@sun-asterisk/sunlint 1.3.32 → 1.3.34

package/config/rules/enhanced-rules-registry.json

@@ -1,66 +1,88 @@
 {
   "rules": {
-    "C005": {
-      "name": "Single Responsibility Principle",
-      "description": "Each function should do one thing only",
-      "category": "design",
+    "C002": {
+      "id": "C002",
+      "name": "Rule C002",
+      "description": "Auto-migrated rule C002 from ESLint mapping",
+      "category": "general",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
-      "analyzer": "./rules/common/C005_single_responsibility/analyzer.js",
-      "config": "./rules/common/C005_single_responsibility/config.json",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
       "version": "1.0.0",
-      "status": "stable",
-      "tags": ["design", "responsibility", "maintainability"],
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["max-statements-per-line", "complexity"]
+        "eslint": [
+          "custom/no-duplicate-code"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
       }
     },
-    "C019": {
-      "name": "Log Level Usage",
-      "description": "Không sử dụng log mức error cho lỗi không nghiêm trọng",
-      "category": "logging",
+    "C003": {
+      "id": "C003",
+      "name": "Rule C003",
+      "description": "Auto-migrated rule C003 from ESLint mapping",
+      "category": "general",
       "severity": "warning",
-      "languages": ["typescript", "dart", "kotlin", "javascript"],
-      "analyzer": "./rules/common/C019_log_level_usage/analyzer.js",
-      "config": "./rules/common/C019_log_level_usage/config.json",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
       "version": "1.0.0",
-      "status": "stable",
-      "tags": ["logging", "error-handling", "severity"],
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["no-console", "no-alert", "no-debugger"],
-        "heuristic": ["rules/common/C019_log_level_usage/analyzer.js"]
+        "eslint": [
+          "custom/no-vague-abbreviations"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
       }
     },
-    "C020": {
-      "name": "Unused Imports",
-      "description": "Không import các module hoặc symbol không sử dụng",
-      "category": "code-quality",
+    "C005": {
+      "name": "Single Responsibility Principle",
+      "description": "Each function should do one thing only",
+      "category": "design",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/common/C020_unused_imports/analyzer.js",
-      "config": "./rules/common/C020_unused_imports/config.json",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["imports", "cleanup", "unused-code"],
-      "engineMappings": {
-        "eslint": ["no-unused-vars", "@typescript-eslint/no-unused-vars"],
-        "heuristic": ["rules/common/C020_unused_imports/analyzer.js"]
-      }
-    },
-    "C021": {
-      "name": "Import Organization",
-      "description": "Tổ chức và sắp xếp imports theo nhóm và thứ tự alphabet",
-      "category": "code-quality",
-      "severity": "info",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/common/C021_import_organization/analyzer.js",
-      "config": "./rules/common/C021_import_organization/config.json",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
+      "analyzer": "./rules/common/C005_single_responsibility/analyzer.js",
+      "config": "./rules/common/C005_single_responsibility/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["imports", "organization", "readability"],
+      "tags": [
+        "design",
+        "responsibility",
+        "maintainability"
+      ],
       "engineMappings": {
-        "eslint": ["import/order", "sort-imports"],
-        "heuristic": ["rules/common/C021_import_organization/analyzer.js"]
+        "eslint": [
+          "max-statements-per-line",
+          "complexity"
+        ]
       }
     },
     "C006": {
@@ -68,12 +90,21 @@
       "description": "Tên hàm phải là động từ/verb-noun pattern",
       "category": "naming",
       "severity": "warning",
-      "languages": ["typescript", "dart", "kotlin", "javascript"],
+      "languages": [
+        "typescript",
+        "dart",
+        "kotlin",
+        "javascript"
+      ],
       "analyzer": "./rules/C006_function_naming/analyzer.js",
       "config": "./rules/C006_function_naming/config.json",
       "version": "1.0.0",
       "status": "activated",
-      "tags": ["naming", "convention", "readability"],
+      "tags": [
+        "naming",
+        "convention",
+        "readability"
+      ],
       "engineMappings": {
         "eslint": [
           "func-names",
@@ -87,12 +118,21 @@
       "description": "Avoid comments that just describe the code",
       "category": "documentation",
       "severity": "info",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C007_meaningful_comments/analyzer.js",
       "config": "./rules/common/C007_meaningful_comments/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["documentation", "comments", "maintainability"],
+      "tags": [
+        "documentation",
+        "comments",
+        "maintainability"
+      ],
       "engineMappings": {
         "eslint": [
           "spaced-comment",
@@ -106,22 +146,36 @@
       "description": "Variables should be declared as close as possible to where they are first used",
       "category": "code-quality",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "rules/common/C008/analyzer.js",
-      "config": "rules/common/C008/config.json",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
+      "analyzer": "rules/common/C008_variable_declaration_locality/analyzer.js",
+      "config": "rules/common/C008_variable_declaration_locality/config.json",
       "version": "1.0.0",
       "status": "active",
-      "tags": ["readability", "maintainability", "scope", "best-practice"],
+      "tags": [
+        "readability",
+        "maintainability",
+        "scope",
+        "best-practice"
+      ],
       "strategy": {
         "preferred": "semantic",
-        "fallbacks": ["semantic", "ast"],
+        "fallbacks": [
+          "semantic",
+          "ast"
+        ],
         "accuracy": {
           "semantic": 95,
           "ast": 90
         }
       },
       "engineMappings": {
-        "semantic": ["rules/common/C008/analyzer.js"]
+        "semantic": [
+          "rules/common/C008_variable_declaration_locality/analyzer.js"
+        ]
       }
     },
     "C010": {
@@ -129,27 +183,73 @@
       "description": "Limit nested blocks (if/for/while/switch) to maximum 3 levels for readability",
       "category": "complexity",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C010_limit_block_nesting/analyzer.js",
       "config": "./rules/common/C010_limit_block_nesting/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["complexity", "readability", "nesting", "maintainability"],
+      "tags": [
+        "complexity",
+        "readability",
+        "nesting",
+        "maintainability"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 75
         }
       }
     },
+    "C012": {
+      "name": "Command Query Separation",
+      "description": "Separate Command and Query operations (CQS principle)",
+      "category": "design",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
+      "analyzer": "./rules/common/C012_command_query_separation/analyzer.js",
+      "config": "./rules/common/C012_command_query_separation/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "design",
+        "separation",
+        "maintainability"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "consistent-return",
+          "no-void",
+          "@typescript-eslint/no-confusing-void-expression"
+        ]
+      }
+    },
     "C013": {
       "name": "No Dead Code",
       "description": "Detect and remove commented out code, unused variables/functions, and unreachable code",
       "category": "maintainability",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C013_no_dead_code/analyzer.js",
       "config": "./rules/common/C013_no_dead_code/config.json",
       "version": "1.0.0",
@@ -163,32 +263,62 @@
       ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 90,
           "regex": 70
         }
       },
       "engineMappings": {
-        "eslint": ["no-unreachable", "no-unused-vars", "no-unused-expressions"]
+        "eslint": [
+          "no-unreachable",
+          "no-unused-vars",
+          "no-unused-expressions"
+        ]
       }
     },
-    "C012": {
-      "name": "Command Query Separation",
-      "description": "Separate Command and Query operations (CQS principle)",
+    "C014": {
+      "name": "Dependency Injection Pattern",
+      "description": "Use Dependency Injection instead of direct instantiation in business logic. Increases testability and reduces coupling.",
       "category": "design",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
-      "analyzer": "./rules/common/C012_command_query_separation/analyzer.js",
-      "config": "./rules/common/C012_command_query_separation/config.json",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
+      "analyzer": "./rules/common/C014_dependency_injection/analyzer.js",
+      "config": "./rules/common/C014_dependency_injection/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["design", "separation", "maintainability"],
+      "tags": [
+        "design",
+        "dependency-injection",
+        "testability",
+        "coupling",
+        "SOLID"
+      ],
+      "strategy": {
+        "preferred": "ast",
+        "fallbacks": [],
+        "accuracy": {
+          "ast": 95
+        },
+        "requirements": {
+          "ast": {
+            "semanticEngine": true,
+            "description": "C014 requires symbol-based analysis for accurate dependency injection pattern detection"
+          }
+        }
+      },
       "engineMappings": {
         "eslint": [
-          "consistent-return",
-          "no-void",
-          "@typescript-eslint/no-confusing-void-expression"
+          "no-new",
+          "no-new-wrappers",
+          "@typescript-eslint/no-unnecessary-constructor"
         ]
       }
     },
@@ -197,14 +327,63 @@
       "description": "Use domain language in class/function names",
       "category": "naming",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C015_domain_language/analyzer.js",
       "config": "./rules/common/C015_domain_language/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["naming", "domain", "readability"],
+      "tags": [
+        "naming",
+        "domain",
+        "readability"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "@typescript-eslint/naming-convention",
+          "camelcase"
+        ]
+      }
+    },
+    "C017": {
+      "id": "C017",
+      "name": "Rule C017",
+      "description": "Auto-migrated rule C017 from ESLint mapping",
+      "category": "general",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
+      "analyzer": "./rules/common/C017_constructor_logic/analyzer.js",
+      "config": "./rules/common/C017_constructor_logic/config.json",
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["@typescript-eslint/naming-convention", "camelcase"]
+        "eslint": [
+          "custom/limit-constructor-logic"
+        ]
+      },
+      "strategy": {
+        "preferred": "semantic",
+        "fallbacks": [
+          "semantic",
+          "ast",
+          "regex"
+        ],
+        "accuracy": {
+          "semantic": 95,
+          "ast": 85,
+          "regex": 70
+        }
       }
     },
     "C018": {
@@ -212,29 +391,141 @@
       "description": "Always provide detailed messages and context.",
       "category": "naming",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C018_no_throw_generic_error/analyzer.js",
       "config": "./rules/common/C018_no_throw_generic_error/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["naming", "domain", "readability"],
+      "tags": [
+        "naming",
+        "domain",
+        "readability"
+      ],
       "engineMappings": {
-        "eslint": ["@typescript-eslint/naming-convention", "camelcase"]
+        "eslint": [
+          "@typescript-eslint/naming-convention",
+          "camelcase"
+        ]
       }
     },
-    "C023": {
-      "name": "Do not declare duplicate variable",
-      "description": "Do not declare duplicate variable names in the same scope",
-      "category": "naming",
+    "C019": {
+      "name": "Log Level Usage",
+      "description": "Không sử dụng log mức error cho lỗi không nghiêm trọng",
+      "category": "logging",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
-      "analyzer": "./rules/common/C023_no_duplicate_variable/analyzer.js",
-      "config": "./rules/common/C023_no_duplicate_variable/config.json",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["naming", "domain", "readability"],
-      "engineMappings": {
-        "eslint": ["@typescript-eslint/naming-convention", "camelcase"]
+      "languages": [
+        "typescript",
+        "dart",
+        "kotlin",
+        "javascript"
+      ],
+      "analyzer": "./rules/common/C019_log_level_usage/analyzer.js",
+      "config": "./rules/common/C019_log_level_usage/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "logging",
+        "error-handling",
+        "severity"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "no-console",
+          "no-alert",
+          "no-debugger"
+        ],
+        "heuristic": [
+          "rules/common/C019_log_level_usage/analyzer.js"
+        ]
+      }
+    },
+    "C020": {
+      "name": "Unused Imports",
+      "description": "Không import các module hoặc symbol không sử dụng",
+      "category": "code-quality",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
+      "analyzer": "./rules/common/C020_unused_imports/analyzer.js",
+      "config": "./rules/common/C020_unused_imports/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "imports",
+        "cleanup",
+        "unused-code"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "no-unused-vars",
+          "@typescript-eslint/no-unused-vars"
+        ],
+        "heuristic": [
+          "rules/common/C020_unused_imports/analyzer.js"
+        ]
+      }
+    },
+    "C021": {
+      "name": "Import Organization",
+      "description": "Tổ chức và sắp xếp imports theo nhóm và thứ tự alphabet",
+      "category": "code-quality",
+      "severity": "info",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/common/C021_import_organization/analyzer.js",
+      "config": "./rules/common/C021_import_organization/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "imports",
+        "organization",
+        "readability"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "import/order",
+          "sort-imports"
+        ],
+        "heuristic": [
+          "rules/common/C021_import_organization/analyzer.js"
+        ]
+      }
+    },
+    "C023": {
+      "name": "Do not declare duplicate variable",
+      "description": "Do not declare duplicate variable names in the same scope",
+      "category": "naming",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
+      "analyzer": "./rules/common/C023_no_duplicate_variable/analyzer.js",
+      "config": "./rules/common/C023_no_duplicate_variable/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "naming",
+        "domain",
+        "readability"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "@typescript-eslint/naming-convention",
+          "camelcase"
+        ]
       }
     },
     "C024": {
@@ -242,14 +533,26 @@
       "description": "The rule prevents scattering hardcoded constants throughout the logic. Instead, constants should be defined in a single place to improve maintainability and readability.",
       "category": "naming",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C024_no_scatter_hardcoded_constants/analyzer.js",
       "config": "./rules/common/C024_no_scatter_hardcoded_constants/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["naming", "domain", "readability"],
+      "tags": [
+        "naming",
+        "domain",
+        "readability"
+      ],
       "engineMappings": {
-        "eslint": ["@typescript-eslint/naming-convention", "camelcase"]
+        "eslint": [
+          "@typescript-eslint/naming-convention",
+          "camelcase"
+        ]
       }
     },
     "C029": {
@@ -257,24 +560,71 @@
       "description": "Mọi catch block phải log nguyên nhân lỗi đầy đủ",
       "category": "error-handling",
       "severity": "error",
-      "languages": ["typescript", "dart", "kotlin", "javascript"],
+      "languages": [
+        "typescript",
+        "dart",
+        "kotlin",
+        "javascript"
+      ],
       "analyzer": "./rules/C029_catch_block_logging/analyzer.js",
       "config": "./rules/C029_catch_block_logging/config.json",
       "version": "1.0.0",
       "status": "activated",
-      "tags": ["error-handling", "logging", "debugging", "monitoring"]
+      "tags": [
+        "error-handling",
+        "logging",
+        "debugging",
+        "monitoring"
+      ]
+    },
+    "C030": {
+      "id": "C030",
+      "name": "Rule C030",
+      "description": "Auto-migrated rule C030 from ESLint mapping",
+      "category": "general",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "custom/use-custom-error-classes"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
     },
     "C031": {
       "name": "Validation Logic Separation",
       "description": "Logic kiểm tra dữ liệu (validate) phải nằm riêng biệt",
       "category": "validation",
       "severity": "error",
-      "languages": ["typescript", "dart", "kotlin", "javascript"],
+      "languages": [
+        "typescript",
+        "dart",
+        "kotlin",
+        "javascript"
+      ],
       "analyzer": "./rules/C031_validation_separation/analyzer.js",
       "config": "./rules/C031_validation_separation/config.json",
       "version": "1.0.0",
       "status": "experimental",
-      "tags": ["validation", "separation", "architecture"],
+      "tags": [
+        "validation",
+        "separation",
+        "architecture"
+      ],
       "engineMappings": {
         "eslint": [
           "no-implicit-coercion",
@@ -288,12 +638,21 @@
       "description": "Don't call external APIs in constructors or static blocks",
       "category": "design",
       "severity": "error",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C032_no_constructor_api/analyzer.js",
       "config": "./rules/common/C032_no_constructor_api/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["design", "constructor", "initialization"],
+      "tags": [
+        "design",
+        "constructor",
+        "initialization"
+      ],
       "engineMappings": {
         "eslint": [
           "no-new",
@@ -307,12 +666,21 @@
       "description": "Separate processing logic and data queries in service layer",
       "category": "architecture",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C033_separate_logic_data/analyzer.js",
       "config": "./rules/common/C033_separate_logic_data/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["architecture", "separation", "service"],
+      "tags": [
+        "architecture",
+        "separation",
+        "service"
+      ],
       "engineMappings": {
         "eslint": [
           "prefer-const",
@@ -326,12 +694,21 @@
       "description": "Limit direct access to global state in domain logic",
       "category": "architecture",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C034_limit_global_state/analyzer.js",
       "config": "./rules/common/C034_limit_global_state/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["architecture", "global-state", "design"],
+      "tags": [
+        "architecture",
+        "global-state",
+        "design"
+      ],
       "engineMappings": {
         "eslint": [
           "no-global-assign",
@@ -345,14 +722,27 @@
       "description": "When handling errors, must log full information related - structured logging with context",
       "category": "error-handling",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C035_error_logging_context/analyzer.js",
       "config": "./rules/common/C035_error_logging_context/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["logging", "error-handling", "observability", "debugging"],
+      "tags": [
+        "logging",
+        "error-handling",
+        "observability",
+        "debugging"
+      ],
       "engineMappings": {
-        "eslint": ["no-empty-catch", "@typescript-eslint/no-unused-vars"]
+        "eslint": [
+          "no-empty-catch",
+          "@typescript-eslint/no-unused-vars"
+        ]
       }
     },
     "C037": {
@@ -360,12 +750,21 @@
       "description": "API handlers should return standard response objects (not raw strings)",
       "category": "api",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C037_standard_response/analyzer.js",
       "config": "./rules/common/C037_standard_response/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["api", "response", "standardization"],
+      "tags": [
+        "api",
+        "response",
+        "standardization"
+      ],
       "engineMappings": {
         "eslint": [
           "consistent-return",
@@ -379,12 +778,21 @@
       "description": "Avoid logic depending on file/module loading order",
       "category": "architecture",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C038_no_loading_order/analyzer.js",
       "config": "./rules/common/C038_no_loading_order/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["architecture", "loading", "dependency"],
+      "tags": [
+        "architecture",
+        "loading",
+        "dependency"
+      ],
       "engineMappings": {
         "eslint": [
           "import/no-dynamic-require",
@@ -398,12 +806,21 @@
       "description": "Don't scatter validation logic across multiple classes",
       "category": "validation",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C040_centralized_validation/analyzer.js",
       "config": "./rules/common/C040_centralized_validation/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["validation", "centralization", "architecture"],
+      "tags": [
+        "validation",
+        "centralization",
+        "architecture"
+      ],
       "engineMappings": {
         "eslint": [
           "no-duplicate-imports",
@@ -417,14 +834,54 @@
       "description": "Protect sensitive application data, avoid security risks, and comply with security standards. Exposing sensitive information can lead to serious security and privacy issues.",
       "category": "security",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
       "analyzer": "./rules/common/C041_no_sensitive_hardcode/analyzer.js",
       "config": "./rules/common/C041_no_sensitive_hardcode/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["naming", "domain", "readability"],
+      "tags": [
+        "naming",
+        "domain",
+        "readability"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "@typescript-eslint/naming-convention",
+          "camelcase"
+        ]
+      }
+    },
+    "C042": {
+      "id": "C042",
+      "name": "Rule C042",
+      "description": "Auto-migrated rule C042 from ESLint mapping",
+      "category": "general",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["@typescript-eslint/naming-convention", "camelcase"]
+        "eslint": [
+          "custom/boolean-name-prefix"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
       }
     },
     "C043": {
@@ -432,281 +889,1031 @@
       "description": "Do not use console.log or print in production code",
       "category": "logging",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
       "analyzer": "./rules/common/C043_no_console_or_print/analyzer.js",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["logging", "production", "debugging", "console"],
+      "tags": [
+        "logging",
+        "production",
+        "debugging",
+        "console"
+      ],
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {
           "regex": 90
         }
       }
     },
-    "C060": {
-      "name": "Do not override superclass methods and ignore critical logic",
-      "description": "Preserve important behavior or lifecycle logic defined in the superclass to ensure correctness and prevent silent errors.",
-      "category": "logging",
+    "C047": {
+      "id": "C047",
+      "name": "Rule C047",
+      "description": "Auto-migrated rule C047 from ESLint mapping",
+      "category": "general",
       "severity": "warning",
-      "languages": ["typescript", "javascript", "dart"],
-      "analyzer": "./rules/common/C060_no_override_superclass/analyzer.js",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
-      "status": "stable",
-      "tags": ["logging", "production", "debugging", "console"],
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "custom/no-duplicate-retry-logic"
+        ]
+      },
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {
-          "regex": 90
-        }
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
       }
     },
-    "S001": {
-      "name": "Fail Securely",
-      "description": "Verify that if there is an error in access control, the system fails securely",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s001",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "access-control", "fail-safe"],
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex", "ast"],
-        "accuracy": {
-          "regex": 85,
-          "ast": 90
-        }
+    "C048": {
+      "name": "Do not bypass architectural layers (controller/service/repository)",
+      "description": "Maintain a clear layered architecture, ensuring logic and data flow are well-structured and maintainable.",
+      "category": "naming",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
+      "analyzer": "./rules/common/C048_no_bypass_architectural_layers/analyzer.js",
+      "config": "./rules/common/C048_no_bypass_architectural_layers/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "naming",
+        "domain",
+        "readability"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "@typescript-eslint/naming-convention",
+          "camelcase"
+        ]
       }
     },
-    "S002": {
-      "name": "IDOR Check",
-      "description": "Insecure Direct Object Reference prevention",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s002",
+    "C052": {
+      "name": "Parsing or data transformation logic must be separated from controllers",
+      "description": "Enforce separation of concerns — controllers should only handle requests and delegate processing, improving testability, maintainability, and reuse.",
+      "category": "naming",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
+      "analyzer": "./rules/common/C052_parsing_or_data_transformation/analyzer.js",
+      "config": "./rules/common/C052_parsing_or_data_transformation/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "idor", "access-control"]
+      "tags": [
+        "naming",
+        "domain",
+        "readability"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "@typescript-eslint/naming-convention",
+          "camelcase"
+        ]
+      }
     },
-    "S003": {
-      "name": "Open Redirect Protection",
-      "description": "URL redirects must validate against an allow list to prevent open redirect vulnerabilities",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S003_open_redirect_protection/analyzer.js",
-      "config": "./rules/security/S003_open_redirect_protection/config.json",
+    "C060": {
+      "name": "Do not override superclass methods and ignore critical logic",
+      "description": "Preserve important behavior or lifecycle logic defined in the superclass to ensure correctness and prevent silent errors.",
+      "category": "logging",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
+      "analyzer": "./rules/common/C060_no_override_superclass/analyzer.js",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "owasp", "injection", "open-redirect", "phishing", "url-validation"],
+      "tags": [
+        "logging",
+        "production",
+        "debugging",
+        "console"
+      ],
       "strategy": {
-        "preferred": "heuristic",
-        "fallbacks": ["heuristic"],
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {
-          "heuristic": 95
+          "regex": 90
         }
-      },
+      }
+    },
+    "C065": {
+      "name": "One Behavior per Test (AAA Pattern)",
+      "description": "Enforce single behavior testing - each test should verify exactly one action/behavior with clear Arrange-Act-Assert structure",
+      "category": "common",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "java",
+        "csharp",
+        "swift",
+        "kotlin",
+        "python"
+      ],
+      "analyzer": "./rules/common/C065_one_behavior_per_test/analyzer.js",
+      "config": "./rules/common/C065_one_behavior_per_test/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "testing",
+        "aaa",
+        "behavior",
+        "maintainability",
+        "clarity"
+      ],
       "engineMappings": {
-        "heuristic": ["rules/security/S003_open_redirect_protection/analyzer.js"]
-      },
-      "metadata": {
-        "owaspCategory": "A03:2021 - Injection",
-        "cweId": "CWE-601",
-        "frameworks": ["Express", "NestJS", "Next.js", "Nuxt.js", "Spring Boot"],
-        "detectionPatterns": 28,
-        "testCases": 118
+        "heuristic": [
+          "./rules/common/C065_one_behavior_per_test/analyzer.js"
+        ]
       }
     },
-    "S004": {
-      "name": "Sensitive Data Logging Protection",
-      "description": "Prevent logging of sensitive information like passwords, tokens, and payment data without proper redaction",
-      "category": "security",
+    "C067": {
+      "name": "No Hardcoded Configuration",
+      "description": "Improve configurability, reduce risk when changing environments, and make configuration management flexible and maintainable.",
+      "category": "configuration",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S004_sensitive_data_logging/analyzer.js",
-      "config": "./rules/security/S004_sensitive_data_logging/config.json",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin"
+      ],
+      "analyzer": "./rules/common/C067_no_hardcoded_config/analyzer.js",
+      "config": "./rules/common/C067_no_hardcoded_config/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "owasp", "logging", "sensitive-data", "pii", "credentials", "data-exposure"],
+      "tags": [
+        "configuration",
+        "hardcode",
+        "environment",
+        "maintainability",
+        "security"
+      ],
       "strategy": {
-        "preferred": "heuristic",
-        "fallbacks": ["heuristic"],
+        "preferred": "ast",
+        "fallbacks": [
+          "ast"
+        ],
         "accuracy": {
-          "heuristic": 90
+          "ast": 90
         }
       },
       "engineMappings": {
-        "heuristic": ["rules/security/S004_sensitive_data_logging/analyzer.js"]
-      },
-      "metadata": {
-        "owaspCategory": "A09:2021 - Security Logging and Monitoring Failures",
-        "cweId": "CWE-532",
-        "frameworks": ["Express", "NestJS", "Next.js", "Nuxt.js", "Spring Boot", "Winston", "Pino", "Bunyan"],
-        "detectionPatterns": 90,
-        "testCases": 45
+        "heuristic": [
+          "rules/common/C067_no_hardcoded_config/analyzer.js"
+        ]
       }
     },
-    "S005": {
-      "name": "No Origin Header Authentication",
-      "description": "Do not use Origin header for authentication/access control",
-      "category": "security",
+    "C070": {
+      "name": "No Real Time Tests",
+      "description": "Tests should not depend on real time delays or sleeps. Use fake timers, clock injection, or condition-based waits to improve test reliability and speed.",
+      "category": "testing",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S005_no_origin_auth/analyzer.js",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "../rules/common/C070_no_real_time_tests/regex-analyzer.js",
+      "config": "../rules/common/C070_no_real_time_tests/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "authentication", "headers"],
+      "tags": [
+        "testing",
+        "flaky-tests",
+        "timing",
+        "fake-timers",
+        "reliability"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
-          "regex": 85
+          "regex": 88
         }
       },
       "engineMappings": {
-        "eslint": ["custom/typescript_s005"]
+        "heuristic": [
+          "../rules/common/C070_no_real_time_tests/regex-analyzer.js"
+        ]
       }
     },
-    "S006": {
-      "name": "No Plaintext Recovery/Activation Codes",
-      "description": "Do not send recovery or activation codes in plaintext",
-      "category": "security",
-      "severity": "error",
-      "languages": ["All languages"],
-      "analyzer": "./rules/security/S006_no_plaintext_recovery_codes/analyzer.js",
-      "config": "./rules/security/S006_no_plaintext_recovery_codes/config.json",
+    "C072": {
+      "id": "C072",
+      "name": "Single Test Behavior",
+      "description": "Each test should assert only one behavior",
+      "category": "testing",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "owasp", "cryptographic-failures", "authentication"],
+      "tags": [
+        "testing",
+        "unit-test",
+        "single-behavior"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "custom/c072-one-assert-per-test"
+        ],
+        "heuristic": [
+          "rules/common/C072_single_test_behavior/analyzer.js"
+        ]
+      },
       "strategy": {
         "preferred": "regex",
-        "fallback": "heuristic"
-      },
-      "engineMappings": {
-        "heuristic": "S006_no_plaintext_recovery_codes"
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
       }
     },
-    "S007": {
-      "name": "No Plaintext OTP",
-      "description": "One-Time Passwords must not be stored in plaintext",
-      "category": "security",
+    "C073": {
+      "id": "C073",
+      "name": "Validate Required Configuration on Startup",
+      "description": "C073 - Validate mandatory configuration at startup and fail fast on invalid/missing values",
+      "category": "configuration",
       "severity": "error",
       "languages": [
         "typescript",
         "javascript",
-        "dart",
-        "kotlin",
         "java",
-        "python",
-        "go",
-        "swift"
+        "go"
       ],
-      "analyzer": "./rules/security/S007_no_plaintext_otp/analyzer.js",
-      "config": "./rules/security/S007_no_plaintext_otp/config.json",
       "version": "1.0.0",
       "status": "stable",
       "tags": [
-        "security",
-        "otp",
-        "encryption",
-        "owasp",
-        "cryptographic-failures",
-        "authentication"
+        "configuration",
+        "validation",
+        "startup",
+        "fail-fast"
       ],
+      "engineMappings": {
+        "heuristic": [
+          "rules/common/C073_validate_required_config_on_startup/analyzer.js"
+        ],
+        "semantic": [
+          "rules/common/C073_validate_required_config_on_startup/symbol-based-analyzer.js"
+        ]
+      },
       "strategy": {
-        "preferred": "heuristic",
-        "fallbacks": ["heuristic", "regex"],
+        "preferred": "semantic",
+        "fallbacks": [
+          "heuristic"
+        ],
         "accuracy": {
-          "heuristic": 90,
-          "regex": 75
+          "semantic": 0.9,
+          "heuristic": 0.7
         }
-      },
-      "engineMappings": {
-        "heuristic": "S007_no_plaintext_otp"
       }
     },
-    "S008": {
-      "name": "Crypto Agility",
-      "description": "Ensure cryptographic agility and algorithm flexibility",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s008",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "cryptography", "agility"]
-    },
-    "S009": {
-      "name": "No Insecure Crypto",
-      "description": "Prevent usage of insecure cryptographic methods",
+    "C075": {
+      "id": "C075",
+      "name": "Rule C075",
+      "description": "Auto-migrated rule C075 from ESLint mapping",
+      "category": "general",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "custom/explicit-function-return-types"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "C076": {
+      "id": "C076",
+      "name": "Explicit Function Argument Types",
+      "description": "All public functions must declare explicit types for arguments",
+      "category": "type-safety",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "type-safety",
+        "public-api",
+        "explicit-types"
+      ],
+      "engineMappings": {
+        "heuristic": [
+          "rules/common/C076_explicit_function_types/semantic-analyzer.js"
+        ]
+      },
+      "strategy": {
+        "preferred": "symbol",
+        "fallbacks": [
+          "symbol"
+        ],
+        "accuracy": {}
+      }
+    },
+    "R001": {
+      "id": "R001",
+      "name": "Rule R001",
+      "description": "Auto-migrated rule R001 from ESLint mapping",
+      "category": "react",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "react/no-this-in-sfc",
+          "no-param-reassign",
+          "react/function-component-definition",
+          "react/forbid-component-props"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "R002": {
+      "id": "R002",
+      "name": "Rule R002",
+      "description": "Auto-migrated rule R002 from ESLint mapping",
+      "category": "react",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "react-hooks/rules-of-hooks",
+          "react-hooks/exhaustive-deps",
+          "react/no-did-mount-set-state",
+          "react/no-did-update-set-state"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "R003": {
+      "id": "R003",
+      "name": "Rule R003",
+      "description": "Auto-migrated rule R003 from ESLint mapping",
+      "category": "react",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "react/no-direct-mutation-state",
+          "react/jsx-no-constructed-context-values",
+          "react/forbid-dom-props"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "R004": {
+      "id": "R004",
+      "name": "Rule R004",
+      "description": "Auto-migrated rule R004 from ESLint mapping",
+      "category": "react",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "no-param-reassign",
+          "react/forbid-foreign-prop-types"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "R005": {
+      "id": "R005",
+      "name": "Rule R005",
+      "description": "Auto-migrated rule R005 from ESLint mapping",
+      "category": "react",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "react/jsx-no-bind"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "R006": {
+      "id": "R006",
+      "name": "Rule R006",
+      "description": "Auto-migrated rule R006 from ESLint mapping",
+      "category": "react",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "react/jsx-pascal-case",
+          "react/jsx-uses-react",
+          "react/jsx-uses-vars"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "R007": {
+      "id": "R007",
+      "name": "Rule R007",
+      "description": "Auto-migrated rule R007 from ESLint mapping",
+      "category": "react",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "react-hooks/rules-of-hooks"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "R008": {
+      "id": "R008",
+      "name": "Rule R008",
+      "description": "Auto-migrated rule R008 from ESLint mapping",
+      "category": "react",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "react-hooks/rules-of-hooks"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "R009": {
+      "id": "R009",
+      "name": "Rule R009",
+      "description": "Auto-migrated rule R009 from ESLint mapping",
+      "category": "react",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "version": "1.0.0",
+      "status": "migrated",
+      "tags": [
+        "migrated"
+      ],
+      "engineMappings": {
+        "eslint": [
+          "react-hooks/rules-of-hooks"
+        ]
+      },
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex"
+        ],
+        "accuracy": {}
+      }
+    },
+    "S001": {
+      "name": "Fail Securely",
+      "description": "Verify that if there is an error in access control, the system fails securely",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s001",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "access-control",
+        "fail-safe"
+      ],
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": [
+          "regex",
+          "ast"
+        ],
+        "accuracy": {
+          "regex": 85,
+          "ast": 90
+        }
+      }
+    },
+    "S002": {
+      "name": "IDOR Check",
+      "description": "Insecure Direct Object Reference prevention",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s002",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "idor",
+        "access-control"
+      ]
+    },
+    "S003": {
+      "name": "Open Redirect Protection",
+      "description": "URL redirects must validate against an allow list to prevent open redirect vulnerabilities",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
+      "analyzer": "./rules/security/S003_open_redirect_protection/index.js",
+      "config": "./rules/security/S003_open_redirect_protection/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "owasp",
+        "injection",
+        "open-redirect",
+        "phishing",
+        "url-validation"
+      ],
+      "strategy": {
+        "preferred": "heuristic",
+        "fallbacks": [
+          "heuristic"
+        ],
+        "accuracy": {
+          "heuristic": 95
+        }
+      },
+      "engineMappings": {
+        "heuristic": [
+          "rules/security/S003_open_redirect_protection/index.js"
+        ]
+      },
+      "metadata": {
+        "owaspCategory": "A03:2021 - Injection",
+        "cweId": "CWE-601",
+        "frameworks": [
+          "Express",
+          "NestJS",
+          "Next.js",
+          "Nuxt.js",
+          "Spring Boot"
+        ],
+        "detectionPatterns": 28,
+        "testCases": 118
+      }
+    },
+    "S004": {
+      "name": "Sensitive Data Logging Protection",
+      "description": "Prevent logging of sensitive information like passwords, tokens, and payment data without proper redaction",
+      "category": "security",
+      "severity": "warning",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart"
+      ],
+      "analyzer": "./rules/security/S004_sensitive_data_logging/analyzer.js",
+      "config": "./rules/security/S004_sensitive_data_logging/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "owasp",
+        "logging",
+        "sensitive-data",
+        "pii",
+        "credentials",
+        "data-exposure"
+      ],
+      "strategy": {
+        "preferred": "heuristic",
+        "fallbacks": [
+          "heuristic"
+        ],
+        "accuracy": {
+          "heuristic": 90
+        }
+      },
+      "engineMappings": {
+        "heuristic": [
+          "rules/security/S004_sensitive_data_logging/analyzer.js"
+        ]
+      },
+      "metadata": {
+        "owaspCategory": "A09:2021 - Security Logging and Monitoring Failures",
+        "cweId": "CWE-532",
+        "frameworks": [
+          "Express",
+          "NestJS",
+          "Next.js",
+          "Nuxt.js",
+          "Spring Boot",
+          "Winston",
+          "Pino",
+          "Bunyan"
+        ],
+        "detectionPatterns": 90,
+        "testCases": 45
+      }
+    },
+    "S005": {
+      "name": "No Origin Header Authentication",
+      "description": "Do not use Origin header for authentication/access control",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S005_no_origin_auth/analyzer.js",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "authentication",
+        "headers"
+      ],
+      "strategy": {
+        "preferred": "ast",
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
+        "accuracy": {
+          "ast": 95,
+          "regex": 85
+        }
+      },
+      "engineMappings": {
+        "eslint": [
+          "custom/typescript_s005"
+        ]
+      }
+    },
+    "S006": {
+      "name": "No Plaintext Recovery/Activation Codes",
+      "description": "Do not send recovery or activation codes in plaintext",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "All languages"
+      ],
+      "analyzer": "./rules/security/S006_no_plaintext_recovery_codes/analyzer.js",
+      "config": "./rules/security/S006_no_plaintext_recovery_codes/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "owasp",
+        "cryptographic-failures",
+        "authentication"
+      ],
+      "strategy": {
+        "preferred": "regex",
+        "fallback": "heuristic"
+      },
+      "engineMappings": {
+        "heuristic": "S006_no_plaintext_recovery_codes"
+      }
+    },
+    "S007": {
+      "name": "No Plaintext OTP",
+      "description": "One-Time Passwords must not be stored in plaintext",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript",
+        "dart",
+        "kotlin",
+        "java",
+        "python",
+        "go",
+        "swift"
+      ],
+      "analyzer": "./rules/security/S007_no_plaintext_otp/analyzer.js",
+      "config": "./rules/security/S007_no_plaintext_otp/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "otp",
+        "encryption",
+        "owasp",
+        "cryptographic-failures",
+        "authentication"
+      ],
+      "strategy": {
+        "preferred": "heuristic",
+        "fallbacks": [
+          "heuristic",
+          "regex"
+        ],
+        "accuracy": {
+          "heuristic": 90,
+          "regex": 75
+        }
+      },
+      "engineMappings": {
+        "heuristic": "S007_no_plaintext_otp"
+      }
+    },
+    "S008": {
+      "name": "Crypto Agility",
+      "description": "Ensure cryptographic agility and algorithm flexibility",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s008",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "cryptography",
+        "agility"
+      ]
+    },
+    "S009": {
+      "name": "No Insecure Crypto",
+      "description": "Prevent usage of insecure cryptographic methods",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s009",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "cryptography", "insecure"]
+      "tags": [
+        "security",
+        "cryptography",
+        "insecure"
+      ]
     },
     "S010": {
       "name": "No Insecure Random in Sensitive Context",
       "description": "Prevent insecure random generator usage in sensitive contexts",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s010",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "random", "sensitive"]
+      "tags": [
+        "security",
+        "random",
+        "sensitive"
+      ]
     },
     "S011": {
       "name": "No Insecure UUID",
       "description": "UUID must be version 4 and use CSPRNG",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s011",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "uuid", "random"]
+      "tags": [
+        "security",
+        "uuid",
+        "random"
+      ]
     },
     "S012": {
       "name": "Hardcoded Secrets Protection",
       "description": "Detects hardcoded secrets, API keys, passwords, tokens, and credentials in source code to prevent accidental exposure through version control",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S012_hardcoded_secrets/analyzer.js",
       "config": "./rules/security/S012_hardcoded_secrets/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "owasp", "secrets", "credentials", "cryptographic-failures", "hardcoded-secrets", "api-keys", "passwords", "tokens"],
+      "tags": [
+        "security",
+        "owasp",
+        "secrets",
+        "credentials",
+        "cryptographic-failures",
+        "hardcoded-secrets",
+        "api-keys",
+        "passwords",
+        "tokens"
+      ],
       "strategy": {
         "preferred": "heuristic",
-        "fallbacks": ["heuristic"],
+        "fallbacks": [
+          "heuristic"
+        ],
         "accuracy": {
           "heuristic": 92
         }
       },
       "engineMappings": {
-        "heuristic": ["rules/security/S012_hardcoded_secrets/analyzer.js"]
+        "heuristic": [
+          "rules/security/S012_hardcoded_secrets/analyzer.js"
+        ]
       },
       "metadata": {
         "owaspCategory": "A02:2021 - Cryptographic Failures",
         "cweId": "CWE-798",
-        "frameworks": ["Node.js", "Express", "NestJS", "Next.js", "React", "Vue", "Angular"],
-        "secretTypes": ["API Keys", "Passwords", "Access Tokens", "Private Keys", "JWT Secrets", "Database Credentials", "OAuth Secrets", "AWS Keys", "GitHub Tokens", "Slack Tokens"],
+        "frameworks": [
+          "Node.js",
+          "Express",
+          "NestJS",
+          "Next.js",
+          "React",
+          "Vue",
+          "Angular"
+        ],
+        "secretTypes": [
+          "API Keys",
+          "Passwords",
+          "Access Tokens",
+          "Private Keys",
+          "JWT Secrets",
+          "Database Credentials",
+          "OAuth Secrets",
+          "AWS Keys",
+          "GitHub Tokens",
+          "Slack Tokens"
+        ],
         "detectionPatterns": 50,
         "testCases": 30
       }
@@ -716,39 +1923,63 @@
       "description": "Verify that TLS connections are properly established and validated",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s013",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "tls", "connection"]
+      "tags": [
+        "security",
+        "tls",
+        "connection"
+      ]
     },
     "S014": {
       "name": "Insecure TLS Version",
       "description": "Prevent usage of insecure TLS versions",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s014",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "tls", "encryption"]
+      "tags": [
+        "security",
+        "tls",
+        "encryption"
+      ]
     },
     "S015": {
       "name": "Insecure TLS Certificate",
       "description": "Prevent usage of insecure TLS certificate configurations",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s015",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "tls", "certificates"],
+      "tags": [
+        "security",
+        "tls",
+        "certificates"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 80
@@ -760,15 +1991,25 @@
       "description": "Prevent sensitive data in URL query parameters",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S016_no_sensitive_querystring/analyzer.js",
       "config": "./rules/security/S016_no_sensitive_querystring/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "sensitive-data", "url"],
+      "tags": [
+        "security",
+        "sensitive-data",
+        "url"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 80
@@ -780,52 +2021,95 @@
       "description": "Prevent SQL injection vulnerabilities",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S017_use_parameterized_queries/analyzer.js",
       "config": "./rules/security/S017_use_parameterized_queries/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "sql-injection", "database"]
+      "tags": [
+        "security",
+        "sql-injection",
+        "database"
+      ]
     },
     "S018": {
       "name": "Positive Input Validation",
       "description": "Ensure positive input validation patterns",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s018",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "validation", "input"]
+      "tags": [
+        "security",
+        "validation",
+        "input"
+      ]
     },
     "S019": {
       "name": "SMTP Injection Protection",
       "description": "Detects potential SMTP/IMAP injection vulnerabilities by identifying unsanitized user input in email fields and direct SMTP protocol manipulation",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S019_smtp_injection_protection/analyzer.js",
       "config": "./rules/security/S019_smtp_injection_protection/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "owasp", "injection", "smtp", "email", "crlf"],
+      "tags": [
+        "security",
+        "owasp",
+        "injection",
+        "smtp",
+        "email",
+        "crlf"
+      ],
       "strategy": {
         "preferred": "heuristic",
-        "fallbacks": ["heuristic"],
+        "fallbacks": [
+          "heuristic"
+        ],
         "accuracy": {
           "heuristic": 90
         }
       },
       "engineMappings": {
-        "heuristic": ["rules/security/S019_smtp_injection_protection/analyzer.js"]
+        "heuristic": [
+          "rules/security/S019_smtp_injection_protection/analyzer.js"
+        ]
       },
       "metadata": {
         "owaspCategory": "A03:2021 - Injection",
         "cweId": "CWE-93, CWE-144",
-        "frameworks": ["Node.js", "Express", "NestJS", "Next.js"],
-        "emailLibraries": ["nodemailer", "sendgrid", "mailgun", "aws-ses", "postmark"],
-        "detectionTypes": ["Unsanitized email fields", "SMTP command injection", "CRLF injection"],
+        "frameworks": [
+          "Node.js",
+          "Express",
+          "NestJS",
+          "Next.js"
+        ],
+        "emailLibraries": [
+          "nodemailer",
+          "sendgrid",
+          "mailgun",
+          "aws-ses",
+          "postmark"
+        ],
+        "detectionTypes": [
+          "Unsanitized email fields",
+          "SMTP command injection",
+          "CRLF injection"
+        ],
         "testCases": 40
       }
     },
@@ -834,45 +2118,34 @@
       "description": "Avoid using eval() or executing dynamic code as it can lead to code injection vulnerabilities and compromise application security.",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S020_no_eval_dynamic_code/analyzer.js",
       "config": "./rules/security/S020_no_eval_dynamic_code/config.json",
       "version": "1.0.0",
       "status": "experimental",
-      "tags": ["security", "eval", "dynamic-execution", "code-injection"],
-      "strategy": {
-        "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
-        "accuracy": { "ast": 95, "regex": 85 }
-      },
-      "engineMappings": {
-        "heuristic": ["rules/security/S020_no_eval_dynamic_code/analyzer.js"]
-      }
-    },
-    "S030": {
-      "name": "Disable directory browsing and protect sensitive metadata files",
-      "description": "Disable directory browsing and protect sensitive metadata files (.git/, .env, config files, etc.) to prevent information disclosure and potential security vulnerabilities.",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S030_directory_browsing_protection/analyzer.js",
-      "config": "./rules/security/S030_directory_browsing_protection/config.json",
-      "version": "1.0.0",
-      "status": "experimental",
       "tags": [
         "security",
-        "directory-browsing",
-        "information-disclosure",
-        "metadata-protection"
+        "eval",
+        "dynamic-execution",
+        "code-injection"
       ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
-        "accuracy": { "ast": 90, "regex": 75 }
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
+        "accuracy": {
+          "ast": 95,
+          "regex": 85
+        }
       },
       "engineMappings": {
         "heuristic": [
-          "rules/security/S030_directory_browsing_protection/analyzer.js"
+          "rules/security/S020_no_eval_dynamic_code/analyzer.js"
         ]
       }
     },
@@ -881,27 +2154,44 @@
       "description": "Require output encoding for user input",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s022",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "encoding", "xss"]
+      "tags": [
+        "security",
+        "encoding",
+        "xss"
+      ]
     },
     "S023": {
       "name": "No JSON Injection",
       "description": "Prevent JSON injection vulnerabilities",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s023",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "json", "injection"],
+      "tags": [
+        "security",
+        "json",
+        "injection"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 60
@@ -913,22 +2203,37 @@
       "description": "Protect against XPath Injection and XML External Entity (XXE) attacks. XPath injection occurs when user input is used to construct XPath queries without proper sanitization. XXE attacks exploit XML parsers that process external entities, potentially leading to data disclosure, server-side request forgery, or denial of service.",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S024_xpath_xxe_protection/analyzer.js",
       "config": "./rules/security/S024_xpath_xxe_protection/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "xpath", "xxe", "xml", "injection", "owasp"],
+      "tags": [
+        "security",
+        "xpath",
+        "xxe",
+        "xml",
+        "injection",
+        "owasp"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 85
         }
       },
       "engineMappings": {
-        "heuristic": ["rules/security/S024_xpath_xxe_protection/analyzer.js"]
+        "heuristic": [
+          "rules/security/S024_xpath_xxe_protection/analyzer.js"
+        ]
       }
     },
     "S025": {
@@ -936,7 +2241,10 @@
       "description": "Ensure all client-side data is validated on the server. Client-side validation is not sufficient for security as it can be bypassed by attackers. Server-side validation is mandatory for data integrity and security.",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S025_server_side_validation/analyzer.js",
       "config": "./rules/security/S025_server_side_validation/config.json",
       "version": "1.0.0",
@@ -950,14 +2258,19 @@
       ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 85
         }
       },
       "engineMappings": {
-        "heuristic": ["rules/security/S025_server_side_validation/analyzer.js"]
+        "heuristic": [
+          "rules/security/S025_server_side_validation/analyzer.js"
+        ]
       }
     },
     "S026": {
@@ -965,31 +2278,49 @@
       "description": "Require JSON schema validation",
       "category": "security",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s026",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "validation", "json-schema"]
+      "tags": [
+        "security",
+        "validation",
+        "json-schema"
+      ]
     },
     "S027": {
       "name": "No Hardcoded Secrets Advanced",
       "description": "Advanced detection of hardcoded secrets",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s027",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "secrets", "hardcoded"]
+      "tags": [
+        "security",
+        "secrets",
+        "hardcoded"
+      ]
     },
     "S028": {
       "name": "Limit upload file size and number of files per user",
       "description": "File uploads must enforce size limits and file quantity limits to prevent resource exhaustion and DoS attacks. Both file size and number of files should be limited at the server-side.",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript", "java"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "java"
+      ],
       "analyzer": "./rules/security/S028_file_upload_size_limits/analyzer.js",
       "version": "1.0.0",
       "status": "stable",
@@ -1006,34 +2337,91 @@
       "description": "Require CSRF protection for state-changing operations",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s029",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "csrf", "protection"]
+      "tags": [
+        "security",
+        "csrf",
+        "protection"
+      ]
+    },
+    "S030": {
+      "name": "Disable directory browsing and protect sensitive metadata files",
+      "description": "Disable directory browsing and protect sensitive metadata files (.git/, .env, config files, etc.) to prevent information disclosure and potential security vulnerabilities.",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S030_directory_browsing_protection/analyzer.js",
+      "config": "./rules/security/S030_directory_browsing_protection/config.json",
+      "version": "1.0.0",
+      "status": "experimental",
+      "tags": [
+        "security",
+        "directory-browsing",
+        "information-disclosure",
+        "metadata-protection"
+      ],
+      "strategy": {
+        "preferred": "ast",
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
+        "accuracy": {
+          "ast": 90,
+          "regex": 75
+        }
+      },
+      "engineMappings": {
+        "heuristic": [
+          "rules/security/S030_directory_browsing_protection/analyzer.js"
+        ]
+      }
     },
     "S031": {
       "name": "Set Secure flag for Session Cookies",
       "description": "Set Secure flag for Session Cookies to protect via HTTPS. This ensures cookies are only transmitted over secure connections, preventing interception.",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S031_secure_session_cookies/analyzer.js",
       "config": "./rules/security/S031_secure_session_cookies/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "cookies", "session", "https", "secure"],
+      "tags": [
+        "security",
+        "cookies",
+        "session",
+        "https",
+        "secure"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 85
         }
       },
       "engineMappings": {
-        "heuristic": ["rules/security/S031_secure_session_cookies/analyzer.js"]
+        "heuristic": [
+          "rules/security/S031_secure_session_cookies/analyzer.js"
+        ]
       }
     },
     "S032": {
@@ -1041,15 +2429,27 @@
       "description": "Set HttpOnly attribute for Session Cookies to prevent JavaScript access. This protects against XSS attacks by preventing client-side script access to sensitive cookies.",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S032_httponly_session_cookies/analyzer.js",
       "config": "./rules/security/S032_httponly_session_cookies/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "cookies", "session", "httponly", "xss"],
+      "tags": [
+        "security",
+        "cookies",
+        "session",
+        "httponly",
+        "xss"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 85
@@ -1066,15 +2466,27 @@
       "description": "Set SameSite attribute for Session Cookies to reduce CSRF risk. This prevents the browser from sending cookies along with cross-site requests, mitigating CSRF attacks.",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S033_samesite_session_cookies/analyzer.js",
       "config": "./rules/security/S033_samesite_session_cookies/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "cookies", "session", "samesite", "csrf"],
+      "tags": [
+        "security",
+        "cookies",
+        "session",
+        "samesite",
+        "csrf"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 85
@@ -1091,15 +2503,27 @@
       "description": "Use __Host- prefix for Session Cookies to prevent subdomain sharing. The __Host- prefix ensures cookies are only sent to the exact domain that set them, preventing subdomain cookie sharing attacks.",
       "category": "security",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S034_host_prefix_session_cookies/analyzer.js",
       "config": "./rules/security/S034_host_prefix_session_cookies/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "cookies", "session", "host-prefix", "subdomain"],
+      "tags": [
+        "security",
+        "cookies",
+        "session",
+        "host-prefix",
+        "subdomain"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 85
@@ -1116,50 +2540,84 @@
       "description": "Set Path attribute for Session Cookies to limit access scope",
       "category": "security",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "heuristic",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "cookies", "path"],
+      "tags": [
+        "security",
+        "cookies",
+        "path"
+      ],
       "strategy": {
         "defaultEngine": "heuristic",
         "engineMappings": {
-          "heuristic": ["rules/security/S035_path_session_cookies/analyzer.js"]
+          "heuristic": [
+            "rules/security/S035_path_session_cookies/analyzer.js"
+          ]
         }
       },
       "configPath": "rules/security/S035_path_session_cookies/config.json",
-      "analyzerPath": ["rules/security/S035_path_session_cookies/analyzer.js"]
+      "analyzerPath": [
+        "rules/security/S035_path_session_cookies/analyzer.js"
+      ]
     },
     "S036": {
       "name": "No Unsafe File Include",
       "description": "Prevent unsafe file inclusion vulnerabilities",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "eslint",
       "eslintRule": "custom/typescript_s036",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "file-inclusion", "path-traversal"]
+      "tags": [
+        "security",
+        "file-inclusion",
+        "path-traversal"
+      ]
     },
     "S037": {
       "name": "Configure comprehensive cache headers to prevent sensitive data leakage",
       "description": "Configure comprehensive cache headers (Cache-Control: no-store, no-cache, must-revalidate, Pragma: no-cache, Expires: 0) for sensitive responses to avoid caching sensitive data in browsers or intermediaries.",
       "category": "security",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S037_cache_headers/analyzer.js",
       "config": "./rules/security/S037_cache_headers/config.json",
       "version": "1.0.0",
       "status": "experimental",
-      "tags": ["security", "caching", "headers", "privacy"],
+      "tags": [
+        "security",
+        "caching",
+        "headers",
+        "privacy"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
-        "accuracy": { "ast": 90, "regex": 75 }
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
+        "accuracy": {
+          "ast": 90,
+          "regex": 75
+        }
       },
       "engineMappings": {
-        "heuristic": ["rules/security/S037_cache_headers/analyzer.js"]
+        "heuristic": [
+          "rules/security/S037_cache_headers/analyzer.js"
+        ]
       }
     },
     "S038": {
@@ -1167,19 +2625,35 @@
       "description": "Prevent exposure of server version information through response headers (Server, X-Powered-By, X-AspNet-Version, etc.) to reduce information disclosure and potential attack vectors.",
       "category": "security",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S038_no_version_headers/analyzer.js",
       "config": "./rules/security/S038_no_version_headers/config.json",
       "version": "1.0.0",
       "status": "experimental",
-      "tags": ["security", "information-disclosure", "version", "headers"],
+      "tags": [
+        "security",
+        "information-disclosure",
+        "version",
+        "headers"
+      ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
-        "accuracy": { "ast": 90, "regex": 75 }
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
+        "accuracy": {
+          "ast": 90,
+          "regex": 75
+        }
       },
       "engineMappings": {
-        "heuristic": ["rules/security/S038_no_version_headers/analyzer.js"]
+        "heuristic": [
+          "rules/security/S038_no_version_headers/analyzer.js"
+        ]
       }
     },
     "S039": {
@@ -1187,7 +2661,10 @@
       "description": "Detects when session tokens, authentication tokens, JWT tokens, or other sensitive authentication data are passed as URL parameters instead of secure headers or request body. URL parameters are logged in web server logs, browser history, and can be exposed in referrer headers.",
       "category": "security",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "analyzer": "./rules/security/S039_no_session_tokens_in_url/analyzer.js",
       "config": "./rules/security/S039_no_session_tokens_in_url/config.json",
       "version": "1.0.0",
@@ -1200,304 +2677,48 @@
       ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
-        "accuracy": { "ast": 85, "regex": 70 }
-      },
-      "engineMappings": {
-        "heuristic": [
-          "rules/security/S039_no_session_tokens_in_url/analyzer.js"
-        ]
-      }
-    },
-    "S041": {
-      "name": "Session Tokens must be invalidated after logout or expiration",
-      "description": "Session tokens must be properly invalidated after logout or expiration to prevent session hijacking and unauthorized access. This includes clearing session data, invalidating JWT tokens, and ensuring proper session cleanup.",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S041_session_token_invalidation/analyzer.js",
-      "config": "./rules/security/S041_session_token_invalidation/config.json",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "session", "token", "logout", "invalidation", "owasp"],
-      "strategy": {
-        "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
-        "accuracy": {
-          "ast": 95,
-          "regex": 85
-        }
-      },
-      "engineMappings": {
-        "heuristic": ["rules/security/S041_session_token_invalidation/analyzer.js"]
-      }
-    },
-    "S042": {
-      "name": "Require Periodic Reauthentication",
-      "description": "Require periodic re-authentication for sensitive operations",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S042_require_re_authentication_for_long_lived/analyzer.js",
-      "config": "./rules/security/S042_require_re_authentication_for_long_lived/config.json",
-      "eslintRule": "custom/typescript_s042",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "authentication", "periodic"]
-    },
-    "S043": {
-      "name": "Terminate Sessions on Password Change",
-      "description": "Terminate all sessions when password changes",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S043_password_changes_invalidate_all_sessions/analyzer.js",
-      "config": "./rules/security/S043_password_changes_invalidate_all_sessions/config.json",
-      "eslintRule": "custom/typescript_s043",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "session", "password"]
-    },
-    "S044": {
-      "name": "Re-authentication Required for Sensitive Operations",
-      "description": "Require re-authentication before performing sensitive operations such as password changes, email changes, profile updates, and other critical account modifications. This prevents unauthorized access to sensitive account functions even if a session is compromised.",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S044_re_authentication_required/analyzer.js",
-      "config": "./rules/security/S044_re_authentication_required/config.json",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "authentication", "re-authentication", "sensitive-operations", "owasp"],
-      "strategy": {
-        "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
-        "accuracy": {
-          "ast": 95,
-          "regex": 85
-        }
-      },
-      "engineMappings": {
-        "heuristic": ["rules/security/S044_re_authentication_required/analyzer.js"]
-      }
-    },
-    "S045": {
-      "name": "Brute-force Protection",
-      "description": "Implement protection against brute-force attacks on authentication endpoints. This rule detects missing rate limiting, account lockout mechanisms, and other brute-force protection measures in authentication flows.",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S045_brute_force_protection/analyzer.js",
-      "config": "./rules/security/S045_brute_force_protection/config.json",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "authentication", "brute-force", "rate-limiting", "owasp"],
-      "strategy": {
-        "preferred": "heuristic",
-        "fallbacks": ["heuristic"],
-        "accuracy": {
-          "heuristic": 95
-        }
-      },
-      "engineMappings": {
-        "heuristic": "rules/security/S045_brute_force_protection/analyzer.js"
-      }
-    },
-    "S046": {
-      "name": "Secure Notification on Auth Change",
-      "description": "Require secure notification on authentication changes",
-      "category": "security",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s046",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "notification", "authentication"]
-    },
-    "S047": {
-      "name": "Secure Random Password Generation",
-      "description": "Require secure and random initial password generation",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s047",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "password", "random"]
-    },
-    "S048": {
-      "name": "Password Credential Recovery",
-      "description": "Secure password credential recovery process",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s048",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "password", "recovery"]
-    },
-    "S049": {
-      "name": "Authentication tokens should have short validity periods",
-      "description": "Authentication tokens (JWT, session tokens, etc.) should have appropriately short validity periods to minimize the risk of token compromise. Long-lived tokens increase the attack surface and potential impact of token theft.",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S049_short_validity_tokens/analyzer.js",
-      "config": "./rules/security/S049_short_validity_tokens/config.json",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": [
-        "security",
-        "authentication",
-        "tokens",
-        "jwt",
-        "session",
-        "owasp"
-      ],
-      "strategy": {
-        "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
-          "ast": 90,
-          "regex": 75
+          "ast": 85,
+          "regex": 70
         }
       },
       "engineMappings": {
-        "heuristic": ["rules/security/S049_short_validity_tokens/analyzer.js"]
-      }
-    },
-    "S050": {
-      "name": "Session Token Weak Hash",
-      "description": "Prevent weak hashing for session tokens",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "eslint",
-      "eslintRule": "custom/typescript_s050",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "session", "hashing"]
-    },
-    "S051": {
-      "name": "Password length policy enforcement (12-64 chars recommended, reject >128)",
-      "description": "Enforce strong password length policies with multi-signal detection. Prevent weak validators, missing limits, and FE/BE mismatches.",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S051_password_length_policy/analyzer.js",
-      "config": "./rules/security/S051_password_length_policy/config.json",
-      "eslintRule": "custom/typescript_s051",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "password", "validation", "length", "policy"],
-      "engineMappings": {
-        "eslint": ["custom/typescript_s051"],
         "heuristic": [
-          "./rules/security/S051_password_length_policy/analyzer.js"
+          "rules/security/S039_no_session_tokens_in_url/analyzer.js"
         ]
       }
     },
-    "C065": {
-      "name": "One Behavior per Test (AAA Pattern)",
-      "description": "Enforce single behavior testing - each test should verify exactly one action/behavior with clear Arrange-Act-Assert structure",
-      "category": "common",
-      "severity": "warning",
-      "languages": [
-        "typescript",
-        "javascript",
-        "java",
-        "csharp",
-        "swift",
-        "kotlin",
-        "python"
-      ],
-      "analyzer": "./rules/common/C065_one_behavior_per_test/analyzer.js",
-      "config": "./rules/common/C065_one_behavior_per_test/config.json",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["testing", "aaa", "behavior", "maintainability", "clarity"],
-      "engineMappings": {
-        "heuristic": ["./rules/common/C065_one_behavior_per_test/analyzer.js"]
-      }
-    },
-    "S052": {
-      "name": "OTP must have ≥20-bit entropy (≥6 digits) and use CSPRNG",
-      "description": "Prevent guessable OTP by enforcing CSPRNG and minimal entropy. Ban non-crypto RNG and too-short codes.",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S052_weak_otp_entropy/analyzer.js",
-      "config": "./rules/security/S052_weak_otp_entropy/config.json",
-      "eslintRule": "custom/typescript_s052",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "otp", "entropy", "csprng"],
-      "engines": {
-        "eslint": ["custom/typescript_s052"],
-        "heuristic": ["./rules/security/S052_weak_otp_entropy/analyzer.js"]
-      }
-    },
-    "S054": {
-      "name": "Disallow Default/Built-in Accounts (admin/root/sa/...)",
-      "description": "Prevent use of default or shared accounts. Enforce per-user identities, initial password change, and disabling well-known built-ins.",
+    "S041": {
+      "name": "Session Tokens must be invalidated after logout or expiration",
+      "description": "Session tokens must be properly invalidated after logout or expiration to prevent session hijacking and unauthorized access. This includes clearing session data, invalidating JWT tokens, and ensuring proper session cleanup.",
       "category": "security",
       "severity": "error",
       "languages": [
         "typescript",
-        "javascript",
-        "sql",
-        "terraform",
-        "yaml",
-        "dockerfile",
-        "all"
+        "javascript"
       ],
-      "analyzer": "./rules/security/S054_no_default_accounts/analyzer.js",
-      "config": "./rules/security/S054_no_default_accounts/config.json",
-      "eslintRule": "custom/typescript_s054",
+      "analyzer": "./rules/security/S041_session_token_invalidation/analyzer.js",
+      "config": "./rules/security/S041_session_token_invalidation/config.json",
       "version": "1.0.0",
       "status": "stable",
       "tags": [
         "security",
-        "accounts",
-        "default",
-        "authentication",
-        "authorization"
+        "session",
+        "token",
+        "logout",
+        "invalidation",
+        "owasp"
       ],
-      "engines": {
-        "eslint": ["custom/typescript_s054"],
-        "heuristic": ["./rules/security/S054_no_default_accounts/analyzer.js"]
-      }
-    },
-    "S055": {
-      "name": "REST Content-Type Verification",
-      "description": "Verify incoming Content-Type in REST API endpoints",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S055_content_type_validation/analyzer.js",
-      "config": "./rules/security/S055_content_type_validation/config.json",
-      "eslintRule": "custom/typescript_s055",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "rest", "content-type"]
-    },
-    "S056": {
-      "name": "Protect against Log Injection attacks",
-      "description": "Protect against Log Injection attacks. Log injection occurs when user-controlled data is written to log files without proper sanitization, potentially allowing attackers to manipulate log entries, inject malicious content, or exploit log processing systems.",
-      "category": "security",
-      "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S056_log_injection_protection/analyzer.js",
-      "config": "./rules/security/S056_log_injection_protection/config.json",
-      "version": "1.0.0",
-      "status": "stable",
-      "tags": ["security", "logging", "injection", "owasp", "crlf"],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast", "regex"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
           "ast": 95,
           "regex": 85
@@ -1505,374 +2726,439 @@
       },
       "engineMappings": {
         "heuristic": [
-          "rules/security/S056_log_injection_protection/analyzer.js"
+          "rules/security/S041_session_token_invalidation/analyzer.js"
         ]
       }
     },
-    "S057": {
-      "name": "Log with UTC Timestamps",
-      "description": "Ensure all logs use synchronized UTC time with ISO 8601/RFC3339 format to avoid timezone discrepancies across systems",
+    "S042": {
+      "name": "Require Periodic Reauthentication",
+      "description": "Require periodic re-authentication for sensitive operations",
       "category": "security",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S057_utc_logging/analyzer.js",
-      "config": "./rules/security/S057_utc_logging/config.json",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S042_require_re_authentication_for_long_lived/analyzer.js",
+      "config": "./rules/security/S042_require_re_authentication_for_long_lived/config.json",
+      "eslintRule": "custom/typescript_s042",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "logging", "timezone", "utc"],
-      "engineMappings": {
-        "eslint": ["custom/typescript_s057"],
-        "heuristic": ["./rules/security/S057_utc_logging/analyzer.js"]
-      }
+      "tags": [
+        "security",
+        "authentication",
+        "periodic"
+      ]
     },
-    "S058": {
-      "name": "No SSRF (Server-Side Request Forgery)",
-      "description": "Prevent SSRF attacks by validating URLs from user input before making HTTP requests",
+    "S043": {
+      "name": "Terminate Sessions on Password Change",
+      "description": "Terminate all sessions when password changes",
       "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/security/S058_no_ssrf/analyzer.js",
-      "config": "./rules/security/S058_no_ssrf/config.json",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S043_password_changes_invalidate_all_sessions/analyzer.js",
+      "config": "./rules/security/S043_password_changes_invalidate_all_sessions/config.json",
+      "eslintRule": "custom/typescript_s043",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["security", "ssrf", "url-validation", "http-requests"],
-      "engineMappings": {
-        "heuristic": ["./rules/security/S058_no_ssrf/analyzer.js"],
-        "eslint": ["custom/typescript_s058"]
-      }
-    },
-    "C002": {
-      "id": "C002",
-      "name": "Rule C002",
-      "description": "Auto-migrated rule C002 from ESLint mapping",
-      "category": "general",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["custom/no-duplicate-code"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "C003": {
-      "id": "C003",
-      "name": "Rule C003",
-      "description": "Auto-migrated rule C003 from ESLint mapping",
-      "category": "general",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["custom/no-vague-abbreviations"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
+      "tags": [
+        "security",
+        "session",
+        "password"
+      ]
     },
-    "C014": {
-      "name": "Dependency Injection Pattern",
-      "description": "Use Dependency Injection instead of direct instantiation in business logic. Increases testability and reduces coupling.",
-      "category": "design",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/common/C014_dependency_injection/analyzer.js",
-      "config": "./rules/common/C014_dependency_injection/config.json",
+    "S044": {
+      "name": "Re-authentication Required for Sensitive Operations",
+      "description": "Require re-authentication before performing sensitive operations such as password changes, email changes, profile updates, and other critical account modifications. This prevents unauthorized access to sensitive account functions even if a session is compromised.",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S044_re_authentication_required/analyzer.js",
+      "config": "./rules/security/S044_re_authentication_required/config.json",
       "version": "1.0.0",
       "status": "stable",
       "tags": [
-        "design",
-        "dependency-injection",
-        "testability",
-        "coupling",
-        "SOLID"
+        "security",
+        "authentication",
+        "re-authentication",
+        "sensitive-operations",
+        "owasp"
       ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": [],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
-          "ast": 95
-        },
-        "requirements": {
-          "ast": {
-            "semanticEngine": true,
-            "description": "C014 requires symbol-based analysis for accurate dependency injection pattern detection"
-          }
+          "ast": 95,
+          "regex": 85
         }
       },
       "engineMappings": {
-        "eslint": [
-          "no-new",
-          "no-new-wrappers",
-          "@typescript-eslint/no-unnecessary-constructor"
+        "heuristic": [
+          "rules/security/S044_re_authentication_required/analyzer.js"
         ]
       }
     },
-    "C017": {
-      "id": "C017",
-      "name": "Rule C017",
-      "description": "Auto-migrated rule C017 from ESLint mapping",
-      "category": "general",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "./rules/common/C017_constructor_logic/analyzer.js",
-      "config": "./rules/common/C017_constructor_logic/config.json",
+    "S045": {
+      "name": "Brute-force Protection",
+      "description": "Implement protection against brute-force attacks on authentication endpoints. This rule detects missing rate limiting, account lockout mechanisms, and other brute-force protection measures in authentication flows.",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S045_brute_force_protection/analyzer.js",
+      "config": "./rules/security/S045_brute_force_protection/config.json",
       "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["custom/limit-constructor-logic"]
-      },
+      "status": "stable",
+      "tags": [
+        "security",
+        "authentication",
+        "brute-force",
+        "rate-limiting",
+        "owasp"
+      ],
       "strategy": {
-        "preferred": "semantic",
-        "fallbacks": ["semantic", "ast", "regex"],
+        "preferred": "heuristic",
+        "fallbacks": [
+          "heuristic"
+        ],
         "accuracy": {
-          "semantic": 95,
-          "ast": 85,
-          "regex": 70
+          "heuristic": 95
         }
-      }
-    },
-    "C030": {
-      "id": "C030",
-      "name": "Rule C030",
-      "description": "Auto-migrated rule C030 from ESLint mapping",
-      "category": "general",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["custom/use-custom-error-classes"]
       },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "C042": {
-      "id": "C042",
-      "name": "Rule C042",
-      "description": "Auto-migrated rule C042 from ESLint mapping",
-      "category": "general",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
       "engineMappings": {
-        "eslint": ["custom/boolean-name-prefix"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
+        "heuristic": "rules/security/S045_brute_force_protection/analyzer.js"
       }
     },
-    "C047": {
-      "id": "C047",
-      "name": "Rule C047",
-      "description": "Auto-migrated rule C047 from ESLint mapping",
-      "category": "general",
+    "S046": {
+      "name": "Secure Notification on Auth Change",
+      "description": "Require secure notification on authentication changes",
+      "category": "security",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s046",
       "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["custom/no-duplicate-retry-logic"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "C048": {
-      "name": "Do not bypass architectural layers (controller/service/repository)",
-      "description": "Maintain a clear layered architecture, ensuring logic and data flow are well-structured and maintainable.",
-      "category": "naming",
-      "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
-      "analyzer": "./rules/common/C048_no_bypass_architectural_layers/analyzer.js",
-      "config": "./rules/common/C048_no_bypass_architectural_layers/config.json",
+      "status": "stable",
+      "tags": [
+        "security",
+        "notification",
+        "authentication"
+      ]
+    },
+    "S047": {
+      "name": "Secure Random Password Generation",
+      "description": "Require secure and random initial password generation",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s047",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["naming", "domain", "readability"],
-      "engineMappings": {
-        "eslint": ["@typescript-eslint/naming-convention", "camelcase"]
-      }
+      "tags": [
+        "security",
+        "password",
+        "random"
+      ]
     },
-    "C052": {
-      "name": "Parsing or data transformation logic must be separated from controllers",
-      "description": "Enforce separation of concerns — controllers should only handle requests and delegate processing, improving testability, maintainability, and reuse.",
-      "category": "naming",
-      "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
-      "analyzer": "./rules/common/C052_parsing_or_data_transformation/analyzer.js",
-      "config": "./rules/common/C052_parsing_or_data_transformation/config.json",
+    "S048": {
+      "name": "Password Credential Recovery",
+      "description": "Secure password credential recovery process",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s048",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["naming", "domain", "readability"],
-      "engineMappings": {
-        "eslint": ["@typescript-eslint/naming-convention", "camelcase"]
-      }
+      "tags": [
+        "security",
+        "password",
+        "recovery"
+      ]
     },
-    "C067": {
-      "name": "No Hardcoded Configuration",
-      "description": "Improve configurability, reduce risk when changing environments, and make configuration management flexible and maintainable.",
-      "category": "configuration",
-      "severity": "warning",
-      "languages": ["typescript", "javascript", "dart", "kotlin"],
-      "analyzer": "./rules/common/C067_no_hardcoded_config/analyzer.js",
-      "config": "./rules/common/C067_no_hardcoded_config/config.json",
+    "S049": {
+      "name": "Authentication tokens should have short validity periods",
+      "description": "Authentication tokens (JWT, session tokens, etc.) should have appropriately short validity periods to minimize the risk of token compromise. Long-lived tokens increase the attack surface and potential impact of token theft.",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S049_short_validity_tokens/analyzer.js",
+      "config": "./rules/security/S049_short_validity_tokens/config.json",
       "version": "1.0.0",
       "status": "stable",
       "tags": [
-        "configuration",
-        "hardcode",
-        "environment",
-        "maintainability",
-        "security"
+        "security",
+        "authentication",
+        "tokens",
+        "jwt",
+        "session",
+        "owasp"
       ],
       "strategy": {
         "preferred": "ast",
-        "fallbacks": ["ast"],
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
-          "ast": 90
+          "ast": 90,
+          "regex": 75
         }
       },
       "engineMappings": {
-        "heuristic": ["rules/common/C067_no_hardcoded_config/analyzer.js"]
+        "heuristic": [
+          "rules/security/S049_short_validity_tokens/analyzer.js"
+        ]
       }
     },
-    "C070": {
-      "name": "No Real Time Tests",
-      "description": "Tests should not depend on real time delays or sleeps. Use fake timers, clock injection, or condition-based waits to improve test reliability and speed.",
-      "category": "testing",
+    "S050": {
+      "name": "Session Token Weak Hash",
+      "description": "Prevent weak hashing for session tokens",
+      "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
-      "analyzer": "../rules/common/C070_no_real_time_tests/regex-analyzer.js",
-      "config": "../rules/common/C070_no_real_time_tests/config.json",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "eslint",
+      "eslintRule": "custom/typescript_s050",
       "version": "1.0.0",
       "status": "stable",
       "tags": [
-        "testing",
-        "flaky-tests",
-        "timing",
-        "fake-timers",
-        "reliability"
+        "security",
+        "session",
+        "hashing"
+      ]
+    },
+    "S051": {
+      "name": "Password length policy enforcement (12-64 chars recommended, reject >128)",
+      "description": "Enforce strong password length policies with multi-signal detection. Prevent weak validators, missing limits, and FE/BE mismatches.",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S051_password_length_policy/analyzer.js",
+      "config": "./rules/security/S051_password_length_policy/config.json",
+      "eslintRule": "custom/typescript_s051",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "password",
+        "validation",
+        "length",
+        "policy"
       ],
-      "strategy": {
-        "preferred": "ast",
-        "fallbacks": ["regex"],
-        "accuracy": {
-          "ast": 95,
-          "regex": 88
-        }
-      },
       "engineMappings": {
+        "eslint": [
+          "custom/typescript_s051"
+        ],
         "heuristic": [
-          "../rules/common/C070_no_real_time_tests/regex-analyzer.js"
+          "./rules/security/S051_password_length_policy/analyzer.js"
         ]
       }
     },
-    "C072": {
-      "id": "C072",
-      "name": "Single Test Behavior",
-      "description": "Each test should assert only one behavior",
-      "category": "testing",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
+    "S052": {
+      "name": "OTP must have ≥20-bit entropy (≥6 digits) and use CSPRNG",
+      "description": "Prevent guessable OTP by enforcing CSPRNG and minimal entropy. Ban non-crypto RNG and too-short codes.",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S052_weak_otp_entropy/analyzer.js",
+      "config": "./rules/security/S052_weak_otp_entropy/config.json",
+      "eslintRule": "custom/typescript_s052",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["testing", "unit-test", "single-behavior"],
-      "engineMappings": {
-        "eslint": ["custom/c072-one-assert-per-test"],
-        "heuristic": ["rules/common/C072_single_test_behavior/analyzer.js"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
+      "tags": [
+        "security",
+        "otp",
+        "entropy",
+        "csprng"
+      ],
+      "engines": {
+        "eslint": [
+          "custom/typescript_s052"
+        ],
+        "heuristic": [
+          "./rules/security/S052_weak_otp_entropy/analyzer.js"
+        ]
       }
     },
-    "C073": {
-      "id": "C073",
-      "name": "Validate Required Configuration on Startup",
-      "description": "C073 - Validate mandatory configuration at startup and fail fast on invalid/missing values",
-      "category": "configuration",
+    "S054": {
+      "name": "Disallow Default/Built-in Accounts (admin/root/sa/...)",
+      "description": "Prevent use of default or shared accounts. Enforce per-user identities, initial password change, and disabling well-known built-ins.",
+      "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript", "java", "go"],
+      "languages": [
+        "typescript",
+        "javascript",
+        "sql",
+        "terraform",
+        "yaml",
+        "dockerfile",
+        "all"
+      ],
+      "analyzer": "./rules/security/S054_no_default_accounts/analyzer.js",
+      "config": "./rules/security/S054_no_default_accounts/config.json",
+      "eslintRule": "custom/typescript_s054",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["configuration", "validation", "startup", "fail-fast"],
-      "engineMappings": {
-        "heuristic": [
-          "rules/common/C073_validate_required_config_on_startup/analyzer.js"
+      "tags": [
+        "security",
+        "accounts",
+        "default",
+        "authentication",
+        "authorization"
+      ],
+      "engines": {
+        "eslint": [
+          "custom/typescript_s054"
         ],
-        "semantic": [
-          "rules/common/C073_validate_required_config_on_startup/symbol-based-analyzer.js"
+        "heuristic": [
+          "./rules/security/S054_no_default_accounts/analyzer.js"
         ]
-      },
+      }
+    },
+    "S055": {
+      "name": "REST Content-Type Verification",
+      "description": "Verify incoming Content-Type in REST API endpoints",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S055_content_type_validation/analyzer.js",
+      "config": "./rules/security/S055_content_type_validation/config.json",
+      "eslintRule": "custom/typescript_s055",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "rest",
+        "content-type"
+      ]
+    },
+    "S056": {
+      "name": "Protect against Log Injection attacks",
+      "description": "Protect against Log Injection attacks. Log injection occurs when user-controlled data is written to log files without proper sanitization, potentially allowing attackers to manipulate log entries, inject malicious content, or exploit log processing systems.",
+      "category": "security",
+      "severity": "error",
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S056_log_injection_protection/analyzer.js",
+      "config": "./rules/security/S056_log_injection_protection/config.json",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": [
+        "security",
+        "logging",
+        "injection",
+        "owasp",
+        "crlf"
+      ],
       "strategy": {
-        "preferred": "semantic",
-        "fallbacks": ["heuristic"],
+        "preferred": "ast",
+        "fallbacks": [
+          "ast",
+          "regex"
+        ],
         "accuracy": {
-          "semantic": 0.9,
-          "heuristic": 0.7
+          "ast": 95,
+          "regex": 85
         }
+      },
+      "engineMappings": {
+        "heuristic": [
+          "rules/security/S056_log_injection_protection/analyzer.js"
+        ]
       }
     },
-    "C075": {
-      "id": "C075",
-      "name": "Rule C075",
-      "description": "Auto-migrated rule C075 from ESLint mapping",
-      "category": "general",
+    "S057": {
+      "name": "Log with UTC Timestamps",
+      "description": "Ensure all logs use synchronized UTC time with ISO 8601/RFC3339 format to avoid timezone discrepancies across systems",
+      "category": "security",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S057_utc_logging/analyzer.js",
+      "config": "./rules/security/S057_utc_logging/config.json",
       "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
+      "status": "stable",
+      "tags": [
+        "security",
+        "logging",
+        "timezone",
+        "utc"
+      ],
       "engineMappings": {
-        "eslint": ["custom/explicit-function-return-types"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
+        "eslint": [
+          "custom/typescript_s057"
+        ],
+        "heuristic": [
+          "./rules/security/S057_utc_logging/analyzer.js"
+        ]
       }
     },
-    "C076": {
-      "id": "C076",
-      "name": "Explicit Function Argument Types",
-      "description": "All public functions must declare explicit types for arguments",
-      "category": "type-safety",
+    "S058": {
+      "name": "No SSRF (Server-Side Request Forgery)",
+      "description": "Prevent SSRF attacks by validating URLs from user input before making HTTP requests",
+      "category": "security",
       "severity": "error",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
+      "analyzer": "./rules/security/S058_no_ssrf/analyzer.js",
+      "config": "./rules/security/S058_no_ssrf/config.json",
       "version": "1.0.0",
       "status": "stable",
-      "tags": ["type-safety", "public-api", "explicit-types"],
+      "tags": [
+        "security",
+        "ssrf",
+        "url-validation",
+        "http-requests"
+      ],
       "engineMappings": {
         "heuristic": [
-          "rules/common/C076_explicit_function_types/semantic-analyzer.js"
+          "./rules/security/S058_no_ssrf/analyzer.js"
+        ],
+        "eslint": [
+          "custom/typescript_s058"
         ]
-      },
-      "strategy": {
-        "preferred": "symbol",
-        "fallbacks": ["symbol"],
-        "accuracy": {}
       }
     },
     "T002": {
@@ -1881,16 +3167,25 @@
       "description": "Auto-migrated rule T002 from ESLint mapping",
       "category": "typescript",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
       "status": "migrated",
-      "tags": ["migrated"],
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["custom/interface-prefix-i"]
+        "eslint": [
+          "custom/interface-prefix-i"
+        ]
       },
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {}
       }
     },
@@ -1900,16 +3195,25 @@
       "description": "Auto-migrated rule T003 from ESLint mapping",
       "category": "typescript",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
       "status": "migrated",
-      "tags": ["migrated"],
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["custom/ts-ignore-reason"]
+        "eslint": [
+          "custom/ts-ignore-reason"
+        ]
       },
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {}
       }
     },
@@ -1919,16 +3223,25 @@
       "description": "Auto-migrated rule T004 from ESLint mapping",
       "category": "typescript",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
       "status": "migrated",
-      "tags": ["migrated"],
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["custom/no-empty-type"]
+        "eslint": [
+          "custom/no-empty-type"
+        ]
       },
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {}
       }
     },
@@ -1938,16 +3251,25 @@
       "description": "Auto-migrated rule T007 from ESLint mapping",
       "category": "typescript",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
       "status": "migrated",
-      "tags": ["migrated"],
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["custom/no-fn-in-constructor"]
+        "eslint": [
+          "custom/no-fn-in-constructor"
+        ]
       },
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {}
       }
     },
@@ -1957,16 +3279,25 @@
       "description": "Auto-migrated rule T010 from ESLint mapping",
       "category": "typescript",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
       "status": "migrated",
-      "tags": ["migrated"],
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["custom/no-nested-union-tuple"]
+        "eslint": [
+          "custom/no-nested-union-tuple"
+        ]
       },
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {}
       }
     },
@@ -1976,16 +3307,25 @@
       "description": "Auto-migrated rule T019 from ESLint mapping",
       "category": "typescript",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
       "status": "migrated",
-      "tags": ["migrated"],
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["custom/no-this-assign"]
+        "eslint": [
+          "custom/no-this-assign"
+        ]
       },
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {}
       }
     },
@@ -1995,16 +3335,25 @@
       "description": "Auto-migrated rule T020 from ESLint mapping",
       "category": "typescript",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
       "status": "migrated",
-      "tags": ["migrated"],
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
-        "eslint": ["custom/no-default-multi-export"]
+        "eslint": [
+          "custom/no-default-multi-export"
+        ]
       },
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {}
       }
     },
@@ -2014,415 +3363,27 @@
       "description": "Auto-migrated rule T021 from ESLint mapping",
       "category": "typescript",
       "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["custom/limit-nested-generics"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "R001": {
-      "id": "R001",
-      "name": "Rule R001",
-      "description": "Auto-migrated rule R001 from ESLint mapping",
-      "category": "react",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": [
-          "react/no-this-in-sfc",
-          "no-param-reassign",
-          "react/function-component-definition",
-          "react/forbid-component-props"
-        ]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "R002": {
-      "id": "R002",
-      "name": "Rule R002",
-      "description": "Auto-migrated rule R002 from ESLint mapping",
-      "category": "react",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": [
-          "react-hooks/rules-of-hooks",
-          "react-hooks/exhaustive-deps",
-          "react/no-did-mount-set-state",
-          "react/no-did-update-set-state"
-        ]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "R003": {
-      "id": "R003",
-      "name": "Rule R003",
-      "description": "Auto-migrated rule R003 from ESLint mapping",
-      "category": "react",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": [
-          "react/no-direct-mutation-state",
-          "react/jsx-no-constructed-context-values",
-          "react/forbid-dom-props"
-        ]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "R004": {
-      "id": "R004",
-      "name": "Rule R004",
-      "description": "Auto-migrated rule R004 from ESLint mapping",
-      "category": "react",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["no-param-reassign", "react/forbid-foreign-prop-types"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "R005": {
-      "id": "R005",
-      "name": "Rule R005",
-      "description": "Auto-migrated rule R005 from ESLint mapping",
-      "category": "react",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["react/jsx-no-bind"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "R006": {
-      "id": "R006",
-      "name": "Rule R006",
-      "description": "Auto-migrated rule R006 from ESLint mapping",
-      "category": "react",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
+      "languages": [
+        "typescript",
+        "javascript"
+      ],
       "version": "1.0.0",
       "status": "migrated",
-      "tags": ["migrated"],
+      "tags": [
+        "migrated"
+      ],
       "engineMappings": {
         "eslint": [
-          "react/jsx-pascal-case",
-          "react/jsx-uses-react",
-          "react/jsx-uses-vars"
+          "custom/limit-nested-generics"
         ]
       },
       "strategy": {
         "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "R007": {
-      "id": "R007",
-      "name": "Rule R007",
-      "description": "Auto-migrated rule R007 from ESLint mapping",
-      "category": "react",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["react-hooks/rules-of-hooks"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "R008": {
-      "id": "R008",
-      "name": "Rule R008",
-      "description": "Auto-migrated rule R008 from ESLint mapping",
-      "category": "react",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["react-hooks/rules-of-hooks"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
-        "accuracy": {}
-      }
-    },
-    "R009": {
-      "id": "R009",
-      "name": "Rule R009",
-      "description": "Auto-migrated rule R009 from ESLint mapping",
-      "category": "react",
-      "severity": "warning",
-      "languages": ["typescript", "javascript"],
-      "version": "1.0.0",
-      "status": "migrated",
-      "tags": ["migrated"],
-      "engineMappings": {
-        "eslint": ["react-hooks/rules-of-hooks"]
-      },
-      "strategy": {
-        "preferred": "regex",
-        "fallbacks": ["regex"],
+        "fallbacks": [
+          "regex"
+        ],
         "accuracy": {}
       }
     }
-  },
-  "categories": {
-    "quality": {
-      "name": "Code Quality",
-      "description": "Rules for code quality improvement",
-      "rules": [
-        "C002",
-        "C003",
-        "C006",
-        "C010",
-        "C013",
-        "C014",
-        "C017",
-        "C018",
-        "C023",
-        "C024",
-        "C029",
-        "C030",
-        "C035",
-        "C041",
-        "C042",
-        "C043",
-        "C047",
-        "C048",
-        "C052",
-        "C065",
-        "C072",
-        "C073",
-        "C075",
-        "T002",
-        "T003",
-        "T004",
-        "T007",
-        "T010",
-        "T019",
-        "T020",
-        "T021",
-        "R001",
-        "R002",
-        "R003",
-        "R004",
-        "R005",
-        "R006"
-      ],
-      "severity": "warning"
-    },
-    "security": {
-      "name": "Security",
-      "description": "Rules for security best practices",
-      "rules": [
-        "S001",
-        "S002",
-        "S003",
-        "S005",
-        "S006",
-        "S007",
-        "S008",
-        "S009",
-        "S010",
-        "S011",
-        "S012",
-        "S013",
-        "S014",
-        "S015",
-        "S016",
-        "S017",
-        "S018",
-        "S019",
-        "S020",
-        "S022",
-        "S023",
-        "S024",
-        "S025",
-        "S026",
-        "S027",
-        "S029",
-        "S030",
-        "S031",
-        "S032",
-        "S033",
-        "S034",
-        "S035",
-        "S036",
-        "S037",
-        "S038",
-        "S039",
-        "S041",
-        "S042",
-        "S043",
-        "S044",
-        "S045",
-        "S046",
-        "S047",
-        "S048",
-        "S050",
-        "S051",
-        "S052",
-        "S054",
-        "S055",
-        "S056",
-        "S057",
-        "S058"
-      ],
-      "severity": "error"
-    },
-    "logging": {
-      "name": "Logging Standards",
-      "description": "Rules related to logging practices",
-      "rules": ["C019", "S057"],
-      "severity": "warning"
-    },
-    "naming": {
-      "name": "Naming Conventions",
-      "description": "Rules for consistent naming patterns",
-      "rules": ["C006"],
-      "severity": "warning"
-    },
-    "design": {
-      "name": "Design Principles",
-      "description": "Rules for software design best practices",
-      "rules": ["C006"],
-      "severity": "warning"
-    },
-    "validation": {
-      "name": "Data Validation",
-      "description": "Rules for proper data validation practices",
-      "rules": ["C031", "S018", "S025", "S026"],
-      "severity": "error"
-    },
-    "architecture": {
-      "name": "Architecture Guidelines",
-      "description": "Rules for system architecture best practices",
-      "rules": ["C014", "C033"],
-      "severity": "error"
-    }
-  },
-  "presets": {
-    "recommended": {
-      "name": "Recommended Rules",
-      "description": "Essential rules for code quality",
-      "rules": {
-        "C019": "warning",
-        "C006": "warning",
-        "C029": "error",
-        "C031": "error"
-      }
-    },
-    "strict": {
-      "name": "Strict Rules",
-      "description": "All rules with maximum enforcement",
-      "rules": {
-        "C019": "error",
-        "C006": "error",
-        "C029": "error",
-        "C031": "error"
-      }
-    },
-    "beginner": {
-      "name": "Beginner Friendly",
-      "description": "Basic rules for learning",
-      "rules": {
-        "C019": "info",
-        "C006": "warning",
-        "C029": "warning"
-      }
-    }
-  },
-  "languages": {
-    "typescript": {
-      "extensions": [".ts", ".tsx"],
-      "analyzer": "ast",
-      "parser": "@typescript-eslint/parser"
-    },
-    "javascript": {
-      "extensions": [".js", ".jsx"],
-      "analyzer": "ast",
-      "parser": "@typescript-eslint/parser"
-    },
-    "dart": {
-      "extensions": [".dart"],
-      "analyzer": "pattern",
-      "parser": "regex"
-    },
-    "kotlin": {
-      "extensions": [".kt", ".kts"],
-      "analyzer": "ast",
-      "parser": "kotlin-parser"
-    }
-  },
-  "metadata": {
-    "version": "1.1.7",
-    "lastUpdated": "2025-08-25",
-    "totalRules": 98,
-    "qualityRules": 33,
-    "securityRules": 51,
-    "stableRules": 45,
-    "experimentalRules": 1,
-    "supportedLanguages": 4,
-    "features": [
-      "Security rules integration",
-      "Category-based rule filtering",
-      "Dynamic rule configuration",
-      "ESLint 9.x integration",
-      "React rules integration",
-      "Memory leak fixes",
-      "S032 HttpOnly session cookies"
-    ],
-    "consolidatedFrom": "/Users/bach.ngoc.hoai/Docs/ee/coding-quality/extensions/sunlint/config/rules/rules-registry.json"
   }
 }