@sun-asterisk/sunlint 1.3.45 → 1.3.47

package/core/adapters/sunlint-rule-adapter.js

@@ -203,6 +203,22 @@ class SunlintRuleAdapter {
     return Array.from(this.rulesCache.keys());
   }
 
+  /**
+   * Get rules registry for severity resolution
+   * Returns object with rules property compatible with ConfigValidator
+   */
+  getRulesRegistry() {
+    if (this.registryCache) {
+      return { rules: this.registryCache };
+    }
+    // Convert cache map to registry format
+    const rules = {};
+    this.rulesCache.forEach((rule, ruleId) => {
+      rules[ruleId] = rule;
+    });
+    return { rules };
+  }
+
   /**
    * Validate rule ID
    */

package/core/cli-action-handler.js

@@ -406,6 +406,7 @@ class CliActionHandler {
    */
   getPresetName() {
     if (this.options.all) return 'all preset';
+    if (this.options.specific) return 'language-specific preset';
     if (this.options.quality) return 'quality preset';
     if (this.options.security) return 'security preset';
     if (this.options.category) return `${this.options.category} preset`;
@@ -525,6 +526,7 @@ class CliActionHandler {
     return this.options.architecture &&
       !this.options.impact &&
       !this.options.all &&
+      !this.options.specific &&
       !this.options.rule &&
       !this.options.rules &&
       !this.options.quality &&
@@ -540,6 +542,7 @@ class CliActionHandler {
     return this.options.impact &&
       !this.options.architecture &&
       !this.options.all &&
+      !this.options.specific &&
       !this.options.rule &&
       !this.options.rules &&
       !this.options.quality &&

package/core/cli-program.js

@@ -22,6 +22,7 @@ function createCliProgram() {
     .option('--rules <rules>', 'Run multiple rules (comma-separated)')
     .option('-a, --all', 'Run all available rules')
     .option('-c, --category <category>', 'Run rules by category (quality, security, logging, naming)')
+    .option('-s, --specific', 'Run language-specific rules (requires --languages)')
     .option('--quality', 'Run all code quality rules')
     .option('--security', 'Run all secure coding rules');
 
@@ -108,6 +109,12 @@ Examples:
   sunlint --quality --input=src                # Quality rules only
   sunlint --security --input=src               # Security rules only
 
+Language-Specific:
+  sunlint --specific --languages=dart --input=lib           # Dart rules only
+  sunlint --specific --languages=kotlin --input=app/src     # Kotlin rules only
+  sunlint --specific --languages=dart,kotlin --input=.      # Dart + Kotlin rules
+  sunlint --all --languages=dart --input=lib                # All rules + Dart rules
+
 Git Integration:
   sunlint --all --changed-files --input=.      # Changed files only
   sunlint --all --staged-files --input=.       # Staged files only

package/core/rule-selection-service.js

@@ -10,11 +10,13 @@ const fs = require('fs');
 const path = require('path');
 const RuleMappingService = require('./rule-mapping-service');
 const SunlintRuleAdapter = require('./adapters/sunlint-rule-adapter');
+const ConfigValidator = require('./config-validator');
 
 class RuleSelectionService {
   constructor() {
     this.ruleAdapter = SunlintRuleAdapter.getInstance();
     this.ruleMappingService = new RuleMappingService();
+    this.configValidator = new ConfigValidator();
     this.initialized = false;
     // Path works both in dev (from pages/) and npm package (from config/)
     this.releasedRulesPath = path.join(__dirname, '../config/released-rules.json');
@@ -60,6 +62,48 @@ class RuleSelectionService {
     }
   }
 
+  /**
+   * Collect language-specific rules from ALL versions of released-rules.json
+   * Searches across all versions because the latest version may have empty categories
+   * @param {string[]} languages - Array of language names (e.g., ['dart', 'kotlin'])
+   * @returns {string[]} Array of rule IDs matching the specified languages
+   */
+  collectLanguageSpecificRules(languages) {
+    const { getLanguageFromRuleId } = require('./constants/rules');
+
+    try {
+      if (!fs.existsSync(this.releasedRulesPath)) {
+        return [];
+      }
+
+      const data = JSON.parse(fs.readFileSync(this.releasedRulesPath, 'utf8'));
+      const versions = data.versions || [];
+
+      if (versions.length === 0) {
+        return [];
+      }
+
+      const targetLanguages = new Set(languages.map(l => l.toLowerCase()));
+      const matchingRuleIds = new Set();
+
+      for (const versionEntry of versions) {
+        const rulesByCategory = versionEntry.rulesByCategory || {};
+        for (const categoryRules of Object.values(rulesByCategory)) {
+          for (const ruleId of categoryRules) {
+            const ruleLanguage = getLanguageFromRuleId(ruleId);
+            if (ruleLanguage && targetLanguages.has(ruleLanguage)) {
+              matchingRuleIds.add(ruleId);
+            }
+          }
+        }
+      }
+
+      return Array.from(matchingRuleIds);
+    } catch (error) {
+      return [];
+    }
+  }
+
   async selectRules(config, options) {
     // Ensure adapter is initialized
     await this.initialize();
@@ -75,6 +119,22 @@ class RuleSelectionService {
       selectedRules = [options.rule];
     } else if (options.rules) {
       selectedRules = options.rules.split(',').map(r => r.trim());
+    } else if (options.specific) {
+      // --specific requires --languages to determine which language rules to load
+      if (!options.languages) {
+        throw new Error(
+          chalk.red('--specific requires --languages to be specified\n') +
+          chalk.gray('Example: sunlint --specific --languages=dart --input=lib')
+        );
+      }
+      const targetLanguages = options.languages.split(',').map(l => l.trim());
+      selectedRules = this.collectLanguageSpecificRules(targetLanguages);
+
+      if (selectedRules.length === 0) {
+        console.warn(
+          chalk.yellow(`\u26A0\uFE0F  No language-specific rules found for: ${targetLanguages.join(', ')}`)
+        );
+      }
     } else if (options.all) {
       // Load all rules from released-rules.json
       if (releasedRules) {
@@ -89,6 +149,20 @@ class RuleSelectionService {
         // Fallback to preset file
         selectedRules = this.loadPresetRules('all');
       }
+
+      // Augment with language-specific rules when --languages is specified
+      // This handles the case where the latest version has empty categories
+      if (options.languages) {
+        const targetLanguages = options.languages.split(',').map(l => l.trim());
+        const languageRules = this.collectLanguageSpecificRules(targetLanguages);
+        const existingRuleSet = new Set(selectedRules);
+
+        for (const ruleId of languageRules) {
+          if (!existingRuleSet.has(ruleId)) {
+            selectedRules.push(ruleId);
+          }
+        }
+      }
     } else if (options.quality) {
       // Load Common rules from released-rules.json
       if (releasedRules && releasedRules.Common) {
@@ -137,14 +211,33 @@ class RuleSelectionService {
       selectedRules = selectedRules.filter(ruleId => !disabledRules.has(ruleId));
     }
 
-    // Convert to rule objects
+    // Get rules registry for severity resolution
+    const rulesRegistry = this.ruleAdapter.getRulesRegistry();
+
+    // Convert to rule objects with proper severity from config
     return selectedRules.map(ruleId => {
       const adapterRule = this.ruleAdapter.getRuleById(ruleId);
+      
+      // Resolve severity from config (config.rules > config.categories > rule default)
+      const effectiveConfig = this.configValidator.getEffectiveRuleConfiguration(
+        ruleId,
+        config,
+        rulesRegistry
+      );
+      
+      // Map config values to severity (error/warn)
+      let severity = 'warning';
+      if (effectiveConfig === 'error' || effectiveConfig === 2) {
+        severity = 'error';
+      } else if (effectiveConfig === 'warn' || effectiveConfig === 'warning' || effectiveConfig === 1) {
+        severity = 'warning';
+      }
+      
       return {
+        ...(adapterRule || {}),
         id: ruleId,
         name: this.getRuleName(ruleId),
-        severity: 'warning',
-        ...(adapterRule || {})
+        severity // Must come AFTER spread to override adapter's severity
       };
     }).filter(rule => rule.id);
   }

package/engines/heuristic-engine.js

@@ -1002,7 +1002,12 @@ class HeuristicEngine extends AnalysisEngineInterface {
               fileResult = { file: filePath, violations: [] };
               results.results.push(fileResult);
             }
-            fileResult.violations.push(...violations);
+            // Apply rule severity to each violation (from config)
+            const violationsWithSeverity = violations.map(v => ({
+              ...v,
+              severity: rule.severity || v.severity || 'warning'
+            }));
+            fileResult.violations.push(...violationsWithSeverity);
           }
         }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.3.45",
+  "version": "1.3.47",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {
@@ -64,7 +64,7 @@
     "eslint-plugin-react": "^7.37.5",
     "eslint-plugin-react-hooks": "^5.2.0",
     "espree": "^10.3.0",
-    "glob": "^11.0.3",
+    "glob": "^10.5.0",
     "minimatch": "^10.0.3",
     "node-fetch": "^3.3.2",
     "table": "^6.8.2",

package/skill-assets/sunlint-code-quality/rules/ruby/C006-verb-noun-functions.md

@@ -0,0 +1,63 @@
+---
+title: Function Names Verb-Noun
+impact: LOW
+impactDescription: makes code self-documenting
+tags: naming, functions, readability, conventions, quality
+---
+
+## Function Names Verb-Noun
+
+Methods in Ruby should describe actions clearly. Action verbs make the purpose manifest.
+
+**Incorrect (vague names):**
+
+```ruby
+def user           # Noun only
+end
+
+def user_data       # Noun only
+end
+
+def do_something    # Vague
+end
+
+def handle_stuff    # Vague
+end
+```
+
+**Correct (action verbs):**
+
+```ruby
+def fetch_user
+end
+
+def create_user_account
+end
+
+def validate_email_format?
+end
+
+def calculate_total_price
+end
+
+def send_confirmation_email
+end
+
+def convert_currency_to_usd
+end
+```
+
+**Verb categories:**
+
+| Category | Verbs |
+|----------|-------|
+| Retrieval | `get`, `fetch`, `find`, `load`, `query` |
+| Creation | `create`, `build`, `make`, `generate` |
+| Modification | `set`, `update`, `modify`, `change` |
+| Deletion | `delete`, `remove`, `destroy`, `clear` |
+| Validation | `validate`, `verify`, `check`, `ensure` |
+| Computation | `calculate`, `compute`, `parse`, `format` |
+| Boolean | `is`, `has`, `can`, `should`, `will` |
+
+**Tools:** PR review, RuboCop
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C013-no-dead-code.md

@@ -0,0 +1,48 @@
+---
+title: Do Not Use Dead Code
+impact: LOW
+impactDescription: reduces codebase noise and maintenance effort
+tags: dead-code, cleanup, maintenance, quality
+---
+
+## Do Not Use Dead Code
+
+Dead code confuses readers and clutters the codebase. Git history preserves deleted code, so there is no need to keep it in the active source files.
+
+**Incorrect (keeping dead code):**
+
+```ruby
+def process_order(order)
+  # Old implementation - keeping for reference
+  # total = order.items.inject(0) do |sum, item|
+  #   sum + item.price * item.quantity
+  # end
+  
+  total = calculate_total(order)
+  total
+end
+
+# Unused function - someone might need it later
+def legacy_calculation
+end
+```
+
+**Correct (clean code):**
+
+```ruby
+def process_order(order)
+  calculate_total(order)
+end
+
+# Delete unused methods - git history preserves them
+# Delete commented code - git history preserves it
+```
+
+**Types of dead code:**
+- Commented-out code
+- Unused methods/classes
+- Unreachable code
+- Unused variables
+
+**Tools:** RuboCop, debride
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C014-dependency-injection.md

@@ -0,0 +1,42 @@
+---
+title: Use Dependency Injection
+impact: MEDIUM
+impactDescription: enables testable business logic and decupling
+tags: dependency-injection, decoupling, testability, quality
+---
+
+## Use Dependency Injection
+
+Hardcoding dependencies inside classes makes them difficult to test and tightly coupled. Pass dependencies through the constructor (`initialize`).
+
+**Incorrect (tightly coupled):**
+
+```ruby
+class OrderService
+  def process(order)
+    # Hardcoded dependency
+    mailer = UserMailer.new
+    mailer.send_confirmation(order.user)
+  end
+end
+```
+
+**Correct (dependency injection):**
+
+```ruby
+class OrderService
+  def initialize(mailer = UserMailer.new)
+    @mailer = mailer
+  end
+
+  def process(order)
+    @mailer.send_confirmation(order.user)
+  end
+end
+
+# In tests:
+# service = OrderService.new(MockMailer.new)
+```
+
+**Tools:** PR review
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C017-no-constructor-logic.md

@@ -0,0 +1,42 @@
+---
+title: No Complex Logic in Constructor
+impact: LOW
+impactDescription: makes objects easy to instantiate and test
+tags: constructor, initialization, testability, quality
+---
+
+## No Complex Logic in Constructor
+
+The `initialize` method should only set up initial state. Avoid performing computations, database queries, or network calls during object construction.
+
+**Incorrect (complex initialize):**
+
+```ruby
+class UserProfile
+  def initialize(user_id)
+    @user = User.find(user_id) # DB query in constructor
+    @stats = RemoteApiService.fetch_stats(user_id) # Network call
+  end
+end
+```
+
+**Correct (simple initialize):**
+
+```ruby
+class UserProfile
+  def initialize(user, stats)
+    @user = user
+    @stats = stats
+  end
+
+  # Use a factory method or dependency injection
+  def self.build(user_id)
+    user = User.find(user_id)
+    stats = RemoteApiService.fetch_stats(user_id)
+    new(user, stats)
+  end
+end
+```
+
+**Tools:** PR review
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C018-generic-errors.md

@@ -0,0 +1,41 @@
+---
+title: Catch Specific Exceptions
+impact: HIGH
+impactDescription: prevents hiding critical system errors and unexpected behavior
+tags: error-handling, maintenance, safety, quality
+---
+
+## Catch Specific Exceptions
+
+Avoid catching the generic `Exception` or `StandardError` classes without a good reason. This can hide bugs and system-level issues like `NoMemoryError` or `SignalException`.
+
+**Incorrect (generic rescue):**
+
+```ruby
+begin
+  do_something
+rescue => e # Rescues StandardError
+  log_error(e)
+end
+
+begin
+  do_something
+rescue Exception => e # Even worse, rescues everything
+  log_error(e)
+end
+```
+
+**Correct (specific rescue):**
+
+```ruby
+begin
+  do_something
+rescue ActiveRecord::RecordNotFound => e
+  handle_missing_record(e)
+rescue JSON::ParserError => e
+  handle_invalid_json(e)
+end
+```
+
+**Tools:** RuboCop (`Style/RescueStandardError`)
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C019-error-log-level.md

@@ -0,0 +1,41 @@
+---
+title: Use Appropriate Log Levels
+impact: MEDIUM
+impactDescription: facilitates effective monitoring and troubleshooting
+tags: logging, observability, monitoring, quality
+---
+
+## Use Appropriate Log Levels
+
+Use the correct log level (`debug`, `info`, `warn`, `error`, `fatal`) to distinguish between operational noise and critical issues.
+
+**Incorrect (misused levels):**
+
+```ruby
+begin
+  process_data
+rescue => e
+  Rails.logger.info "Error happened: #{e.message}" # Error logged as Info
+end
+
+Rails.logger.error "Variable x is #{x}" # Debugging info logged as Error
+```
+
+**Correct (appropriate levels):**
+
+```ruby
+Rails.logger.debug "Processing payload: #{payload}"
+
+begin
+  process_data
+rescue => e
+  Rails.logger.error "Data processing failed: #{e.message}"
+end
+
+if retry_count > 0
+  Rails.logger.warn "Retry attempt #{retry_count} for user #{user_id}"
+end
+```
+
+**Tools:** Manual Review
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C020-no-unused-imports.md

@@ -0,0 +1,36 @@
+---
+title: No Unused Requires
+impact: LOW
+impactDescription: reduces startup time and avoids unnecessary dependencies
+tags: cleanup, maintenance, quality
+---
+
+## No Unused Requires
+
+Avoid requiring libraries or files that are not used in the current file. This clutters the code and may slightly impact load times.
+
+**Incorrect (unused requires):**
+
+```ruby
+require 'json'      # Not used
+require 'net/http'  # Not used
+
+class MyService
+  def call
+    puts "Hello"
+  end
+end
+```
+
+**Correct (clean requires):**
+
+```ruby
+class MyService
+  def call
+    puts "Hello"
+  end
+end
+```
+
+**Tools:** RuboCop
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C022-no-unused-variables.md

@@ -0,0 +1,31 @@
+---
+title: No Unused Variables
+impact: LOW
+impactDescription: reduces confusion and identifies potential logic errors
+tags: cleanup, quality, maintenance
+---
+
+## No Unused Variables
+
+Variables that are declared but never used often indicate a typo or a forgotten piece of logic.
+
+**Incorrect (unused variables):**
+
+```ruby
+def calculate(a, b)
+  result = a + b
+  temp_data = fetch_additional_info # Fetched but never used
+  result
+end
+```
+
+**Correct (clean variables):**
+
+```ruby
+def calculate(a, b)
+  a + b
+end
+```
+
+**Tools:** RuboCop (`Lint/UselessAssignment`)
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C023-no-duplicate-names.md

@@ -0,0 +1,39 @@
+---
+title: Avoid Duplicate Naming
+impact: LOW
+impactDescription: prevents confusion and shadowing
+tags: naming, quality, maintenance
+---
+
+## Avoid Duplicate Naming
+
+Avoid using the same name for local variables, method arguments, and instance variables if it causes confusion or shadowing.
+
+**Incorrect (shadowing/ambiguity):**
+
+```ruby
+class Processor
+  attr_reader :data
+
+  def process(data) # Argument shadows attribute
+    data = data.clean # Shadowing
+    @data = data
+  end
+end
+```
+
+**Correct (distinct names):**
+
+```ruby
+class Processor
+  attr_reader :data
+
+  def process(raw_data)
+    cleaned_data = raw_data.clean
+    @data = cleaned_data
+  end
+end
+```
+
+**Tools:** RuboCop (`Lint/ShadowingOuterLocalVariable`)
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C024-centralize-constants.md

@@ -0,0 +1,35 @@
+---
+title: Centralize Constants
+impact: MEDIUM
+impactDescription: improves maintainability and avoids magic numbers
+tags: constants, maintainability, quality
+---
+
+## Centralize Constants
+
+Avoid hardcoding magic strings and numbers throughout your logic. Define them as constants at the top of the class or in a specific module.
+
+**Incorrect (magic values):**
+
+```ruby
+class User < ApplicationRecord
+  def premium?
+    self.score > 1000 # What is 1000?
+  end
+end
+```
+
+**Correct (constants):**
+
+```ruby
+class User < ApplicationRecord
+  PREMIUM_THRESHOLD = 1000
+
+  def premium?
+    score > PREMIUM_THRESHOLD
+  end
+end
+```
+
+**Tools:** RuboCop
+---