@sun-asterisk/sunlint 1.3.25 → 1.3.27

package/config/rules/enhanced-rules-registry.json

@@ -496,16 +496,62 @@
       "tags": ["security", "idor", "access-control"]
     },
     "S003": {
-      "name": "No Unvalidated Redirect",
-      "description": "Prevent unvalidated redirects and forwards",
+      "name": "Open Redirect Protection",
+      "description": "URL redirects must validate against an allow list to prevent open redirect vulnerabilities",
       "category": "security",
       "severity": "error",
       "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s003",
+      "analyzer": "./rules/security/S003_open_redirect_protection/analyzer.js",
+      "config": "./rules/security/S003_open_redirect_protection/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": ["security", "owasp", "injection", "open-redirect", "phishing", "url-validation"],
+      "strategy": {
+        "preferred": "heuristic",
+        "fallbacks": ["heuristic"],
+        "accuracy": {
+          "heuristic": 95
+        }
+      },
+      "engineMappings": {
+        "heuristic": ["rules/security/S003_open_redirect_protection/analyzer.js"]
+      },
+      "metadata": {
+        "owaspCategory": "A03:2021 - Injection",
+        "cweId": "CWE-601",
+        "frameworks": ["Express", "NestJS", "Next.js", "Nuxt.js", "Spring Boot"],
+        "detectionPatterns": 28,
+        "testCases": 118
+      }
+    },
+    "S004": {
+      "name": "Sensitive Data Logging Protection",
+      "description": "Prevent logging of sensitive information like passwords, tokens, and payment data without proper redaction",
+      "category": "security",
+      "severity": "warning",
+      "languages": ["typescript", "javascript"],
+      "analyzer": "./rules/security/S004_sensitive_data_logging/analyzer.js",
+      "config": "./rules/security/S004_sensitive_data_logging/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "redirect", "validation"]
+      "tags": ["security", "owasp", "logging", "sensitive-data", "pii", "credentials", "data-exposure"],
+      "strategy": {
+        "preferred": "heuristic",
+        "fallbacks": ["heuristic"],
+        "accuracy": {
+          "heuristic": 90
+        }
+      },
+      "engineMappings": {
+        "heuristic": ["rules/security/S004_sensitive_data_logging/analyzer.js"]
+      },
+      "metadata": {
+        "owaspCategory": "A09:2021 - Security Logging and Monitoring Failures",
+        "cweId": "CWE-532",
+        "frameworks": ["Express", "NestJS", "Next.js", "Nuxt.js", "Spring Boot", "Winston", "Pino", "Bunyan"],
+        "detectionPatterns": 90,
+        "testCases": 45
+      }
     },
     "S005": {
       "name": "No Origin Header Authentication",
@@ -636,16 +682,34 @@
       "tags": ["security", "uuid", "random"]
     },
     "S012": {
-      "name": "No Hardcoded Secrets",
-      "description": "Prevent hardcoded secrets in source code",
+      "name": "Hardcoded Secrets Protection",
+      "description": "Detects hardcoded secrets, API keys, passwords, tokens, and credentials in source code to prevent accidental exposure through version control",
       "category": "security",
       "severity": "error",
       "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s012",
+      "analyzer": "./rules/security/S012_hardcoded_secrets/analyzer.js",
+      "config": "./rules/security/S012_hardcoded_secrets/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "secrets", "hardcoded"]
+      "tags": ["security", "owasp", "secrets", "credentials", "cryptographic-failures", "hardcoded-secrets", "api-keys", "passwords", "tokens"],
+      "strategy": {
+        "preferred": "heuristic",
+        "fallbacks": ["heuristic"],
+        "accuracy": {
+          "heuristic": 92
+        }
+      },
+      "engineMappings": {
+        "heuristic": ["rules/security/S012_hardcoded_secrets/analyzer.js"]
+      },
+      "metadata": {
+        "owaspCategory": "A02:2021 - Cryptographic Failures",
+        "cweId": "CWE-798",
+        "frameworks": ["Node.js", "Express", "NestJS", "Next.js", "React", "Vue", "Angular"],
+        "secretTypes": ["API Keys", "Passwords", "Access Tokens", "Private Keys", "JWT Secrets", "Database Credentials", "OAuth Secrets", "AWS Keys", "GitHub Tokens", "Slack Tokens"],
+        "detectionPatterns": 50,
+        "testCases": 30
+      }
     },
     "S013": {
       "name": "Verify TLS Connection",
@@ -736,16 +800,34 @@
       "tags": ["security", "validation", "input"]
     },
     "S019": {
-      "name": "No Raw User Input in Email",
-      "description": "Prevent raw user input in email content",
+      "name": "SMTP Injection Protection",
+      "description": "Detects potential SMTP/IMAP injection vulnerabilities by identifying unsanitized user input in email fields and direct SMTP protocol manipulation",
       "category": "security",
       "severity": "error",
       "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s019",
+      "analyzer": "./rules/security/S019_smtp_injection_protection/analyzer.js",
+      "config": "./rules/security/S019_smtp_injection_protection/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "email", "injection"]
+      "tags": ["security", "owasp", "injection", "smtp", "email", "crlf"],
+      "strategy": {
+        "preferred": "heuristic",
+        "fallbacks": ["heuristic"],
+        "accuracy": {
+          "heuristic": 90
+        }
+      },
+      "engineMappings": {
+        "heuristic": ["rules/security/S019_smtp_injection_protection/analyzer.js"]
+      },
+      "metadata": {
+        "owaspCategory": "A03:2021 - Injection",
+        "cweId": "CWE-93, CWE-144",
+        "frameworks": ["Node.js", "Express", "NestJS", "Next.js"],
+        "emailLibraries": ["nodemailer", "sendgrid", "mailgun", "aws-ses", "postmark"],
+        "detectionTypes": ["Unsanitized email fields", "SMTP command injection", "CRLF injection"],
+        "testCases": 40
+      }
     },
     "S020": {
       "name": "Avoid using eval() or executing dynamic code",
@@ -1156,7 +1238,8 @@
       "category": "security",
       "severity": "error",
       "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
+      "analyzer": "./rules/security/S042_require_re_authentication_for_long_lived/analyzer.js",
+      "config": "./rules/security/S042_require_re_authentication_for_long_lived/config.json",
       "eslintRule": "custom/typescript_s042",
       "version": "1.0.0",
       "status": "stable",

package/core/artifact-upload-service.js

@@ -0,0 +1,107 @@
+/**
+ * Artifact Upload Service
+ * Upload artifacts to GitHub Actions using @actions/artifact package
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * Upload file as GitHub Actions artifact
+ * @param {string} filePath - Path to file to upload
+ * @param {Object} options - Upload options
+ * @param {string} options.artifactName - Name of artifact
+ * @param {number} options.retentionDays - Retention days (default: 30)
+ * @returns {Promise<Object>} Upload result
+ */
+async function uploadArtifact(filePath, options = {}) {
+  // Check if running in GitHub Actions
+  if (process.env.GITHUB_ACTIONS !== 'true') {
+    return {
+      success: false,
+      error: 'Not running in GitHub Actions environment'
+    };
+  }
+
+  // Validate file exists
+  if (!fs.existsSync(filePath)) {
+    return {
+      success: false,
+      error: `File not found: ${filePath}`
+    };
+  }
+
+  try {
+    // Dynamically import @actions/artifact
+    // Using dynamic import to avoid dependency issues when not in GitHub Actions
+    const { DefaultArtifactClient } = await import('@actions/artifact');
+    const artifact = new DefaultArtifactClient();
+
+    const artifactName = options.artifactName || path.basename(filePath);
+    const retentionDays = options.retentionDays || 30;
+
+    // Upload artifact
+    const uploadResult = await artifact.uploadArtifact(
+      artifactName,
+      [filePath],
+      path.dirname(filePath),
+      {
+        retentionDays: retentionDays
+      }
+    );
+
+    if (uploadResult.failedItems && uploadResult.failedItems.length > 0) {
+      return {
+        success: false,
+        error: `Failed to upload ${uploadResult.failedItems.length} item(s)`,
+        details: uploadResult
+      };
+    }
+
+    return {
+      success: true,
+      artifactName: artifactName,
+      size: uploadResult.size || fs.statSync(filePath).size,
+      id: uploadResult.id,
+      url: `https://github.com/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`
+    };
+
+  } catch (error) {
+    // If @actions/artifact is not available, provide helpful message
+    if (error.code === 'MODULE_NOT_FOUND' || error.code === 'ERR_MODULE_NOT_FOUND') {
+      return {
+        success: false,
+        error: '@actions/artifact package not found. Install with: npm install @actions/artifact',
+        fallback: 'Use actions/upload-artifact@v4 in workflow instead'
+      };
+    }
+
+    return {
+      success: false,
+      error: error.message,
+      stack: error.stack
+    };
+  }
+}
+
+/**
+ * Check if artifact upload is available
+ * @returns {Promise<boolean>}
+ */
+async function isArtifactUploadAvailable() {
+  if (process.env.GITHUB_ACTIONS !== 'true') {
+    return false;
+  }
+
+  try {
+    await import('@actions/artifact');
+    return true;
+  } catch (error) {
+    return false;
+  }
+}
+
+module.exports = {
+  uploadArtifact,
+  isArtifactUploadAvailable
+};

package/core/cli-program.js

@@ -37,7 +37,7 @@ function createCliProgram() {
     .option('--output-summary <file>', 'Output summary report file path (JSON format for CI/CD)')
     .option('--upload-report [url]', 'Upload summary report to API endpoint after analysis (default: Sun* Coding Standards API)')
     .option('--config <file>', 'Configuration file path (default: auto-discover)')
-    .option('--github-annotate [mode]', 'Annotate GitHub PR: annotate (inline), summary (comment), all (both) - default: all');
+    .option('--github-annotate [mode]', 'Annotate GitHub PR with comments, summary & HTML report artifact (modes: annotate, summary, all)');
 
   // File targeting options
   program
@@ -136,11 +136,11 @@ CI/CD Integration:
   $ sunlint --all --output-summary=report.json --upload-report=https://custom-api.com/reports
 
 GitHub Actions Integration:
-  $ sunlint --all --input=src --github-annotate                       # Both inline + summary (default)
+  $ sunlint --all --input=src --github-annotate                       # Inline + summary + HTML artifact
   $ sunlint --all --input=src --github-annotate=annotate              # Inline comments only
-  $ sunlint --all --input=src --github-annotate=summary               # Summary comment only
-  $ sunlint --all --input=src --github-annotate=all                   # Both inline + summary
-  $ sunlint --all --changed-files --github-annotate                   # With changed files
+  $ sunlint --all --input=src --github-annotate=summary               # Summary comment + HTML artifact
+  $ sunlint --all --input=src --github-annotate=all                   # All features (default)
+  $ sunlint --all --changed-files --github-annotate                   # With changed files only
 
 ESLint Integration:
   $ sunlint --typescript --eslint-integration --input=src

package/core/github-annotate-service.js

@@ -915,19 +915,76 @@ async function postSummaryComment({
 
       // List top 10 files with most issues
       const sortedFiles = Object.entries(fileGroups)
-        .sort((a, b) => b[1].length - a[1].length)
-        .slice(0, 10);
+        .sort((a, b) => b[1].length - a[1].length);
 
-      for (const [file, fileViolations] of sortedFiles) {
+      const top10Files = sortedFiles.slice(0, 10);
+
+      for (const [file, fileViolations] of top10Files) {
         const fileErrors = fileViolations.filter(v => v.severity === 'error').length;
         const fileWarnings = fileViolations.filter(v => v.severity === 'warning').length;
         summary += `- \`${file}\`: ${fileErrors} error(s), ${fileWarnings} warning(s)\n`;
       }
 
-      if (Object.keys(fileGroups).length > 10) {
-        summary += `\n_... and ${Object.keys(fileGroups).length - 10} more file(s)_\n`;
+      // Add collapsible section with ALL files if more than 10
+      const totalFilesWithIssues = Object.keys(fileGroups).length;
+      if (totalFilesWithIssues > 10) {
+        summary += `\n<details>\n`;
+        summary += `<summary>📋 View all ${totalFilesWithIssues} files with issues</summary>\n\n`;
+        summary += `| File | Errors | Warnings | Total |\n`;
+        summary += `|------|--------|----------|-------|\n`;
+
+        for (const [file, fileViolations] of sortedFiles) {
+          const fileErrors = fileViolations.filter(v => v.severity === 'error').length;
+          const fileWarnings = fileViolations.filter(v => v.severity === 'warning').length;
+          const total = fileViolations.length;
+          summary += `| \`${file}\` | ${fileErrors} | ${fileWarnings} | ${total} |\n`;
+        }
+
+        summary += `\n</details>\n`;
+      }
+
+      // Add collapsible section with violations grouped by rule
+      summary += `\n<details>\n`;
+      summary += `<summary>🔍 View violations by rule</summary>\n\n`;
+
+      // Group violations by rule
+      const ruleGroups = {};
+      for (const v of violations) {
+        if (!ruleGroups[v.rule]) {
+          ruleGroups[v.rule] = [];
+        }
+        ruleGroups[v.rule].push(v);
       }
 
+      // Sort rules by count (descending)
+      const sortedRules = Object.entries(ruleGroups)
+        .sort((a, b) => b[1].length - a[1].length);
+
+      for (const [ruleId, ruleViolations] of sortedRules) {
+        const ruleErrors = ruleViolations.filter(v => v.severity === 'error').length;
+        const ruleWarnings = ruleViolations.filter(v => v.severity === 'warning').length;
+        const severityBadge = ruleErrors > 0 ? '🔴' : '🟡';
+
+        summary += `\n**${severityBadge} ${ruleId}** (${ruleViolations.length} violation${ruleViolations.length > 1 ? 's' : ''}`;
+        summary += ` - ${ruleErrors} error${ruleErrors !== 1 ? 's' : ''}, ${ruleWarnings} warning${ruleWarnings !== 1 ? 's' : ''})\n\n`;
+
+        // Show first 5 locations for this rule
+        const locationsToShow = ruleViolations.slice(0, 5);
+        for (const v of locationsToShow) {
+          summary += `- \`${v.file}:${v.line}\``;
+          if (v.message && v.message.length < 80) {
+            summary += ` - ${v.message}`;
+          }
+          summary += `\n`;
+        }
+
+        if (ruleViolations.length > 5) {
+          summary += `\n_... and ${ruleViolations.length - 5} more location(s)_\n`;
+        }
+      }
+
+      summary += `\n</details>\n`;
+
       summary += '\n⚠️ Please check the inline comments on your code for details.\n';
     }
 
@@ -937,7 +994,12 @@ async function postSummaryComment({
     // Add link to full report if available
     if (process.env.GITHUB_RUN_ID) {
       const runUrl = `https://github.com/${repo}/actions/runs/${process.env.GITHUB_RUN_ID}`;
-      summary += `[View full report](${runUrl})`;
+      summary += `[View workflow run](${runUrl})`;
+
+      // Add link to HTML report artifact if available
+      if (process.env.GITHUB_ACTIONS === 'true') {
+        summary += ` • [📥 Download full HTML report](${runUrl}#artifacts)`;
+      }
     }
 
     summary += '</sub>\n';

package/core/github-step-summary-generator.js

@@ -0,0 +1,277 @@
+/**
+ * GitHub Step Summary Generator
+ * Generate rich markdown summary for GitHub Actions workflow
+ */
+
+/**
+ * Generate comprehensive GitHub Step Summary
+ * @param {Array} violations - Array of violations
+ * @param {Object} stats - Statistics object
+ * @param {Object} metadata - Additional metadata
+ * @returns {string} Markdown summary
+ */
+function generateStepSummary(violations, stats, metadata = {}) {
+  const {
+    totalViolations,
+    errorCount,
+    warningCount,
+    filesWithIssues,
+    fileGroups,
+    ruleGroups
+  } = stats;
+
+  const { prNumber, artifactUrl, score } = metadata;
+
+  let summary = '';
+
+  // Header
+  const emoji = errorCount > 0 ? '❌' : warningCount > 0 ? '⚠️' : '✅';
+  const status = errorCount > 0 ? 'Failed' : warningCount > 0 ? 'Warning' : 'Passed';
+
+  summary += `# ${emoji} SunLint Quality Report\n\n`;
+
+  // Status badges
+  if (errorCount > 0) {
+    summary += `> **Status:** 🔴 ${status} - ${errorCount} error(s) must be fixed\n\n`;
+  } else if (warningCount > 0) {
+    summary += `> **Status:** 🟡 ${status} - ${warningCount} warning(s) found\n\n`;
+  } else {
+    summary += `> **Status:** ✅ ${status} - No violations found!\n\n`;
+  }
+
+  // Quick Stats
+  summary += `## 📊 Summary\n\n`;
+  summary += `| Metric | Value |\n`;
+  summary += `|--------|-------|\n`;
+  summary += `| Total Violations | **${totalViolations}** |\n`;
+  summary += `| Errors | **${errorCount}** 🔴 |\n`;
+  summary += `| Warnings | **${warningCount}** 🟡 |\n`;
+  summary += `| Files with Issues | **${filesWithIssues}** |\n`;
+
+  if (score && score.score !== undefined) {
+    summary += `| Quality Score | **${score.score}/100** (${score.grade || 'N/A'}) |\n`;
+  }
+
+  summary += `\n`;
+
+  if (totalViolations === 0) {
+    summary += `---\n\n`;
+    summary += `### 🎉 Excellent Work!\n\n`;
+    summary += `No coding standard violations detected in this PR.\n\n`;
+
+    if (artifactUrl) {
+      summary += `📥 [Download detailed HTML report](${artifactUrl}#artifacts)\n\n`;
+    }
+
+    return summary;
+  }
+
+  // Top Files with Issues
+  summary += `## 📁 Top Files with Issues\n\n`;
+
+  const sortedFiles = Object.entries(fileGroups)
+    .sort((a, b) => b[1].length - a[1].length)
+    .slice(0, 15); // Top 15 files
+
+  summary += `| File | Errors | Warnings | Total |\n`;
+  summary += `|------|--------|----------|-------|\n`;
+
+  for (const [file, fileViolations] of sortedFiles) {
+    const fileErrors = fileViolations.filter(v => v.severity === 'error').length;
+    const fileWarnings = fileViolations.filter(v => v.severity === 'warning').length;
+    const total = fileViolations.length;
+
+    const errorBadge = fileErrors > 0 ? '🔴' : '';
+    const warningBadge = fileWarnings > 0 && fileErrors === 0 ? '🟡' : '';
+
+    summary += `| \`${truncatePath(file, 60)}\` ${errorBadge}${warningBadge} | ${fileErrors} | ${fileWarnings} | **${total}** |\n`;
+  }
+
+  if (Object.keys(fileGroups).length > 15) {
+    summary += `\n_... and ${Object.keys(fileGroups).length - 15} more file(s)_\n`;
+  }
+
+  summary += `\n`;
+
+  // All Files (Collapsible)
+  if (Object.keys(fileGroups).length > 15) {
+    summary += `<details>\n`;
+    summary += `<summary>📋 View all ${Object.keys(fileGroups).length} files</summary>\n\n`;
+
+    const allFiles = Object.entries(fileGroups)
+      .sort((a, b) => b[1].length - a[1].length);
+
+    summary += `| File | Errors | Warnings | Total |\n`;
+    summary += `|------|--------|----------|-------|\n`;
+
+    for (const [file, fileViolations] of allFiles) {
+      const fileErrors = fileViolations.filter(v => v.severity === 'error').length;
+      const fileWarnings = fileViolations.filter(v => v.severity === 'warning').length;
+      const total = fileViolations.length;
+
+      summary += `| \`${truncatePath(file, 60)}\` | ${fileErrors} | ${fileWarnings} | ${total} |\n`;
+    }
+
+    summary += `\n</details>\n\n`;
+  }
+
+  // Top Violations by Rule
+  summary += `## 🔍 Top Violations by Rule\n\n`;
+
+  const sortedRules = Object.entries(ruleGroups)
+    .sort((a, b) => b[1].length - a[1].length)
+    .slice(0, 10); // Top 10 rules
+
+  summary += `| Rule | Errors | Warnings | Total | Locations |\n`;
+  summary += `|------|--------|----------|-------|------------|\n`;
+
+  for (const [ruleId, ruleViolations] of sortedRules) {
+    const ruleErrors = ruleViolations.filter(v => v.severity === 'error').length;
+    const ruleWarnings = ruleViolations.filter(v => v.severity === 'warning').length;
+    const total = ruleViolations.length;
+    const badge = ruleErrors > 0 ? '🔴' : '🟡';
+
+    // Sample locations
+    const sampleLocations = ruleViolations.slice(0, 3).map(v =>
+      `\`${truncatePath(v.file, 30)}:${v.line}\``
+    ).join(', ');
+    const more = ruleViolations.length > 3 ? `, +${ruleViolations.length - 3} more` : '';
+
+    summary += `| **${badge} ${ruleId}** | ${ruleErrors} | ${ruleWarnings} | **${total}** | ${sampleLocations}${more} |\n`;
+  }
+
+  if (Object.keys(ruleGroups).length > 10) {
+    summary += `\n_... and ${Object.keys(ruleGroups).length - 10} more rule(s)_\n`;
+  }
+
+  summary += `\n`;
+
+  // All Rules (Collapsible)
+  if (Object.keys(ruleGroups).length > 10) {
+    summary += `<details>\n`;
+    summary += `<summary>📜 View all ${Object.keys(ruleGroups).length} rules</summary>\n\n`;
+
+    const allRules = Object.entries(ruleGroups)
+      .sort((a, b) => b[1].length - a[1].length);
+
+    for (const [ruleId, ruleViolations] of allRules) {
+      const ruleErrors = ruleViolations.filter(v => v.severity === 'error').length;
+      const ruleWarnings = ruleViolations.filter(v => v.severity === 'warning').length;
+      const badge = ruleErrors > 0 ? '🔴' : '🟡';
+
+      summary += `### ${badge} ${ruleId} (${ruleViolations.length} violations)\n\n`;
+
+      // Show first 5 locations
+      const locationsToShow = ruleViolations.slice(0, 5);
+      for (const v of locationsToShow) {
+        summary += `- \`${v.file}:${v.line}\``;
+        if (v.message && v.message.length < 100) {
+          summary += ` - ${v.message}`;
+        }
+        summary += `\n`;
+      }
+
+      if (ruleViolations.length > 5) {
+        summary += `\n_... and ${ruleViolations.length - 5} more location(s)_\n`;
+      }
+
+      summary += `\n`;
+    }
+
+    summary += `</details>\n\n`;
+  }
+
+  // Download Links
+  summary += `---\n\n`;
+  summary += `## 📥 Download Full Report\n\n`;
+
+  if (artifactUrl) {
+    summary += `The complete interactive HTML report is available for download:\n\n`;
+    summary += `- **[📥 Download HTML Report](${artifactUrl}#artifacts)** - Interactive report with search, filter, and sorting\n`;
+    summary += `- **Features:** Detailed violations, quality metrics, exportable results\n`;
+    summary += `- **Retention:** 30 days\n\n`;
+  }
+
+  // Footer
+  summary += `---\n\n`;
+  summary += `<sub>Generated by [SunLint](https://github.com/sun-asterisk/engineer-excellence) • `;
+  if (prNumber) {
+    summary += `PR #${prNumber} • `;
+  }
+  summary += `${new Date().toLocaleString()}</sub>\n`;
+
+  return summary;
+}
+
+/**
+ * Calculate statistics from violations
+ * @param {Array} violations - Violations array
+ * @returns {Object} Statistics object
+ */
+function calculateStatistics(violations) {
+  const totalViolations = violations.length;
+  const errorCount = violations.filter(v => v.severity === 'error').length;
+  const warningCount = violations.filter(v => v.severity === 'warning').length;
+
+  // Group by file
+  const fileGroups = {};
+  for (const v of violations) {
+    if (!fileGroups[v.file]) {
+      fileGroups[v.file] = [];
+    }
+    fileGroups[v.file].push(v);
+  }
+
+  // Group by rule
+  const ruleGroups = {};
+  for (const v of violations) {
+    if (!ruleGroups[v.rule]) {
+      ruleGroups[v.rule] = [];
+    }
+    ruleGroups[v.rule].push(v);
+  }
+
+  const filesWithIssues = Object.keys(fileGroups).length;
+
+  return {
+    totalViolations,
+    errorCount,
+    warningCount,
+    filesWithIssues,
+    fileGroups,
+    ruleGroups
+  };
+}
+
+/**
+ * Truncate path for display
+ * @param {string} path - File path
+ * @param {number} maxLength - Max length
+ * @returns {string} Truncated path
+ */
+function truncatePath(path, maxLength) {
+  if (path.length <= maxLength) {
+    return path;
+  }
+
+  const parts = path.split('/');
+  if (parts.length <= 2) {
+    return '...' + path.slice(-(maxLength - 3));
+  }
+
+  // Keep first and last parts
+  const first = parts[0];
+  const last = parts[parts.length - 1];
+  const remaining = maxLength - first.length - last.length - 5; // 5 for ".../"
+
+  if (remaining < 0) {
+    return '...' + path.slice(-(maxLength - 3));
+  }
+
+  return `${first}/.../${last}`;
+}
+
+module.exports = {
+  generateStepSummary,
+  calculateStatistics
+};