npm - @sun-asterisk/sunlint - Versions diffs - 1.3.40 → 1.3.41 - Mend

@sun-asterisk/sunlint 1.3.40 → 1.3.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/core/rule-selection-service.js CHANGED Viewed

@@ -126,6 +126,17 @@ class RuleSelectionService {
       }
     }
+    // Filter out disabled rules from config (rules set to 'off', false, or 0)
+    const disabledRules = new Set(
+      Object.entries(allRules)
+        .filter(([, value]) => value === 'off' || value === false || value === 0)
+        .map(([ruleId]) => ruleId)
+    );
+    if (disabledRules.size > 0) {
+      selectedRules = selectedRules.filter(ruleId => !disabledRules.has(ruleId));
+    }
     // Convert to rule objects
     return selectedRules.map(ruleId => {
       const adapterRule = this.ruleAdapter.getRuleById(ruleId);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.3.40",
+  "version": "1.3.41",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {

package/skill-assets/sunlint-code-quality/rules/go/C006-verb-noun-functions.md ADDED Viewed

@@ -0,0 +1,45 @@
+---
+title: Function Names Verb-Noun
+impact: LOW
+impactDescription: makes code self-documenting
+tags: naming, functions, readability, conventions, quality
+---
+## Function Names Verb-Noun
+Functions do things. Action verbs make purpose clear.
+**Incorrect (vague names):**
+```go
+func user() { }           // Noun only
+func userData() { }       // Noun only
+func doSomething() { }    // Vague
+func handleStuff() { }    // Vague
+func manager() { }        // Noun only
+```
+**Correct (action verbs):**
+```go
+func GetUser() { }
+func CreateUserAccount() { }
+func ValidateEmailFormat() { }
+func CalculateTotalPrice() { }
+func SendConfirmationEmail() { }
+func ConvertCurrencyToUSD() { }
+```
+**Verb categories:**
+| Category | Verbs |
+|----------|-------|
+| Retrieval | `Get`, `Fetch`, `Find`, `Load`, `Query` |
+| Creation | `Create`, `Build`, `Make`, `Generate` |
+| Modification | `Set`, `Update`, `Modify`, `Change` |
+| Deletion | `Delete`, `Remove`, `Destroy`, `Clear` |
+| Validation | `Validate`, `Verify`, `Check`, `Ensure` |
+| Computation | `Calculate`, `Compute`, `Parse`, `Format` |
+| Boolean | `Is`, `Has`, `Can`, `Should`, `Will` |
+**Tools:** PR review, GolangCI-Lint

package/skill-assets/sunlint-code-quality/rules/go/C013-no-dead-code.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+title: Do Not Use Dead Code
+impact: LOW
+impactDescription: reduces codebase noise and maintenance burden
+tags: dead-code, cleanup, maintenance, quality
+---
+## Do Not Use Dead Code
+Dead code confuses readers and increases cognitive load. Git history preserves deleted code.
+**Incorrect (keeping dead code):**
+```go
+func ProcessOrder(order *Order) float64 {
+	// Old implementation - keeping for reference
+	// total := 0.0
+	// for _, item := range order.Items {
+	// 	total += item.Price * float64(item.Quantity)
+	// }
+	// return total
+	total := calculateTotal(order)
+	return total
+}
+// Unused function - someone might need it later
+func legacyCalculation() { }
+```
+**Correct (clean code):**
+```go
+func ProcessOrder(order *Order) float64 {
+	return calculateTotal(order)
+}
+// Delete unused functions - git history preserves them
+// Delete commented code - git history preserves it
+```
+**Types of dead code:**
+- Commented-out code
+- Unused functions/structs/methods
+- Unreachable code
+- Unused variables (Go compiler will error on these locally, but they may exist in long-lived branches)
+**Tools:** gofmt, govet, staticcheck, GolangCI-Lint

package/skill-assets/sunlint-code-quality/rules/go/C014-dependency-injection.md ADDED Viewed

@@ -0,0 +1,85 @@
+---
+title: Use Dependency Injection
+impact: HIGH
+impactDescription: enables testability and loose coupling
+tags: dependency-injection, testing, coupling, architecture, quality
+---
+## Use Dependency Injection
+Direct instantiation creates tight coupling, making testing difficult and changes risky. DI enables mockability, replaceability, and testability.
+**Incorrect (hardcoded dependencies):**
+```go
+type OrderService struct {
+	db     *PostgresDatabase
+	mailer *SendGridMailer
+}
+func NewOrderService() *OrderService {
+	return &OrderService{
+		db:     NewPostgresDatabase(), // Hardcoded dependency
+		mailer: NewSendGridMailer(),   // Hardcoded dependency
+	}
+}
+func (s *OrderService) CreateOrder(data OrderData) error {
+	order, err := s.db.Insert("orders", data)
+	if err != nil {
+		return err
+	}
+	return s.mailer.Send(data.Email, "Order created")
+}
+```
+**Correct (injected dependencies via interfaces):**
+```go
+type Database interface {
+	Insert(table string, data any) (any, error)
+}
+type Mailer interface {
+	Send(to string, message string) error
+}
+type OrderService struct {
+	db     Database
+	mailer Mailer
+}
+func NewOrderService(db Database, mailer Mailer) *OrderService {
+	return &OrderService{
+		db:     db,
+		mailer: mailer,
+	}
+}
+func (s *OrderService) CreateOrder(data OrderData) error {
+	order, err := s.db.Insert("orders", data)
+	if err != nil {
+		return err
+	}
+	return s.mailer.Send(data.Email, "Order created")
+}
+// Usage
+service := NewOrderService(
+	NewPostgresDatabase(connString),
+	NewSendGridMailer(apiKey),
+)
+// Testing
+mockDb := new(MockDatabase)
+mockMailer := new(MockMailer)
+testService := NewOrderService(mockDb, mockMailer)
+```
+**Benefits:**
+- Easy mocking for unit tests
+- Swappable implementations
+- Clear dependencies visible in constructor/factory
+- Supports interface-based design (accept interfaces, return structs)
+**Tools:** GolangCI-Lint, Manual review

package/skill-assets/sunlint-code-quality/rules/go/C017-no-constructor-logic.md ADDED Viewed

@@ -0,0 +1,67 @@
+---
+title: No Business Logic In Factory Functions
+impact: HIGH
+impactDescription: ensures predictable object initialization
+tags: factory, initialization, side-effects, patterns, quality
+---
+## No Business Logic In Factory Functions
+Factory functions (e.g., `NewService`) should only initialize state. Side effects in factory functions are unexpected and make testing difficult.
+**Incorrect (logic in factory function):**
+```go
+type UserService struct {
+	config Config
+}
+func NewUserService(configPath string) (*UserService, error) {
+	// BAD: Reading files in factory function
+	rawConfig, err := os.ReadFile(configPath)
+	if err != nil {
+		return nil, err
+	}
+	var config Config
+	json.Unmarshal(rawConfig, &config)
+	// BAD: Network calls/API initialization here
+	resp, _ := http.Get("https://api.example.com/init")
+	// BAD: Logging/side effects
+	log.Println("UserService initialized")
+	return &UserService{config: config}, nil
+}
+```
+**Correct (clear separation):**
+```go
+type UserService struct {
+	config     Config
+	httpClient *http.Client
+}
+func NewUserService(config Config, httpClient *http.Client) *UserService {
+	// Only assignment - no side effects
+	return &UserService{
+		config:     config,
+		httpClient: httpClient,
+	}
+}
+// Service initialization in main or a dedicated bootstrapper
+func InitializeApp() {
+	rawConfig, _ := os.ReadFile("./config.json")
+	var config Config
+	json.Unmarshal(rawConfig, &config)
+	httpClient := &http.Client{Timeout: 10 * time.Second}
+	service := NewUserService(config, httpClient)
+	log.Println("UserService ready")
+}
+```
+**Tools:** PR review, Manual review

package/skill-assets/sunlint-code-quality/rules/go/C018-generic-errors.md ADDED Viewed

@@ -0,0 +1,63 @@
+---
+title: Do Not Return Generic Errors
+impact: HIGH
+impactDescription: enables proper error handling and monitoring
+tags: error-handling, custom-errors, debugging, quality
+---
+## Do Not Return Generic Errors
+Generic errors (like `errors.New("error")`) lack context needed for debugging. They make it impossible to distinguish between error types for proper handling.
+**Incorrect (generic errors):**
+```go
+if user == nil {
+	return errors.New("error")
+}
+if !isValid {
+	return fmt.Errorf("invalid")
+}
+```
+**Correct (specific custom errors or sentinel errors):**
+```go
+// Sentinel errors for simple checks
+var ErrUserNotFound = errors.New("user not found")
+func (s *Service) GetUser(id string) (*User, error) {
+	if user == nil {
+		return nil, fmt.Errorf("%w: user with ID %s not found", ErrUserNotFound, id)
+	}
+	return user, nil
+}
+// Custom error types for complex context
+type ValidationError struct {
+	Field   string
+	Message string
+	Value   any
+}
+func (e *ValidationError) Error() string {
+	return fmt.Sprintf("validation failed on %s: %s", e.Field, e.Message)
+}
+if !isValid {
+	return &ValidationError{
+		Field:   "email",
+		Message: "invalid format",
+		Value:   email,
+	}
+}
+```
+Custom errors should include:
+- Descriptive message with context (use `%w` for wrapping)
+- Error codes or types for programmatic handling (using `errors.Is` or `errors.As`)
+- Relevant data for debugging
+- Appropriate mapping to status codes in the transport layer (e.g., HTTP 404)
+**Tools:** GolangCI-Lint (errname, goerr113), Manual review

package/skill-assets/sunlint-code-quality/rules/go/C019-error-log-level.md ADDED Viewed

@@ -0,0 +1,50 @@
+---
+title: Do Not Use Error Log For Non-critical
+impact: HIGH
+impactDescription: prevents alert fatigue and log noise
+tags: logging, log-levels, error, observability, quality
+---
+## Do Not Use Error Log For Non-critical
+Incorrect log levels cause alert fatigue and hide real issues. When everything is an "error", nothing is.
+**Incorrect (overusing error level):**
+```go
+// NOT an error - expected business case
+slog.Error("User entered wrong password")
+// NOT an error - validation failure
+slog.Error("Email format invalid")
+// NOT an error - temporary network issue
+slog.Error("Retry attempt 2 of 5")
+```
+**Correct (appropriate log levels using slog):**
+```go
+// WARN - recoverable, may need attention
+slog.Warn("Payment retry attempt", "attempt", 2, "max_attempts", 5)
+// INFO - normal business events
+slog.Info("Login failed - invalid password", "user_id", userID, "attempts", 3)
+// DEBUG - detailed troubleshooting
+slog.Debug("Validation failed", "field", "email", "value", maskedEmail)
+// ERROR - only for actual system failures
+slog.Error("Database connection lost", "host", dbHost, "error", err)
+```
+**Log Level Guide:**
+| Level | Use For |
+|-------|---------|
+| ERROR | System failures, crashes, unrecoverable |
+| WARN  | Potential issues, degraded performance |
+| INFO  | Business events, state changes |
+| DEBUG | Detailed troubleshooting |
+**Tools:** Log linter, Custom rule, `slog` (standard library)

package/skill-assets/sunlint-code-quality/rules/go/C020-no-unused-imports.md ADDED Viewed

@@ -0,0 +1,45 @@
+---
+title: No Unused Imports
+impact: LOW
+impactDescription: reduces codebase noise and compilation time
+tags: imports, cleanup, maintenance, quality
+---
+## No Unused Imports
+Unused imports increase binary size and slow down compilation. Go compiler strictly enforces this at compile time.
+**Incorrect (unused imports):**
+```go
+package main
+import (
+	"fmt"
+	"os"     // UNUSED
+	"time"   // UNUSED
+)
+func main() {
+	fmt.Println("Hello")
+}
+```
+**Correct (clean imports):**
+```go
+package main
+import (
+	"fmt"
+)
+func main() {
+	fmt.Println("Hello")
+}
+// Side-effect only imports use the blank identifier
+import _ "net/http/pprof"
+```
+**Tools:** `goimports`, `golines`, Go Compiler (enforced)

package/skill-assets/sunlint-code-quality/rules/go/C022-no-unused-variables.md ADDED Viewed

@@ -0,0 +1,34 @@
+---
+title: No Unused Variables
+impact: LOW
+impactDescription: reduces codebase noise and potential bugs
+tags: variables, cleanup, quality
+---
+## No Unused Variables
+Unused variables clutter the code and often indicate a bug (missing logic). Go compiler strictly enforces this for local variables.
+**Incorrect (unused variables):**
+```go
+func Calculate(a, b int) int {
+	result := a + b
+	temp := result * 2 // UNUSED
+	return result
+}
+```
+**Correct (clean code):**
+```go
+func Calculate(a, b int) int {
+	return a + b
+}
+// If a variable is needed for its side effect but the value is not, use _
+_, err := os.Open("file.txt")
+```
+**Tools:** Go Compiler, `go vet`, GolangCI-Lint (unused)

package/skill-assets/sunlint-code-quality/rules/go/C023-no-duplicate-names.md ADDED Viewed

@@ -0,0 +1,41 @@
+---
+title: No Variable Shadowing
+impact: HIGH
+impactDescription: prevents subtle bugs where inner variables hide outer ones
+tags: variables, shadowing, scope, quality
+---
+## No Variable Shadowing
+Variable shadowing occurs when a variable declared within a certain scope has the same name as a variable in an outer scope. This can lead to subtle and hard-to-debug logic errors.
+**Incorrect (shadowed variables):**
+```go
+func processItems(items []string) {
+    user := "admin"
+    for _, item := range items {
+        user := findUser(item) // Shadowing outer 'user' with :=
+        fmt.Println("Processing for user:", user)
+    }
+    // Outer 'user' is still "admin", which might be unexpected if the loop
+    // was intended to update it.
+}
+```
+**Correct (unique names or explicit assignment):**
+```go
+func processItems(items []string) {
+    globalUser := "admin"
+    for _, item := range items {
+        currentUser := findUser(item)
+        fmt.Println("Processing for user:", currentUser)
+    }
+}
+```
+**Tools:** `go vet -shadow`, GolangCI-Lint (shadow)

package/skill-assets/sunlint-code-quality/rules/go/C024-centralize-constants.md ADDED Viewed

@@ -0,0 +1,55 @@
+---
+title: Centralize Constants
+impact: HIGH
+impactDescription: makes values easy to find and update
+tags: constants, magic-numbers, configuration, quality
+---
+## Centralize Constants
+Magic numbers or strings scattered throughout the code are hard to find and update. Centralizing them improves maintainability.
+**Incorrect (magic numbers/strings):**
+```go
+func ValidateUser(password string) bool {
+	if len(password) < 8 {
+		return false
+	}
+	return true
+}
+func (s *Service) Retry() {
+	for i := 0; i < 3; i++ {
+		// retry logic
+	}
+}
+```
+**Correct (centralized constants):**
+```go
+package constants
+const (
+	MaxRetryAttempts   = 3
+	MinPasswordLength  = 8
+	DefaultTimeoutSecs = 30
+)
+const (
+	StatusPending = iota
+	StatusApproved
+	StatusCancelled
+)
+// Usage
+if len(password) < constants.MinPasswordLength { ... }
+```
+**Benefits:**
+- Single source of truth
+- Self-documenting
+- Easy to update across the entire codebase
+**Tools:** GolangCI-Lint (gocritic, gomnd), Code Review

package/skill-assets/sunlint-code-quality/rules/go/C029-catch-log-root-cause.md ADDED Viewed

@@ -0,0 +1,56 @@
+---
+title: All Error Handling Must Log Root Cause
+impact: HIGH
+impactDescription: enables debugging and incident response
+tags: error-handling, logging, debugging, observability, quality
+---
+## All Error Handling Must Log Root Cause
+Silent failures make debugging impossible. Without proper logging, you cannot trace issues in production.
+**Incorrect (silent or minimal logging):**
+```go
+func processPayment(order order.Order) {
+    err := paymentGateway.Charge(order)
+    if err != nil {
+        // Silent failure!
+        return
+    }
+}
+func saveUser(user *User) error {
+    if err := db.Save(user); err != nil {
+        return nil // No logging, no context
+    }
+    return nil
+}
+```
+**Correct (comprehensive error logging/wrapping):**
+```go
+func processPayment(ctx context.Context, order order.Order) error {
+    if err := paymentGateway.Charge(order); err != nil {
+        slog.Error("payment processing failed",
+            "order_id", order.ID,
+            "user_id", order.UserID,
+            "amount", order.Amount,
+            "error", err,
+            "request_id", ctx.Value("request_id"),
+        )
+        return fmt.Errorf("charging order %s: %w", order.ID, err)
+    }
+    return nil
+}
+```
+**Log context should include:**
+- Error message (and stack trace if available)
+- Relevant entity IDs (order, user, etc.)
+- Request/correlation ID
+- Input that caused the error
+- Timing information
+**Tools:** GolangCI-Lint, PR review, `slog`

package/skill-assets/sunlint-code-quality/rules/go/C030-custom-error-classes.md ADDED Viewed

@@ -0,0 +1,69 @@
+---
+title: Use Custom Error Types
+impact: HIGH
+impactDescription: enables proper error categorization and handling
+tags: error-handling, custom-errors, patterns, quality
+---
+## Use Custom Error Types
+Custom error types enable proper error handling, categorization, and monitoring. They provide clear contracts for API consumers.
+**Incorrect (generic errors):**
+```go
+return errors.New("user not found")
+return errors.New("invalid input")
+return errors.New("database connection failed")
+```
+**Correct (custom error structs):**
+```go
+// Base application error type can be useful but Go often uses simple structs
+type AppError struct {
+    Code       string
+    Message    string
+    StatusCode int
+    Context    map[string]any
+}
+func (e *AppError) Error() string {
+    return e.Message
+}
+// Specific errors
+type UserNotFoundError struct {
+    UserID string
+}
+func (e UserNotFoundError) Error() string {
+    return fmt.Sprintf("user %s not found", e.UserID)
+}
+type ValidationError struct {
+    Field   string
+    Message string
+}
+func (e ValidationError) Error() string {
+    return fmt.Sprintf("validation error on %s: %s", e.Field, e.Message)
+}
+// Usage
+return UserNotFoundError{UserID: "123"}
+return ValidationError{Field: "email", Message: "invalid format"}
+// Handling
+if errors.As(err, &UserNotFoundError{}) {
+    // handle 404
+}
+```
+**Benefits:**
+- Type-safe error handling using `errors.As`
+- Automatic HTTP status mapping
+- Structured error context
+- Consistent error format
+**Tools:** GolangCI-Lint, Code Convention