@sun-asterisk/sunlint 1.3.46 → 1.3.47

package/core/adapters/sunlint-rule-adapter.js

@@ -203,6 +203,22 @@ class SunlintRuleAdapter {
     return Array.from(this.rulesCache.keys());
   }
 
+  /**
+   * Get rules registry for severity resolution
+   * Returns object with rules property compatible with ConfigValidator
+   */
+  getRulesRegistry() {
+    if (this.registryCache) {
+      return { rules: this.registryCache };
+    }
+    // Convert cache map to registry format
+    const rules = {};
+    this.rulesCache.forEach((rule, ruleId) => {
+      rules[ruleId] = rule;
+    });
+    return { rules };
+  }
+
   /**
    * Validate rule ID
    */

package/core/rule-selection-service.js

@@ -10,11 +10,13 @@ const fs = require('fs');
 const path = require('path');
 const RuleMappingService = require('./rule-mapping-service');
 const SunlintRuleAdapter = require('./adapters/sunlint-rule-adapter');
+const ConfigValidator = require('./config-validator');
 
 class RuleSelectionService {
   constructor() {
     this.ruleAdapter = SunlintRuleAdapter.getInstance();
     this.ruleMappingService = new RuleMappingService();
+    this.configValidator = new ConfigValidator();
     this.initialized = false;
     // Path works both in dev (from pages/) and npm package (from config/)
     this.releasedRulesPath = path.join(__dirname, '../config/released-rules.json');
@@ -209,14 +211,33 @@ class RuleSelectionService {
       selectedRules = selectedRules.filter(ruleId => !disabledRules.has(ruleId));
     }
 
-    // Convert to rule objects
+    // Get rules registry for severity resolution
+    const rulesRegistry = this.ruleAdapter.getRulesRegistry();
+
+    // Convert to rule objects with proper severity from config
     return selectedRules.map(ruleId => {
       const adapterRule = this.ruleAdapter.getRuleById(ruleId);
+      
+      // Resolve severity from config (config.rules > config.categories > rule default)
+      const effectiveConfig = this.configValidator.getEffectiveRuleConfiguration(
+        ruleId,
+        config,
+        rulesRegistry
+      );
+      
+      // Map config values to severity (error/warn)
+      let severity = 'warning';
+      if (effectiveConfig === 'error' || effectiveConfig === 2) {
+        severity = 'error';
+      } else if (effectiveConfig === 'warn' || effectiveConfig === 'warning' || effectiveConfig === 1) {
+        severity = 'warning';
+      }
+      
       return {
+        ...(adapterRule || {}),
         id: ruleId,
         name: this.getRuleName(ruleId),
-        severity: 'warning',
-        ...(adapterRule || {})
+        severity // Must come AFTER spread to override adapter's severity
       };
     }).filter(rule => rule.id);
   }

package/engines/heuristic-engine.js

@@ -1002,7 +1002,12 @@ class HeuristicEngine extends AnalysisEngineInterface {
               fileResult = { file: filePath, violations: [] };
               results.results.push(fileResult);
             }
-            fileResult.violations.push(...violations);
+            // Apply rule severity to each violation (from config)
+            const violationsWithSeverity = violations.map(v => ({
+              ...v,
+              severity: rule.severity || v.severity || 'warning'
+            }));
+            fileResult.violations.push(...violationsWithSeverity);
           }
         }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.3.46",
+  "version": "1.3.47",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {
@@ -64,7 +64,7 @@
     "eslint-plugin-react": "^7.37.5",
     "eslint-plugin-react-hooks": "^5.2.0",
     "espree": "^10.3.0",
-    "glob": "^11.0.3",
+    "glob": "^10.5.0",
     "minimatch": "^10.0.3",
     "node-fetch": "^3.3.2",
     "table": "^6.8.2",

package/skill-assets/sunlint-code-quality/rules/ruby/C006-verb-noun-functions.md

@@ -0,0 +1,63 @@
+---
+title: Function Names Verb-Noun
+impact: LOW
+impactDescription: makes code self-documenting
+tags: naming, functions, readability, conventions, quality
+---
+
+## Function Names Verb-Noun
+
+Methods in Ruby should describe actions clearly. Action verbs make the purpose manifest.
+
+**Incorrect (vague names):**
+
+```ruby
+def user           # Noun only
+end
+
+def user_data       # Noun only
+end
+
+def do_something    # Vague
+end
+
+def handle_stuff    # Vague
+end
+```
+
+**Correct (action verbs):**
+
+```ruby
+def fetch_user
+end
+
+def create_user_account
+end
+
+def validate_email_format?
+end
+
+def calculate_total_price
+end
+
+def send_confirmation_email
+end
+
+def convert_currency_to_usd
+end
+```
+
+**Verb categories:**
+
+| Category | Verbs |
+|----------|-------|
+| Retrieval | `get`, `fetch`, `find`, `load`, `query` |
+| Creation | `create`, `build`, `make`, `generate` |
+| Modification | `set`, `update`, `modify`, `change` |
+| Deletion | `delete`, `remove`, `destroy`, `clear` |
+| Validation | `validate`, `verify`, `check`, `ensure` |
+| Computation | `calculate`, `compute`, `parse`, `format` |
+| Boolean | `is`, `has`, `can`, `should`, `will` |
+
+**Tools:** PR review, RuboCop
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C013-no-dead-code.md

@@ -0,0 +1,48 @@
+---
+title: Do Not Use Dead Code
+impact: LOW
+impactDescription: reduces codebase noise and maintenance effort
+tags: dead-code, cleanup, maintenance, quality
+---
+
+## Do Not Use Dead Code
+
+Dead code confuses readers and clutters the codebase. Git history preserves deleted code, so there is no need to keep it in the active source files.
+
+**Incorrect (keeping dead code):**
+
+```ruby
+def process_order(order)
+  # Old implementation - keeping for reference
+  # total = order.items.inject(0) do |sum, item|
+  #   sum + item.price * item.quantity
+  # end
+  
+  total = calculate_total(order)
+  total
+end
+
+# Unused function - someone might need it later
+def legacy_calculation
+end
+```
+
+**Correct (clean code):**
+
+```ruby
+def process_order(order)
+  calculate_total(order)
+end
+
+# Delete unused methods - git history preserves them
+# Delete commented code - git history preserves it
+```
+
+**Types of dead code:**
+- Commented-out code
+- Unused methods/classes
+- Unreachable code
+- Unused variables
+
+**Tools:** RuboCop, debride
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C014-dependency-injection.md

@@ -0,0 +1,42 @@
+---
+title: Use Dependency Injection
+impact: MEDIUM
+impactDescription: enables testable business logic and decupling
+tags: dependency-injection, decoupling, testability, quality
+---
+
+## Use Dependency Injection
+
+Hardcoding dependencies inside classes makes them difficult to test and tightly coupled. Pass dependencies through the constructor (`initialize`).
+
+**Incorrect (tightly coupled):**
+
+```ruby
+class OrderService
+  def process(order)
+    # Hardcoded dependency
+    mailer = UserMailer.new
+    mailer.send_confirmation(order.user)
+  end
+end
+```
+
+**Correct (dependency injection):**
+
+```ruby
+class OrderService
+  def initialize(mailer = UserMailer.new)
+    @mailer = mailer
+  end
+
+  def process(order)
+    @mailer.send_confirmation(order.user)
+  end
+end
+
+# In tests:
+# service = OrderService.new(MockMailer.new)
+```
+
+**Tools:** PR review
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C017-no-constructor-logic.md

@@ -0,0 +1,42 @@
+---
+title: No Complex Logic in Constructor
+impact: LOW
+impactDescription: makes objects easy to instantiate and test
+tags: constructor, initialization, testability, quality
+---
+
+## No Complex Logic in Constructor
+
+The `initialize` method should only set up initial state. Avoid performing computations, database queries, or network calls during object construction.
+
+**Incorrect (complex initialize):**
+
+```ruby
+class UserProfile
+  def initialize(user_id)
+    @user = User.find(user_id) # DB query in constructor
+    @stats = RemoteApiService.fetch_stats(user_id) # Network call
+  end
+end
+```
+
+**Correct (simple initialize):**
+
+```ruby
+class UserProfile
+  def initialize(user, stats)
+    @user = user
+    @stats = stats
+  end
+
+  # Use a factory method or dependency injection
+  def self.build(user_id)
+    user = User.find(user_id)
+    stats = RemoteApiService.fetch_stats(user_id)
+    new(user, stats)
+  end
+end
+```
+
+**Tools:** PR review
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C018-generic-errors.md

@@ -0,0 +1,41 @@
+---
+title: Catch Specific Exceptions
+impact: HIGH
+impactDescription: prevents hiding critical system errors and unexpected behavior
+tags: error-handling, maintenance, safety, quality
+---
+
+## Catch Specific Exceptions
+
+Avoid catching the generic `Exception` or `StandardError` classes without a good reason. This can hide bugs and system-level issues like `NoMemoryError` or `SignalException`.
+
+**Incorrect (generic rescue):**
+
+```ruby
+begin
+  do_something
+rescue => e # Rescues StandardError
+  log_error(e)
+end
+
+begin
+  do_something
+rescue Exception => e # Even worse, rescues everything
+  log_error(e)
+end
+```
+
+**Correct (specific rescue):**
+
+```ruby
+begin
+  do_something
+rescue ActiveRecord::RecordNotFound => e
+  handle_missing_record(e)
+rescue JSON::ParserError => e
+  handle_invalid_json(e)
+end
+```
+
+**Tools:** RuboCop (`Style/RescueStandardError`)
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C019-error-log-level.md

@@ -0,0 +1,41 @@
+---
+title: Use Appropriate Log Levels
+impact: MEDIUM
+impactDescription: facilitates effective monitoring and troubleshooting
+tags: logging, observability, monitoring, quality
+---
+
+## Use Appropriate Log Levels
+
+Use the correct log level (`debug`, `info`, `warn`, `error`, `fatal`) to distinguish between operational noise and critical issues.
+
+**Incorrect (misused levels):**
+
+```ruby
+begin
+  process_data
+rescue => e
+  Rails.logger.info "Error happened: #{e.message}" # Error logged as Info
+end
+
+Rails.logger.error "Variable x is #{x}" # Debugging info logged as Error
+```
+
+**Correct (appropriate levels):**
+
+```ruby
+Rails.logger.debug "Processing payload: #{payload}"
+
+begin
+  process_data
+rescue => e
+  Rails.logger.error "Data processing failed: #{e.message}"
+end
+
+if retry_count > 0
+  Rails.logger.warn "Retry attempt #{retry_count} for user #{user_id}"
+end
+```
+
+**Tools:** Manual Review
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C020-no-unused-imports.md

@@ -0,0 +1,36 @@
+---
+title: No Unused Requires
+impact: LOW
+impactDescription: reduces startup time and avoids unnecessary dependencies
+tags: cleanup, maintenance, quality
+---
+
+## No Unused Requires
+
+Avoid requiring libraries or files that are not used in the current file. This clutters the code and may slightly impact load times.
+
+**Incorrect (unused requires):**
+
+```ruby
+require 'json'      # Not used
+require 'net/http'  # Not used
+
+class MyService
+  def call
+    puts "Hello"
+  end
+end
+```
+
+**Correct (clean requires):**
+
+```ruby
+class MyService
+  def call
+    puts "Hello"
+  end
+end
+```
+
+**Tools:** RuboCop
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C022-no-unused-variables.md

@@ -0,0 +1,31 @@
+---
+title: No Unused Variables
+impact: LOW
+impactDescription: reduces confusion and identifies potential logic errors
+tags: cleanup, quality, maintenance
+---
+
+## No Unused Variables
+
+Variables that are declared but never used often indicate a typo or a forgotten piece of logic.
+
+**Incorrect (unused variables):**
+
+```ruby
+def calculate(a, b)
+  result = a + b
+  temp_data = fetch_additional_info # Fetched but never used
+  result
+end
+```
+
+**Correct (clean variables):**
+
+```ruby
+def calculate(a, b)
+  a + b
+end
+```
+
+**Tools:** RuboCop (`Lint/UselessAssignment`)
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C023-no-duplicate-names.md

@@ -0,0 +1,39 @@
+---
+title: Avoid Duplicate Naming
+impact: LOW
+impactDescription: prevents confusion and shadowing
+tags: naming, quality, maintenance
+---
+
+## Avoid Duplicate Naming
+
+Avoid using the same name for local variables, method arguments, and instance variables if it causes confusion or shadowing.
+
+**Incorrect (shadowing/ambiguity):**
+
+```ruby
+class Processor
+  attr_reader :data
+
+  def process(data) # Argument shadows attribute
+    data = data.clean # Shadowing
+    @data = data
+  end
+end
+```
+
+**Correct (distinct names):**
+
+```ruby
+class Processor
+  attr_reader :data
+
+  def process(raw_data)
+    cleaned_data = raw_data.clean
+    @data = cleaned_data
+  end
+end
+```
+
+**Tools:** RuboCop (`Lint/ShadowingOuterLocalVariable`)
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C024-centralize-constants.md

@@ -0,0 +1,35 @@
+---
+title: Centralize Constants
+impact: MEDIUM
+impactDescription: improves maintainability and avoids magic numbers
+tags: constants, maintainability, quality
+---
+
+## Centralize Constants
+
+Avoid hardcoding magic strings and numbers throughout your logic. Define them as constants at the top of the class or in a specific module.
+
+**Incorrect (magic values):**
+
+```ruby
+class User < ApplicationRecord
+  def premium?
+    self.score > 1000 # What is 1000?
+  end
+end
+```
+
+**Correct (constants):**
+
+```ruby
+class User < ApplicationRecord
+  PREMIUM_THRESHOLD = 1000
+
+  def premium?
+    score > PREMIUM_THRESHOLD
+  end
+end
+```
+
+**Tools:** RuboCop
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C029-catch-log-root-cause.md

@@ -0,0 +1,34 @@
+---
+title: Catch and Log Root Cause
+impact: MEDIUM
+impactDescription: facilitates faster debugging and resolution
+tags: error-handling, maintenance, quality
+---
+
+## Catch and Log Root Cause
+
+When catching an error, ensure you log the original error message and backtrace to facilitate debugging.
+
+**Incorrect (losing context):**
+
+```ruby
+begin
+  process_data
+rescue => e
+  Rails.logger.error "Something went wrong" # No root cause logged
+end
+```
+
+**Correct (logging root cause):**
+
+```ruby
+begin
+  process_data
+rescue => e
+  Rails.logger.error "Data processing failed: #{e.message}"
+  Rails.logger.error e.backtrace.join("\n") # Log backtrace for context
+end
+```
+
+**Tools:** Manual Review, Sentry/Honeybadger
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C030-custom-error-classes.md

@@ -0,0 +1,32 @@
+---
+title: Use Custom Error Classes
+impact: LOW
+impactDescription: allows specific rescue blocks and better error hierarchy
+tags: error-handling, architecture, quality
+---
+
+## Use Custom Error Classes
+
+Define specific error classes for your application domain rather than relying on generic ones.
+
+**Incorrect (generic errors):**
+
+```ruby
+def process(amount)
+  raise "Invalid amount" if amount <= 0 # Generic RuntimeError
+end
+```
+
+**Correct (custom errors):**
+
+```ruby
+class PaymentError < StandardError; end
+class InvalidAmountError < PaymentError; end
+
+def process(amount)
+  raise InvalidAmountError, "Amount must be positive" if amount <= 0
+end
+```
+
+**Tools:** PR review
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C033-separate-data-access.md

@@ -0,0 +1,52 @@
+---
+title: Separate Processing and Data Access
+impact: HIGH
+impactDescription: enables testable business logic and better code organization
+tags: separation-of-concerns, repository, service, architecture, quality
+---
+
+## Separate Processing and Data Access
+
+Keep business logic separate from direct database access. Use Service Objects to handle logic and ActiveRecord models primarily for data access and persistence.
+
+**Incorrect (mixed concerns):**
+
+```ruby
+class OrderController < ApplicationController
+  def create
+    # Business logic in controller
+    if params[:amount] > 100
+      discount = params[:amount] * 0.1
+      total = params[:amount] - discount
+    end
+    Order.create(amount: total, user_id: current_user.id)
+  end
+end
+```
+
+**Correct (separated concerns):**
+
+```ruby
+# app/services/create_order_service.rb
+class CreateOrderService
+  def initialize(user, params)
+    @user = user
+    @params = params
+  end
+
+  def call
+    total = calculate_total(@params[:amount])
+    Order.create!(amount: total, user: @user)
+  end
+
+  private
+
+  def calculate_total(amount)
+    return amount if amount <= 100
+    amount * 0.9
+  end
+end
+```
+
+**Tools:** Manual Review
+---

package/skill-assets/sunlint-code-quality/rules/ruby/C035-error-context-logging.md

@@ -0,0 +1,34 @@
+---
+title: Include Context in Error Logging
+impact: MEDIUM
+impactDescription: provides necessary details for triaging issues
+tags: logging, error-handling, maintenance, quality
+---
+
+## Include Context in Error Logging
+
+When an error occurs, include relevant contextual data (IDs, parameters, state) in the log message.
+
+**Incorrect (missing context):**
+
+```ruby
+begin
+  update_profile(params)
+rescue => e
+  Rails.logger.error "Profile update failed: #{e.message}"
+end
+```
+
+**Correct (with context):**
+
+```ruby
+begin
+  update_profile(params)
+rescue => e
+  # Log which record failed and with what data
+  Rails.logger.error "Profile update failed for User ID: #{current_user.id}. Params: #{params.inspect}. Error: #{e.message}"
+end
+```
+
+**Tools:** Manual Review
+---