pumuki-ast-hooks 5.3.19 → 5.3.21

package/docs/RELEASE_NOTES.md

@@ -34,6 +34,41 @@ npm run install-hooks
 
 ---
 
+# Release Notes - v5.3.20
+
+**Release Date**: December 31, 2025  
+**Type**: Patch Release (compatible with 5.3.x)
+**Compatibility**: Fully backward compatible with 5.3.x
+
+---
+
+## 🎯 Overview
+- Removed runtime side-effects in the library: Express/CORS stripped from entry point; `dotenv.config()` removed from config.
+- Fixed syntax in `ast-backend.js` (test block) to ensure lint/parse correctness.
+- Published npm `pumuki-ast-hooks@5.3.20` (tag `latest`).
+
+---
+
+## 🐛 Bug Fixes
+
+### Fixed: Runtime side-effects
+- **Issue**: Library had runtime side-effects due to Express/CORS and `dotenv.config()`.
+- **Resolution**: Removed Express/CORS from entry point and `dotenv.config()` from config.
+- **Impact**: Library no longer has runtime side-effects.
+
+### Fixed: Syntax in `ast-backend.js`
+- **Issue**: Syntax error in `ast-backend.js` (test block) caused lint/parse issues.
+- **Resolution**: Fixed syntax in `ast-backend.js` (test block).
+- **Impact**: `ast-backend.js` now lint/parse correct.
+
+---
+
+## 📚 Documentation
+- CHANGELOG updated with 5.3.20.
+- Installation notes reviewed for safe npm consumption.
+
+---
+
 # Release Notes - v5.3.9
 
 **Release Date**: December 29, 2025  

package/docs/VIOLATIONS_RESOLUTION_PLAN.md

@@ -1,93 +1,97 @@
-# 🚀 Plan de Resolución de Violaciones - ast-intelligence-hooks
+# 🚀 Violations Resolution Plan - ast-intelligence-hooks
 
-## 🧭 Leyenda de Estado (viva)
-- ✅ **Hecho** (tarea completada exitosamente)
-- 🚧 **En construcción** (tarea en progreso)
-- ⏳ **Pendiente** (tarea aún no iniciada)
-- ❌ **Bloqueada** (tarea impedida por dependencias o problemas externos)
-- 🔄 **Revisión** (tarea completada pero pendiente de verificación o ajustes)
+## 🧭 Status Legend (living)
+- ✅ **Done** (task completed successfully)
+- 🚧 **In progress** (task currently being worked on)
+- ⏳ **Pending** (task not started yet)
+- ❌ **Blocked** (task blocked by dependencies or external issues)
+- 🔄 **Review** (completed but pending verification/adjustments)
 
 ---
 
-## 📊 Resumen Ejecutivo
-- **Estado actual:** ⚠️ Acción requerida (91 críticas, 0 altas, 30 medias, 14 bajas)  
-- **Branch:** `fix/audit-staged-severity-case-insensitive`  
-- **Fecha de inicio:** 30/12/2025 — **ETA general:** 15/01/2026  
-- **Objetivo:** Reducir a 0 las CRÍTICAS/HIGH y bajar el total < 20 antes de permitir commits sin bypass.  
-- **Riesgos:**  
-  1) Complejidad al refactorizar excepciones; 2) Dependencias entre módulos/config; 3) Tiempo limitado para instrumentación (Prometheus / audit logging).
+## 📊 Executive Summary
+- **Current status:** ⚠️ Action required (211 critical, 5 high, 122 medium, 185 low)  
+- **Branch:** `feature/add-prometheus-metrics`  
+- **Start date:** 2025-12-30 — **Overall ETA:** 2026-01-15  
+- **Goal:** Reduce CRITICAL/HIGH to 0 and bring total < 20 before allowing commits without bypass.  
+- **Risks:**  
+  1) Exception refactor complexity; 2) Cross-module/config dependencies; 3) Limited time for instrumentation (Prometheus / audit logging).
 
-**Referencias rápidas:**  
+**Quick references:**  
 - [Violations report](../.violations-by-priority.md)  
 - [AST summary JSON](../.audit-reports/latest_ast_summary.json)  
 - [Arquitectura](../ARCHITECTURE.md)  
 
 ---
 
-## 📅 Timeline Visual (fechas estimadas)
+## 📅 Visual Timeline (estimated dates)
 ```mermaid
 gantt
-    title Fases de Resolución de Violaciones
+    title Violations Resolution Phases
     dateFormat  YYYY-MM-DD
-    section Fase 1: CRÍTICAS
-    Excepciones personalizadas       :active,  crit1, 2025-12-30, 4d
-    Separación de entornos           :         crit2, after crit1, 3d
-    Auditoría de seguridad           :         crit3, after crit2, 3d
-    Métricas Prometheus              :         crit4, after crit3, 2d
-    Patrones de confiabilidad        :         crit5, after crit4, 2d
+    section Phase 1: BLOCKERS (CRITICAL + HIGH)
+    Resolve CRITICAL                 :active,  crit1, 2025-12-30, 1d
+    Resolve HIGH                     :         high1, after crit1, 2d
  
-    section Fase 2: HIGH + MEDIUM
-    Corrección HIGH                  :         high1, after crit5, 1d
-    Refactorización MEDIUM           :         med1, after high1, 5d
+    section Phase 2: MEDIUM
+    MEDIUM refactoring               :         med1, after high1, 7d
 
-    section Fase 3: LOW
-    Optimizaciones y documentación   :         low1, after med1, 5d
+    section Phase 3: LOW
+    Optimizations and documentation  :         low1, after med1, 5d
 ```
 
 ---
 
-## 🔴 Fase 1: Violaciones CRÍTICAS (91)
-| Estado | Violación | Cant. | Responsable | DOD (Definition of Done) | Doc |
-|--------|-----------|-------|-------------|--------------------------|-----|
-| 🚧 | backend.observability.missing_prometheus | 45 | BE | Añadir métricas Prometheus a todos los servicios críticos; endpoints /metrics funcionando | [Prometheus](../docs/metrics-monitoring.md) |
-| ⏳ | backend.config.missing_env_separation | 27 | BE | Config por entorno (dev/stg/prod), sin secretos hardcode | [Config entornos](../docs/env-configuration.md) |
-| ⏳ | backend.security.missing_audit_logging | 23 | BE | Audit trail en operaciones sensibles + logs estructurados | [Audit logging](../docs/security-auditing.md) |
-| ⏳ | backend.error.custom_exceptions | 16 | BE | CustomError base + reemplazo de `Error` genérico en BE; tests pasando | [Guía de excepciones](../docs/error-handling.md) |
-| ⏳ | backend.reliability.missing_bulkhead | 10 | BE | Limitadores/aislamiento en puntos críticos + pruebas de carga | [Reliability](../docs/reliability-patterns.md) |
-| ⏳ | backend.event.emitter | 4 | BE | try/catch en manejadores de eventos; manejo de errores robusto | [Eventos](../docs/event-handling.md) |
-| ⏳ | backend.observability.missing_alerting | 3 | SRE | Alertas en métricas críticas; umbrales definidos | [Alerting](../docs/alerting-system.md) |
-| ⏳ | backend.config.missing_validation | 1 | BE | Validación de configuración al inicio | [Config validation](../docs/config-validation.md) |
-| ⏳ | backend.config.missing_env_validation | 1 | BE | Validación de variables de entorno requeridas | [Env validation](../docs/env-validation.md) |
-| ⏳ | backend.database.raw_sql | 1 | BE | Uso de ORM en lugar de raw SQL | [Database](../docs/database-layer.md) |
+## 🔴 Phase 1: BLOCKER Violations (CRITICAL + HIGH)
+| Status | Severity | Count | Owner | DOD (Definition of Done) | Source |
+|--------|-----------|-------|-------------|--------------------------|--------|
+| ⏳ | CRITICAL | 211 | BE | Resolve CRITICAL violations in repository (0 CRITICAL to unblock) | `.audit_tmp/ast-summary.json` / `.violations-by-priority.md` |
+| ⏳ | HIGH | 5 | BE | Resolve HIGH violations in repository (0 HIGH to unblock) | `.audit_tmp/ast-summary.json` / `.violations-by-priority.md` |
 
 ---
 
-## 🟠 Fase 2: Violaciones HIGH + MEDIUM (30)
-| Estado | Violación | Cant. | Responsable | DOD | Doc |
+## 🟠 Phase 2: MEDIUM Violations (122)
+| Status | Violation | Count | Owner | DOD | Doc |
 |--------|-----------|-------|-------------|-----|-----|
-| ✅ | HIGH | 0 | BE | No aplica (repo JS puro sin TS); se documenta enfoque de seguridad de tipos | [Type safety](../docs/type-safety.md) |
-| ⏳ | MEDIUM | 30 | BE | Resolver violaciones de complejidad media restantes | [Medium violations](../docs/medium-violations.md) |
+| ⏳ | MEDIUM | 122 | BE | Resolve remaining medium-complexity violations | [Medium violations](../docs/medium-violations.md) |
 
 ---
 
-## 🔵 Fase 3: Violaciones LOW (14)
-| Estado | Violación | Cant. | Responsable | DOD | Doc |
+## 🔵 Phase 3: LOW Violations (185)
+| Status | Violation | Count | Owner | DOD | Doc |
 |--------|-----------|-------|-------------|-----|-----|
-| ⏳ | LOW | 14 | BE/FE | Resolver violaciones de baja prioridad restantes | [Low violations](../docs/low-violations.md) |
+| ⏳ | LOW | 185 | BE/FE | Resolve remaining low-priority violations | [Low violations](../docs/low-violations.md) |
 
 ---
 
-## 📈 Métricas de Progreso
-| Fase | Total | Completado | % |
-|------|-------|------------|---|
-| CRÍTICAS | 91 | 0 | 0% |
-| HIGH + MEDIUM | 30 | 0 | 0% |
-| LOW | 14 | 0 | 0% |
-| **TOTAL** | **135** | **0** | **0%** |
+## 🎯 Top violations (by volume / impact) — to prioritize within MEDIUM/LOW
+| Priority | Violation | Count | Notes |
+|----------|-----------|-------|------|
+| P1 | backend.error.custom_exceptions | 105 | Typically MEDIUM: refactor to CustomError + replace generic `Error` in backend |
+| P1 | backend.config.missing_env_separation | 81 | Typically MEDIUM: environment-specific config separation |
+| P1 | backend.security.missing_audit_logging | 69 | Typically MEDIUM: audit trail for sensitive operations |
+| P2 | backend.metrics.missing_prometheus | 42 | MEDIUM/LOW depending on rule: service instrumentation |
+| P2 | backend.reliability.missing_bulkhead | 41 | MEDIUM/LOW: bulkheads/timeouts in critical paths |
+| P2 | backend.testing.mocks | 40 | MEDIUM: improve testing strategy |
+| P2 | backend.observability.missing_prometheus | 30 | LOW: observability and dashboards |
+| P3 | backend.event.handler | 26 | LOW: try/catch and resilience |
+| P3 | backend.auth.missing_cors | 17 | LOW: CORS/headers |
+| P3 | backend.event.emitter | 14 | LOW: safe event emitters |
 
-**Riesgos actualizados:**  
-1) Implementación de Prometheus podría requerir cambios de infra; 2) Revisión de seguridad depende de disponibilidad de equipo; 3) Refactorizaciones pueden impactar tiempos.
+---
 
-**Comentarios/Notas colaborativas:**  
-- Añade comentarios bajo cada tabla al cerrar tareas (usa la leyenda para actualizar estados).  
-- Progreso en métricas Prometheus: añadidas a 27 servicios, pero 45 violaciones restantes indican necesidad de más instrumentación.  
+## 📈 Progress Metrics
+| Phase | Total | Completed | % |
+|------|-------|------------|---|
+| BLOCKERS (CRITICAL + HIGH) | 216 | 0 | 0% |
+| MEDIUM | 122 | 0 | 0% |
+| LOW | 185 | 0 | 0% |
+| **TOTAL** | **523** | **0** | **0%** |
+
+**Updated risks:**  
+1) Prometheus implementation may require infra changes; 2) Security review depends on team availability; 3) Refactors may impact timelines.
+
+**Collaborative notes:**  
+- Add notes under each table when closing tasks (use the legend to update status).  
+- Progress on Prometheus metrics: automatic sweep applied over `scripts/hooks-system/application/services/**`; the audit still reports 42 (`backend.metrics.missing_prometheus`) and 30 (`backend.observability.missing_prometheus`) pending.  
+- Last scan (31/12/2025 10:39): 451 files, 523 total violations (211 critical, 5 high, 122 medium, 185 low).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki-ast-hooks",
-  "version": "5.3.19",
+  "version": "5.3.21",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {
@@ -20,7 +20,7 @@
     "hook-plan-review": "./bin/plan-review.js"
   },
   "scripts": {
-    "install-hooks": "npx ast-install",
+    "install-hooks": "node bin/install.js",
     "check-version": "node bin/check-version.js",
     "audit": "node bin/ast",
     "ast": "node bin/ast",
@@ -86,10 +86,16 @@
     "ts-morph": "^21.0.0"
   },
   "devDependencies": {
+    "@babel/generator": "^7.28.5",
+    "@babel/parser": "^7.28.5",
+    "@babel/traverse": "^7.28.5",
     "@pumuki/ast-intelligence-hooks": "file:pumuki-ast-intelligence-hooks-5.3.1.tgz",
     "@types/node": "^20.10.0",
     "eslint": "^9.12.0",
     "jest": "^30.2.0",
+    "jscodeshift": "^17.3.0",
+    "pumuki-ast-hooks": "^5.3.19",
+    "recast": "^0.23.11",
     "typescript": "^5.3.0"
   },
   "files": [
@@ -116,4 +122,4 @@
     "./skills": "./skills/skill-rules.json",
     "./hooks": "./hooks/index.js"
   }
-}
+}

package/scripts/hooks-system/.AI_TOKEN_STATUS.txt

@@ -12,5 +12,5 @@ Source: file
 
 ℹ️  Data is stale. Ensure guards are running and refreshing token usage.
 
-Last updated: 2025-12-30T08:58:22.226Z
+Last updated: 2026-01-02T08:34:46.296Z
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━