C021_import_organization/analyzer.js",
+      "config": "./rules/common/C021_import_organization/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": ["imports", "organization", "readability"],
+      "engineMappings": {
+        "eslint": ["import/order", "sort-imports"],
+        "heuristic": ["rules/common/C021_import_organization/analyzer.js"]
+      }
+    },
     "C006": {
       "name": "Function Naming Convention",
       "description": "Tên hàm phải là động từ/verb-noun pattern",

package/core/github-annotate-service.js

@@ -380,9 +380,6 @@ async function createReviewsInBatches(octokit, owner, repoName, prNumber, headSh
     const batch = batches[i];
     const isLastBatch = i === batches.length - 1;
 
-    // Only REQUEST_CHANGES on last batch if there are errors
-    const eventType = isLastBatch && hasError ? 'REQUEST_CHANGES' : 'COMMENT';
-
     try {
       const reviewRes = await withRetry(async () => {
         return await octokit.pulls.createReview({
@@ -390,7 +387,7 @@ async function createReviewsInBatches(octokit, owner, repoName, prNumber, headSh
           repo: repoName,
           pull_number: prNumber,
           commit_id: headSha,
-          event: eventType,
+          event: 'COMMENT',
           body: isLastBatch && batches.length > 1
             ? `SunLint found ${comments.length} issue(s) across multiple reviews.`
             : undefined,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.3.23",
+  "version": "1.3.25",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {

package/rules/common/C010_limit_block_nesting/symbol-based-analyzer.js

@@ -17,6 +17,8 @@ class C010SymbolBasedAnalyzer {
     this.maxNestingLevel = 3;
     
     // Block statement kinds that count toward nesting (use ts-morph SyntaxKind)
+    // IMPORTANT: Only control flow statements that represent LOGICAL complexity
+    // Try/catch are error handling wrappers and should NOT count toward nesting
     this.blockStatementKinds = new Set([
       SyntaxKind.IfStatement,
       SyntaxKind.ForStatement,
@@ -24,10 +26,9 @@ class C010SymbolBasedAnalyzer {
       SyntaxKind.ForOfStatement,
       SyntaxKind.WhileStatement,
       SyntaxKind.DoStatement,
-      SyntaxKind.SwitchStatement,
-      SyntaxKind.TryStatement,
-      SyntaxKind.CatchClause,
-      SyntaxKind.Block
+      SyntaxKind.SwitchStatement
+      // Removed: TryStatement, CatchClause, Block
+      // Rationale: Error handling wrappers don't add logical complexity
     ]);
     
     // Statements that DON'T count toward nesting
@@ -44,6 +45,13 @@ class C010SymbolBasedAnalyzer {
       SyntaxKind.ObjectLiteralExpression,
       SyntaxKind.ArrayLiteralExpression
     ]);
+
+    // Error handling constructs that should be transparent (don't add or reset nesting)
+    this.errorHandlingKinds = new Set([
+      SyntaxKind.TryStatement,
+      SyntaxKind.CatchClause,
+      SyntaxKind.FinallyKeyword
+    ]);
   }
 
   async initialize(semanticEngine = null) {
@@ -137,22 +145,30 @@ class C010SymbolBasedAnalyzer {
         violations.push({
           ruleId: this.ruleId,
           severity: 'warning',
-          message: `Block nesting is too deep (level ${newDepth}). Maximum allowed is ${this.maxNestingLevel} levels.`,
+          message: `Block nesting depth ${newDepth} exceeds maximum of ${this.maxNestingLevel}. Consider refactoring to reduce complexity.`,
           filePath: filePath,
           line: lineAndChar.line + 1,
           column: lineAndChar.column + 1,
-          context: this.getNodeContext(node)
+          context: this.getNodeContext(node),
+          suggestion: this.getSuggestion(newDepth)
         });
       }
     }
     
     // Recursively analyze child nodes
     node.forEachChild(child => {
-      // Don't increase depth for function boundaries
+      const childKind = child.getKind();
+
+      // Reset depth for function boundaries
       if (this.isFunctionBoundary(child)) {
-        // Reset depth for function/method/class boundaries
         this.traverseNode(child, 0, violations, filePath);
-      } else {
+      }
+      // Keep same depth for error handling (transparent wrappers)
+      else if (this.errorHandlingKinds.has(childKind)) {
+        this.traverseNode(child, currentDepth, violations, filePath);
+      }
+      // Normal case: use new depth
+      else {
         this.traverseNode(child, newDepth, violations, filePath);
       }
     });
@@ -195,17 +211,30 @@ class C010SymbolBasedAnalyzer {
     const text = node.getText();
     const lines = text.split('\n');
     const firstLine = lines[0].trim();
-    
+
     // Return first line or statement type
     if (firstLine.length > 0) {
       return firstLine.length > 50 ? firstLine.substring(0, 47) + '...' : firstLine;
     }
-    
+
     // Fallback to node kind
     const kind = node.getKind();
     return SyntaxKind[kind] || 'Unknown';
   }
 
+  /**
+   * Get refactoring suggestion based on nesting depth
+   */
+  getSuggestion(depth) {
+    if (depth >= 6) {
+      return 'Critical: Extract nested logic into separate functions';
+    } else if (depth >= 5) {
+      return 'Use early returns, guard clauses, or extract methods';
+    } else {
+      return 'Consider using early returns or extracting to helper functions';
+    }
+  }
+
   /**
    * Get detailed information about nesting violation
    */

package/rules/common/C013_no_dead_code/symbol-based-analyzer.js

@@ -396,23 +396,30 @@ class C013SymbolBasedAnalyzer {
 
   detectUnusedVariables(sourceFile, filePath) {
     const violations = [];
-    
+
     // Get all variable declarations
     const variableDeclarations = sourceFile.getDescendantsOfKind(SyntaxKind.VariableDeclaration);
-    
+
     for (const declaration of variableDeclarations) {
       const name = declaration.getName();
-      
+
       // Skip variables with underscore prefix (conventional ignore)
       if (name.startsWith('_') || name.startsWith('$')) {
         continue;
       }
-      
+
       // Skip destructured variables for now (complex analysis)
       if (declaration.getNameNode().getKind() !== SyntaxKind.Identifier) {
         continue;
       }
-      
+
+      // Skip catch clause error variables (defensive programming pattern)
+      // Example: catch (error) { return false; } - error doesn't need to be used
+      // This aligns with C029 rule improvements
+      if (this.isInCatchClause(declaration)) {
+        continue;
+      }
+
       // Skip exported variables (they might be used externally)
       const variableStatement = declaration.getParent()?.getParent();
       if (variableStatement && variableStatement.getKind() === SyntaxKind.VariableStatement) {
@@ -420,17 +427,17 @@ class C013SymbolBasedAnalyzer {
           continue;
         }
       }
-      
+
       // Check if variable is used
       const usages = declaration.getNameNode().findReferences();
-      const isUsed = usages.some(ref => 
+      const isUsed = usages.some(ref =>
         ref.getReferences().length > 1 // More than just the declaration itself
       );
-      
+
       if (!isUsed) {
         const line = sourceFile.getLineAndColumnAtPos(declaration.getStart()).line;
         const column = sourceFile.getLineAndColumnAtPos(declaration.getStart()).column;
-        
+
         violations.push(this.createViolation(
           filePath,
           line,
@@ -440,10 +447,32 @@ class C013SymbolBasedAnalyzer {
         ));
       }
     }
-    
+
     return violations;
   }
 
+  /**
+   * Check if a node is within a catch clause
+   * Used to skip catch clause error variables from unused variable detection
+   */
+  isInCatchClause(node) {
+    let current = node.getParent();
+    while (current) {
+      if (current.getKind() === SyntaxKind.CatchClause) {
+        return true;
+      }
+      // Stop at function boundaries
+      if (current.getKind() === SyntaxKind.FunctionDeclaration ||
+          current.getKind() === SyntaxKind.FunctionExpression ||
+          current.getKind() === SyntaxKind.ArrowFunction ||
+          current.getKind() === SyntaxKind.MethodDeclaration) {
+        return false;
+      }
+      current = current.getParent();
+    }
+    return false;
+  }
+
   detectUnusedFunctions(sourceFile, filePath) {
     const violations = [];
     
@@ -493,58 +522,66 @@ class C013SymbolBasedAnalyzer {
 
   detectUnreachableCode(sourceFile, filePath) {
     const violations = [];
-    
-    // Find all return, throw, break, continue statements
+
+    // Find all return and throw statements (truly terminating)
+    // Note: Break and continue are NOT included - they only exit loops/switches,
+    // not the containing function block
     const terminatingStatements = [
       ...sourceFile.getDescendantsOfKind(SyntaxKind.ReturnStatement),
-      ...sourceFile.getDescendantsOfKind(SyntaxKind.ThrowStatement),
-      ...sourceFile.getDescendantsOfKind(SyntaxKind.BreakStatement),
-      ...sourceFile.getDescendantsOfKind(SyntaxKind.ContinueStatement)
+      ...sourceFile.getDescendantsOfKind(SyntaxKind.ThrowStatement)
+      // Removed: BreakStatement, ContinueStatement - these don't make code unreachable
+      // Example: switch(x) { case A: break; } const y = 1; // ← y is reachable!
     ];
-    
+
     for (const statement of terminatingStatements) {
       // Find the statement that contains this terminating statement
       let containingStatement = statement;
       let parent = statement.getParent();
-      
+
       // Walk up to find the statement that's directly in a block
       while (parent && parent.getKind() !== SyntaxKind.Block && parent.getKind() !== SyntaxKind.SourceFile) {
         containingStatement = parent;
         parent = parent.getParent();
       }
-      
+
       // Get the parent block
       const parentBlock = parent;
-      
+
       if (!parentBlock || parentBlock.getKind() === SyntaxKind.SourceFile) continue;
-      
+
+      // Check if this is in a conditional block (if/else/switch/loop)
+      // If yes, code after the conditional is still reachable
+      if (this.isInConditionalBlock(containingStatement)) {
+        continue;
+      }
+
       // Find all statements in the same block after this terminating statement
       const allStatements = parentBlock.getStatements();
       const currentIndex = allStatements.indexOf(containingStatement);
-      
+
       if (currentIndex >= 0 && currentIndex < allStatements.length - 1) {
         // Check statements after the terminating statement
         for (let i = currentIndex + 1; i < allStatements.length; i++) {
           const nextStatement = allStatements[i];
-          
+
           // Skip comments and empty statements
           if (nextStatement.getKind() === SyntaxKind.EmptyStatement) {
             continue;
           }
-          
+
           // Don't flag catch/finally blocks as unreachable
           if (this.isInTryCatchFinally(nextStatement)) {
             continue;
           }
-          
+
           // Skip if this is within a conditional (if/else) or loop that might not execute
           if (this.isConditionallyReachable(containingStatement, nextStatement)) {
             continue;
           }
-          
+
           const line = sourceFile.getLineAndColumnAtPos(nextStatement.getStart()).line;
           const column = sourceFile.getLineAndColumnAtPos(nextStatement.getStart()).column;
-          
+
           violations.push(this.createViolation(
             filePath,
             line,
@@ -552,15 +589,54 @@ class C013SymbolBasedAnalyzer {
             `Unreachable code detected after ${statement.getKindName().toLowerCase()}. Remove dead code.`,
             'unreachable-code'
           ));
-          
+
           break; // Only flag the first unreachable statement to avoid spam
         }
       }
     }
-    
+
     return violations;
   }
 
+  /**
+   * Check if a statement is within a conditional block (if/else/switch/loop)
+   * Code after such blocks is still reachable even if the block has return/throw
+   */
+  isInConditionalBlock(statement) {
+    let current = statement;
+
+    // Walk up the tree to check if we're inside conditional constructs
+    while (current) {
+      const kind = current.getKind();
+
+      // If we hit these, the code after the containing block is reachable
+      if (kind === SyntaxKind.IfStatement ||
+          kind === SyntaxKind.ElseKeyword ||
+          kind === SyntaxKind.SwitchStatement ||
+          kind === SyntaxKind.CaseClause ||
+          kind === SyntaxKind.DefaultClause ||
+          kind === SyntaxKind.ForStatement ||
+          kind === SyntaxKind.ForInStatement ||
+          kind === SyntaxKind.ForOfStatement ||
+          kind === SyntaxKind.WhileStatement ||
+          kind === SyntaxKind.DoStatement) {
+        return true;
+      }
+
+      // Stop at function boundaries
+      if (kind === SyntaxKind.FunctionDeclaration ||
+          kind === SyntaxKind.FunctionExpression ||
+          kind === SyntaxKind.ArrowFunction ||
+          kind === SyntaxKind.MethodDeclaration) {
+        return false;
+      }
+
+      current = current.getParent();
+    }
+
+    return false;
+  }
+
   isInTryCatchFinally(node) {
     // Check if the node is inside a try-catch-finally block
     let parent = node.getParent();

package/rules/common/C019_log_level_usage/analyzer.js

@@ -1,16 +1,16 @@
-const C019SystemLogAnalyzer = require('./system-log-analyzer.js');
+const C019TsMorphAnalyzer = require('./ts-morph-analyzer.js');
 const C019PatternAnalyzer = require('./pattern-analyzer.js');
 
 class C019Analyzer {
   constructor(semanticEngine = null) {
     this.ruleId = 'C019';
     this.ruleName = 'Log Level Usage';
-    this.description = 'Comprehensive logging analysis: levels, patterns, performance, and system requirements';
+    this.description = 'Detect inappropriate ERROR log level for business logic errors';
     this.semanticEngine = semanticEngine;
     this.verbose = false;
-    
-    // Initialize analyzers - consolidated architecture
-    this.systemAnalyzer = new C019SystemLogAnalyzer(semanticEngine);
+
+    // Initialize analyzers - ts-morph primary, pattern fallback
+    this.tsMorphAnalyzer = new C019TsMorphAnalyzer(semanticEngine);
     this.patternAnalyzer = new C019PatternAnalyzer();
     this.aiAnalyzer = null;
   }
@@ -20,53 +20,56 @@ class C019Analyzer {
       this.semanticEngine = semanticEngine;
     }
     this.verbose = semanticEngine?.verbose || false;
-    
-    await this.systemAnalyzer.initialize(semanticEngine);
+
+    await this.tsMorphAnalyzer.initialize(semanticEngine);
     await this.patternAnalyzer.initialize({ verbose: this.verbose });
   }
 
   async analyzeFileBasic(filePath, options = {}) {
     const allViolations = [];
-    
+
     try {
-      // Run comprehensive system-level analysis (Primary - AST)
+      // Use ts-morph analysis (Primary - AST) if semantic engine is available
       if (this.semanticEngine?.isSymbolEngineReady?.() && this.semanticEngine.project) {
         if (this.verbose) {
-          console.log(`[DEBUG] 🎯 C019: Using comprehensive system-level analysis for ${filePath.split('/').pop()}`);
+          console.log(`[DEBUG] 🎯 C019: Using ts-morph analysis for ${filePath.split('/').pop()}`);
         }
-        
+
         try {
-          const systemViolations = await this.systemAnalyzer.analyzeFileBasic(filePath, options);
-          allViolations.push(...systemViolations);
-          
+          const tsMorphViolations = await this.tsMorphAnalyzer.analyzeFile(filePath, options);
+          allViolations.push(...tsMorphViolations);
+
           if (this.verbose) {
-            console.log(`[DEBUG] 🎯 C019: System analysis found ${systemViolations.length} violations`);
+            console.log(`[DEBUG] 🎯 C019: ts-morph analysis found ${tsMorphViolations.length} violations`);
           }
-        } catch (systemError) {
+          
+          // Return ts-morph results (even if 0) - do NOT fall back to pattern analyzer
+          // Pattern analyzer has no catch block detection and will produce false positives
+          return this.deduplicateViolations(allViolations);
+          
+        } catch (tsMorphError) {
           if (this.verbose) {
-            console.warn(`[DEBUG] ⚠️ C019: System analysis failed: ${systemError.message}`);
+            console.warn(`[DEBUG] ⚠️ C019: ts-morph analysis failed: ${tsMorphError.message}`);
           }
-        }
-        
-        if (allViolations.length > 0) {
-          return this.deduplicateViolations(allViolations);
+          // Only fall through to pattern analyzer if ts-morph failed
         }
       }
-      
-      // Fall back to pattern-based analysis (Secondary - Regex)
+
+      // Fall back to pattern-based analysis (Secondary - Regex) 
+      // ONLY if semantic engine is not available or ts-morph failed
       if (this.verbose) {
         console.log(`[DEBUG] 🔄 C019: Running pattern-based analysis for ${filePath.split('/').pop()}`);
       }
-      
+
       const patternViolations = await this.patternAnalyzer.analyzeFileBasic(filePath, options);
       allViolations.push(...patternViolations);
-      
+
       if (this.verbose) {
         console.log(`[DEBUG] 🔄 C019: Pattern analysis found ${patternViolations.length} violations`);
       }
-      
+
       return this.deduplicateViolations(allViolations);
-      
+
     } catch (error) {
       if (this.verbose) {
         console.error(`[DEBUG] ❌ C019: Analysis failed: ${error.message}`);

package/rules/common/C019_log_level_usage/config.json

@@ -12,7 +12,7 @@
     "errorKeywords": [
       "not found",
       "invalid",
-      "unauthorized", 
+      "unauthorized",
       "forbidden",
       "validation failed",
       "bad request",
@@ -23,7 +23,9 @@
       "input error",
       "validation",
       "invalid input",
-      "missing parameter"
+      "missing parameter",
+      "exceed",
+      "limit"
     ],
     "legitimateErrorKeywords": [
       "exception",