@sun-asterisk/sunlint 1.3.44 → 1.3.46

package/core/cli-action-handler.js

@@ -406,6 +406,7 @@ class CliActionHandler {
    */
   getPresetName() {
     if (this.options.all) return 'all preset';
+    if (this.options.specific) return 'language-specific preset';
     if (this.options.quality) return 'quality preset';
     if (this.options.security) return 'security preset';
     if (this.options.category) return `${this.options.category} preset`;
@@ -505,12 +506,12 @@ class CliActionHandler {
   handleExit(results) {
     if (this.options.noExit) return;
 
-    // Check if any violations were found
-    const hasViolations = results.results?.some(result =>
-      result.violations && result.violations.length > 0
+    // Only fail on errors, not warnings (ESLint-compatible behavior)
+    const hasErrors = results.results?.some(result =>
+      result.violations?.some(v => v.severity === 'error')
     );
 
-    if (hasViolations && this.options.failOnViolations !== false) {
+    if (hasErrors && this.options.failOnViolations !== false) {
       process.exit(1);
     } else {
       process.exit(0);
@@ -525,6 +526,7 @@ class CliActionHandler {
     return this.options.architecture &&
       !this.options.impact &&
       !this.options.all &&
+      !this.options.specific &&
       !this.options.rule &&
       !this.options.rules &&
       !this.options.quality &&
@@ -540,6 +542,7 @@ class CliActionHandler {
     return this.options.impact &&
       !this.options.architecture &&
       !this.options.all &&
+      !this.options.specific &&
       !this.options.rule &&
       !this.options.rules &&
       !this.options.quality &&

package/core/cli-program.js

@@ -22,6 +22,7 @@ function createCliProgram() {
     .option('--rules <rules>', 'Run multiple rules (comma-separated)')
     .option('-a, --all', 'Run all available rules')
     .option('-c, --category <category>', 'Run rules by category (quality, security, logging, naming)')
+    .option('-s, --specific', 'Run language-specific rules (requires --languages)')
     .option('--quality', 'Run all code quality rules')
     .option('--security', 'Run all secure coding rules');
 
@@ -108,6 +109,12 @@ Examples:
   sunlint --quality --input=src                # Quality rules only
   sunlint --security --input=src               # Security rules only
 
+Language-Specific:
+  sunlint --specific --languages=dart --input=lib           # Dart rules only
+  sunlint --specific --languages=kotlin --input=app/src     # Kotlin rules only
+  sunlint --specific --languages=dart,kotlin --input=.      # Dart + Kotlin rules
+  sunlint --all --languages=dart --input=lib                # All rules + Dart rules
+
 Git Integration:
   sunlint --all --changed-files --input=.      # Changed files only
   sunlint --all --staged-files --input=.       # Staged files only

package/core/output-service.js

@@ -273,10 +273,10 @@ class OutputService {
           if (result.ruleId) {
             result.violations.forEach(violation => {
               if (isValidViolation(violation)) {
-                allViolations.push(violation); // violation already has file path
+                allViolations.push(violation);
               }
             });
-          } 
+          }
           // Handle file-based format (legacy)
           else {
             result.violations.forEach(violation => {

package/core/output-service.js.debug.js

@@ -0,0 +1 @@
+// temp debug

package/core/rule-selection-service.js

@@ -60,6 +60,48 @@ class RuleSelectionService {
     }
   }
 
+  /**
+   * Collect language-specific rules from ALL versions of released-rules.json
+   * Searches across all versions because the latest version may have empty categories
+   * @param {string[]} languages - Array of language names (e.g., ['dart', 'kotlin'])
+   * @returns {string[]} Array of rule IDs matching the specified languages
+   */
+  collectLanguageSpecificRules(languages) {
+    const { getLanguageFromRuleId } = require('./constants/rules');
+
+    try {
+      if (!fs.existsSync(this.releasedRulesPath)) {
+        return [];
+      }
+
+      const data = JSON.parse(fs.readFileSync(this.releasedRulesPath, 'utf8'));
+      const versions = data.versions || [];
+
+      if (versions.length === 0) {
+        return [];
+      }
+
+      const targetLanguages = new Set(languages.map(l => l.toLowerCase()));
+      const matchingRuleIds = new Set();
+
+      for (const versionEntry of versions) {
+        const rulesByCategory = versionEntry.rulesByCategory || {};
+        for (const categoryRules of Object.values(rulesByCategory)) {
+          for (const ruleId of categoryRules) {
+            const ruleLanguage = getLanguageFromRuleId(ruleId);
+            if (ruleLanguage && targetLanguages.has(ruleLanguage)) {
+              matchingRuleIds.add(ruleId);
+            }
+          }
+        }
+      }
+
+      return Array.from(matchingRuleIds);
+    } catch (error) {
+      return [];
+    }
+  }
+
   async selectRules(config, options) {
     // Ensure adapter is initialized
     await this.initialize();
@@ -75,6 +117,22 @@ class RuleSelectionService {
       selectedRules = [options.rule];
     } else if (options.rules) {
       selectedRules = options.rules.split(',').map(r => r.trim());
+    } else if (options.specific) {
+      // --specific requires --languages to determine which language rules to load
+      if (!options.languages) {
+        throw new Error(
+          chalk.red('--specific requires --languages to be specified\n') +
+          chalk.gray('Example: sunlint --specific --languages=dart --input=lib')
+        );
+      }
+      const targetLanguages = options.languages.split(',').map(l => l.trim());
+      selectedRules = this.collectLanguageSpecificRules(targetLanguages);
+
+      if (selectedRules.length === 0) {
+        console.warn(
+          chalk.yellow(`\u26A0\uFE0F  No language-specific rules found for: ${targetLanguages.join(', ')}`)
+        );
+      }
     } else if (options.all) {
       // Load all rules from released-rules.json
       if (releasedRules) {
@@ -89,6 +147,20 @@ class RuleSelectionService {
         // Fallback to preset file
         selectedRules = this.loadPresetRules('all');
       }
+
+      // Augment with language-specific rules when --languages is specified
+      // This handles the case where the latest version has empty categories
+      if (options.languages) {
+        const targetLanguages = options.languages.split(',').map(l => l.trim());
+        const languageRules = this.collectLanguageSpecificRules(targetLanguages);
+        const existingRuleSet = new Set(selectedRules);
+
+        for (const ruleId of languageRules) {
+          if (!existingRuleSet.has(ruleId)) {
+            selectedRules.push(ruleId);
+          }
+        }
+      }
     } else if (options.quality) {
       // Load Common rules from released-rules.json
       if (releasedRules && releasedRules.Common) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.3.44",
+  "version": "1.3.46",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {

package/rules/common/C006_function_naming/typescript/analyzer.js

@@ -669,8 +669,7 @@ class SmartC006Analyzer {
 
   getSeverityFromConfidence(confidence) {
     if (confidence >= this.confidenceThresholds.HIGH) return 'warning';
-    if (confidence >= this.confidenceThresholds.MEDIUM) return 'info';
-    return 'hint';
+    return 'warning';
   }
 }
 

package/rules/common/C017_constructor_logic/typescript/symbol-based-analyzer.js

@@ -299,7 +299,7 @@ class C017SymbolBasedAnalyzer {
 
         violations.push({
           ruleId: this.ruleId,
-          severity: 'info',
+          severity: 'warning',
           message: 'Constructor contains logging - side effects should be avoided',
           source: this.ruleId,
           file: filePath,

package/rules/common/C019_log_level_usage/typescript/system-log-analyzer.js

@@ -581,7 +581,7 @@ class C019SystemLogAnalyzer {
           filePath: filePath,
           line: logs[0].position.line,
           column: logs[0].position.column,
-          severity: 'info',
+          severity: 'warning',
           category: 'performance',
           confidence: this.config.overusedLogPatterns.hot_path_over_logging.confidence,
           suggestion: this.config.overusedLogPatterns.hot_path_over_logging.suggestion,
@@ -697,7 +697,7 @@ class C019SystemLogAnalyzer {
             filePath: filePath,
             line: log2.position.line,
             column: log2.position.column,
-            severity: 'info',
+            severity: 'warning',
             category: 'maintainability',
             confidence: this.config.redundancyPatterns.duplicate_log_events.confidence,
             suggestion: this.config.redundancyPatterns.duplicate_log_events.suggestion,

package/rules/common/C021_import_organization/typescript/ts-morph-analyzer.js

@@ -234,7 +234,7 @@ class C021TsMorphAnalyzer {
           violations.push({
             ruleId: this.ruleId,
             message: `Import group "${misplacedGroup}" should come ${this.getOrderMessage(misplacedGroup, expectedFiltered, i)}`,
-            severity: 'info',
+            severity: 'warning',
             location: {
               start: {
                 line: imports[0].line,
@@ -289,7 +289,7 @@ class C021TsMorphAnalyzer {
           violations.push({
             ruleId: this.ruleId,
             message: `Import "${current}" should come after "${next}" (alphabetical order within ${groupName} group)`,
-            severity: 'info',
+            severity: 'warning',
             location: {
               start: {
                 line: imports[i].line,
@@ -345,7 +345,7 @@ class C021TsMorphAnalyzer {
         violations.push({
           ruleId: this.ruleId,
           message: `Missing blank line between "${nonEmptyGroups[i]}" and "${nonEmptyGroups[i + 1]}" import groups`,
-          severity: 'info',
+          severity: 'warning',
           location: {
             start: {
               line: lastLine,

package/rules/common/C024_no_scatter_hardcoded_constants/typescript/symbol-based-analyzer.js

@@ -388,7 +388,7 @@ class C024SymbolBasedAnalyzer {
   createViolation(node, sourceFile, message, type, value) {
     return {
       ruleId: this.ruleId,
-      severity: 'medium',
+      severity: 'warning',
       message: message,
       source: this.ruleId,
       file: sourceFile.getFilePath(),

package/rules/common/C029_catch_block_logging/typescript/analyzer.js

@@ -654,7 +654,7 @@ class C029Analyzer {
     }
 
     // Low severity violations (recommendations)
-    return 'info';
+    return 'warning';
   }
 }
 

package/rules/common/C040_centralized_validation/typescript/regex-based-analyzer.js

@@ -114,7 +114,7 @@ class C040RegexBasedAnalyzer {
         if (duplicatePatterns.length > 0) {
           violations.push({
             ruleId: this.ruleId,
-            severity: 'info',
+            severity: 'warning',
             message: `Found potentially duplicate validation patterns: ${duplicatePatterns.join(', ')}`,
             file: filePath,
             line: validationMatches[0].line,

package/rules/common/C073_validate_required_config_on_startup/typescript/analyzer.js

@@ -714,7 +714,7 @@ class C073ConfigValidationAnalyzer {
     if (isServiceFile && analysis.envAccess && analysis.envAccess.length > 0) {
       violations.push({
         ruleId: 'C073',
-        severity: 'info',
+        severity: 'warning',
         message: 'Service layer accessing environment variables directly. Consider using dependency injection for configuration.',
         line: analysis.envAccess[0].line || 1,
         column: 1,

package/rules/security/S042_require_re_authentication_for_long_lived/typescript/symbol-based-analyzer.js

@@ -173,7 +173,7 @@ class S042SymbolBasedAnalyzer {
           violations.push({
             ruleId: this.ruleId,
             ruleName: this.ruleName,
-            severity: 'medium',
+            severity: 'warning',
             message: `Session maxAge is too long (${this.formatDuration(sessionConfig.maxAge)}). Consider limiting to 24 hours or less for security.`,
             line: startLine,
             column: node.getStart() - node.getStartLinePos() + 1,
@@ -191,7 +191,7 @@ class S042SymbolBasedAnalyzer {
           violations.push({
             ruleId: this.ruleId,
             ruleName: this.ruleName,
-            severity: 'medium',
+            severity: 'warning',
             message: `Persistent session (Remember Me) enabled without re-authentication requirements for sensitive actions.`,
             line: startLine,
             column: node.getStart() - node.getStartLinePos() + 1,
@@ -209,7 +209,7 @@ class S042SymbolBasedAnalyzer {
           violations.push({
             ruleId: this.ruleId,
             ruleName: this.ruleName,
-            severity: 'medium',
+            severity: 'warning',
             message: `Session configuration missing idle timeout. Consider adding inactivity-based expiration.`,
             line: startLine,
             column: node.getStart() - node.getStartLinePos() + 1,
@@ -420,7 +420,7 @@ class S042SymbolBasedAnalyzer {
           violations.push({
             ruleId: this.ruleId,
             ruleName: this.ruleName,
-            severity: 'high',
+            severity: 'error',
             message: `JWT token created without expiration configuration. Add expiresIn option.`,
             line: startLine,
             column: callExpr.getStart() - callExpr.getStartLinePos() + 1,
@@ -442,7 +442,7 @@ class S042SymbolBasedAnalyzer {
             violations.push({
               ruleId: this.ruleId,
               ruleName: this.ruleName,
-              severity: 'high',
+              severity: 'error',
               message: `JWT token created without expiration time. Tokens should have short expiry (e.g., 1 hour).`,
               line: startLine,
               column: callExpr.getStart() - callExpr.getStartLinePos() + 1,
@@ -463,7 +463,7 @@ class S042SymbolBasedAnalyzer {
               violations.push({
                 ruleId: this.ruleId,
                 ruleName: this.ruleName,
-                severity: 'medium',
+                severity: 'warning',
                 message: `JWT expiration is too long (${this.formatDuration(jwtConfig.expirationValue)}). Access tokens should expire within 1 hour.`,
                 line: startLine,
                 column: jwtConfig.expirationNode.getStart() - jwtConfig.expirationNode.getStartLinePos() + 1,
@@ -613,7 +613,7 @@ class S042SymbolBasedAnalyzer {
           violations.push({
             ruleId: this.ruleId,
             ruleName: this.ruleName,
-            severity: 'high',
+            severity: 'error',
             message: `Sensitive action '${funcName}' does not appear to require re-authentication.`,
             line: startLine,
             column: func.getStart() - func.getStartLinePos() + 1,
@@ -657,7 +657,7 @@ class S042SymbolBasedAnalyzer {
             violations.push({
               ruleId: this.ruleId,
               ruleName: this.ruleName,
-              severity: 'medium',
+              severity: 'warning',
               message: `Remember Me feature implemented without apparent re-authentication requirements.`,
               line: startLine,
               column: node.getStart() - node.getStartLinePos() + 1,
@@ -687,7 +687,7 @@ class S042SymbolBasedAnalyzer {
       violations.push({
         ruleId: this.ruleId,
         ruleName: this.ruleName,
-        severity: 'medium',
+        severity: 'warning',
         message: `Session management detected but no idle timeout implementation found.`,
         line: sessionConfigLocation.line,
         column: sessionConfigLocation.column,

package/rules/security/S043_password_changes_invalidate_all_sessions/typescript/symbol-based-analyzer.js

@@ -523,7 +523,7 @@ class S043SymbolBasedAnalyzer {
     violations.push({
       ruleId: this.ruleId,
       ruleName: this.ruleName,
-      severity: 'medium',
+      severity: 'warning',
       message: `Password change function "${functionName}" must invalidate all active sessions`,
       line: startLine,
       column: column,

package/rules/security/S046_jwt_algorithm_allowlist/dart/analyzer.js

@@ -27,7 +27,7 @@ class DartS046Analyzer {
     return {
       checkJwtVerify: true,
       checkAlgorithmList: true,
-      severity: 'critical'
+      severity: 'error'
     };
   }
 

package/rules/security/S047_oauth_pkce_protection/dart/analyzer.js

@@ -27,7 +27,7 @@ class DartS047Analyzer {
     return {
       checkPkce: true,
       checkStateParameter: true,
-      severity: 'high'
+      severity: 'error'
     };
   }
 

package/rules/security/S050_reference_tokens_entropy/dart/analyzer.js

@@ -28,7 +28,7 @@ class DartS050Analyzer {
       checkCsprng: true,
       checkMathRandom: true,
       minEntropyBits: 128,
-      severity: 'high'
+      severity: 'error'
     };
   }
 

package/rules/security/S053_generic_error_messages/dart/analyzer.js

@@ -28,7 +28,7 @@ class DartS053Analyzer {
       checkStackTraceExposure: true,
       checkSqlExposure: true,
       checkPathExposure: true,
-      severity: 'medium'
+      severity: 'warning'
     };
   }
 

package/rules/security/S055_content_type_validation/typescript/symbol-based-analyzer.js

@@ -389,7 +389,7 @@ class S055SymbolBasedAnalyzer {
       violations.push({
         ruleId: this.ruleId,
         ruleName: this.ruleName,
-        severity: 'medium',
+        severity: 'warning',
         message: `REST endpoint '${name}' does not validate Content-Type header. Add validation for 'application/json' or other expected types.`,
         line: startLine,
         column: node.getStart() - node.getStartLinePos() + 1,

package/rules/security/S059_disable_debug_mode/dart/analyzer.js

@@ -28,7 +28,7 @@ class DartS059Analyzer {
       checkDebugPrint: true,
       checkKDebugMode: true,
       checkAssertStatements: true,
-      severity: 'high'
+      severity: 'error'
     };
   }
 

package/rules/security/S060_password_minimum_length/dart/analyzer.js

@@ -28,7 +28,7 @@ class DartS060Analyzer {
       minLength: 8,
       recommendedLength: 15,
       maxLength: 128,
-      severity: 'medium'
+      severity: 'warning'
     };
   }
 

package/rules/utils/severity-constants.js

@@ -5,7 +5,6 @@
 
 const SEVERITY = {
   OFF: 'off',
-  INFO: 'info', 
   WARNING: 'warning',
   ERROR: 'error'
 };