pumuki-ast-hooks 5.5.49 → 5.5.50

package/hooks/git-status-monitor.ts

@@ -42,6 +42,7 @@ function getGitStatus(projectDir: string): GitStatus | null {
             hasUncommittedChanges: lines.length > 0
         };
     } catch (err) {
+        console.error(`[git-status-monitor] Failed to read git status: ${(err as Error).message}`);
         return null;
     }
 }
@@ -79,6 +80,7 @@ function detectPlatformFromFiles(projectDir: string): string[] {
             }
         }
     } catch (err) {
+        console.error(`[git-status-monitor] Failed to detect platforms from files: ${(err as Error).message}`);
     }
 
     return platforms.length > 0 ? platforms : ['frontend', 'backend', 'ios', 'android'];
@@ -134,6 +136,7 @@ async function main() {
                     sound: 'Ping'
                 });
             } catch (err) {
+                console.error(`[git-status-monitor] Notification failed (staged): ${(err as Error).message}`);
             }
         } else if (totalChanges > 10) {
             try {
@@ -144,11 +147,13 @@ async function main() {
                     sound: 'Glass'
                 });
             } catch (err) {
+                console.error(`[git-status-monitor] Notification failed (unstaged): ${(err as Error).message}`);
             }
         }
 
         process.exit(0);
     } catch (err) {
+        console.error(`[git-status-monitor] Unexpected error: ${(err as Error).message}`);
         process.exit(0);
     }
 }

package/hooks/notify-macos.ts

@@ -24,6 +24,7 @@ export function sendMacOSNotification(options: NotificationOptions): void {
     try {
         execSync(`osascript -e '${script}'`, { stdio: 'ignore' });
     } catch (err) {
+        console.error(`[notify-macos] Failed to send notification: ${(err as Error).message}`);
     }
 }
 

package/hooks/pre-tool-use-evidence-validator.ts

@@ -235,6 +235,7 @@ async function main() {
                     sound: 'Basso'
                 });
             } catch (err) {
+                process.stderr.write(`Notification failed: ${err instanceof Error ? err.message : String(err)}\n`);
             }
             process.stderr.write(`${validation.error || ''}\n`);
             process.exit(2);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki-ast-hooks",
-  "version": "5.5.49",
+  "version": "5.5.50",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/scripts/hooks-system/.audit_tmp/hook-metrics.jsonl

@@ -102,3 +102,11 @@
 {"timestamp":1767739777882,"hook":"audit_logger","operation":"ensure_dir","status":"started"}
 {"timestamp":1767739777882,"hook":"audit_logger","operation":"ensure_dir","status":"success"}
 {"timestamp":1767739777882,"hook":"audit_logger","operation":"constructor","status":"success","repoRoot":"/Users/juancarlosmerlosalbarracin/Developer/Projects/ast-intelligence-hooks/scripts/hooks-system"}
+{"timestamp":1767772854432,"hook":"audit_logger","operation":"constructor","status":"started","repoRoot":"/Users/juancarlosmerlosalbarracin/Developer/Projects/ast-intelligence-hooks/scripts/hooks-system"}
+{"timestamp":1767772854432,"hook":"audit_logger","operation":"ensure_dir","status":"started"}
+{"timestamp":1767772854432,"hook":"audit_logger","operation":"ensure_dir","status":"success"}
+{"timestamp":1767772854432,"hook":"audit_logger","operation":"constructor","status":"success","repoRoot":"/Users/juancarlosmerlosalbarracin/Developer/Projects/ast-intelligence-hooks/scripts/hooks-system"}
+{"timestamp":1767772971939,"hook":"audit_logger","operation":"constructor","status":"started","repoRoot":"/Users/juancarlosmerlosalbarracin/Developer/Projects/ast-intelligence-hooks/scripts/hooks-system"}
+{"timestamp":1767772971939,"hook":"audit_logger","operation":"ensure_dir","status":"started"}
+{"timestamp":1767772971939,"hook":"audit_logger","operation":"ensure_dir","status":"success"}
+{"timestamp":1767772971939,"hook":"audit_logger","operation":"constructor","status":"success","repoRoot":"/Users/juancarlosmerlosalbarracin/Developer/Projects/ast-intelligence-hooks/scripts/hooks-system"}

package/scripts/hooks-system/application/services/guard/GuardConfig.js

@@ -3,9 +3,11 @@ const AuditLogger = require('../logging/AuditLogger');
 
 class GuardConfig {
     constructor(env = envHelper) {
-        
-        this.auditLogger = new AuditLogger({ repoRoot: process.cwd() });const getNumber = (name, def) =>
+        this.auditLogger = new AuditLogger({ repoRoot: process.cwd() });
+
+        const getNumber = (name, def) =>
             typeof env.getNumber === 'function' ? env.getNumber(name, def) : Number(env[name] || def);
+
         const getBool = (name, def) =>
             typeof env.getBool === 'function' ? env.getBool(name, def) : (env[name] !== 'false');
 

package/scripts/hooks-system/application/services/installation/GitEnvironmentService.js

@@ -128,6 +128,20 @@ if [[ "$CURRENT_BRANCH" == "main" ]] || [[ "$CURRENT_BRANCH" == "master" ]] || [
   exit 1
 fi
 
+# Enforce Git Flow checks (strict) before allowing commit
+ENFORCER_SCRIPT="scripts/hooks-system/infrastructure/shell/gitflow/gitflow-enforcer.sh"
+if [[ -f "$ENFORCER_SCRIPT" ]]; then
+  echo ""
+  echo "🔍 Running Git Flow checks (strict)..."
+  echo ""
+  if ! GITFLOW_STRICT_CHECK=true bash "$ENFORCER_SCRIPT" check; then
+    echo ""
+    echo "🚨 COMMIT BLOCKED: Git Flow checks failed"
+    echo ""
+    exit 1
+  fi
+fi
+
 # Check if there are staged files
 STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM 2>/dev/null | grep -E '\\.(ts|tsx|js|jsx|swift|kt)$' || true)
 if [ -z "$STAGED_FILES" ]; then
@@ -263,10 +277,14 @@ fi
 # Run gitflow-enforcer if available (optional validation)
 ENFORCER_SCRIPT="scripts/hooks-system/infrastructure/shell/gitflow/gitflow-enforcer.sh"
 if [[ -f "$ENFORCER_SCRIPT" ]]; then
-  if ! bash "$ENFORCER_SCRIPT" check 2>/dev/null; then
+  echo ""
+  echo "🔍 Running Git Flow checks (strict)..."
+  echo ""
+  if ! GITFLOW_STRICT_CHECK=true bash "$ENFORCER_SCRIPT" check; then
     echo ""
-    echo "⚠️  Git Flow check completed with warnings (non-blocking)"
+    echo "🚨 PUSH BLOCKED: Git Flow checks failed"
     echo ""
+    exit 1
   fi
 fi
 

package/scripts/hooks-system/infrastructure/ast/ast-core.js

@@ -45,6 +45,18 @@ function getRepoRoot() {
  */
 function shouldIgnore(file) {
   const p = file.replace(/\\/g, "/");
+  try {
+    const configPaths = loadExclusions()?.exclusions?.paths;
+    if (configPaths && typeof configPaths === 'object') {
+      for (const [key, enabled] of Object.entries(configPaths)) {
+        if (enabled && p.includes(key)) return true;
+      }
+    }
+  } catch (error) {
+    if (process.env.DEBUG) {
+      console.debug(`[ast-core] Failed to load exclusions for shouldIgnore: ${error.message || String(error)}`);
+    }
+  }
   if (p.includes("node_modules/")) return true;
   if (p.includes("/.next/")) return true;
   if (p.includes("/dist/")) return true;
@@ -125,7 +137,7 @@ let exclusionsConfig = null;
 function loadExclusions() {
   if (exclusionsConfig) return exclusionsConfig;
   try {
-    const configPath = path.join(__dirname, '../../config/ast-exclusions.json');
+    const configPath = path.join(getRepoRoot(), 'config', 'ast-exclusions.json');
     if (fs.existsSync(configPath)) {
       exclusionsConfig = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
     }

package/scripts/hooks-system/infrastructure/ast/ast-intelligence.js

@@ -22,7 +22,7 @@ function formatLocalTimestamp(date = new Date()) {
 }
 
 const astModulesPath = __dirname;
-const { createProject, platformOf, mapToLevel } = require(path.join(astModulesPath, "ast-core"));
+const { createProject, platformOf, mapToLevel, shouldIgnore: coreShouldIgnore } = require(path.join(astModulesPath, "ast-core"));
 const MacOSNotificationAdapter = require(path.join(__dirname, '../adapters/MacOSNotificationAdapter'));
 const { runBackendIntelligence } = require(path.join(astModulesPath, "backend/ast-backend"));
 const { runFrontendIntelligence } = require(path.join(astModulesPath, "frontend/ast-frontend"));
@@ -138,8 +138,6 @@ function runProjectHardcodedThresholdAudit(root, allFiles, findings) {
     if (p.includes('/build/')) return true;
     if (p.includes('/coverage/')) return true;
     if (p.includes('/.audit_tmp/')) return true;
-    if (p.includes('/infrastructure/ast/')) return true;
-    if (p.includes('/scripts/hooks-system/')) return true;
     return false;
   };
 
@@ -706,6 +704,7 @@ function listSourceFiles(root) {
  */
 function shouldIgnore(file) {
   const p = file.replace(/\\/g, "/");
+  if (typeof coreShouldIgnore === 'function' && coreShouldIgnore(p)) return true;
   if (p.includes("node_modules/")) return true;
   if (p.includes("/.cursor/")) return true;
   if (/\.bak/i.test(p)) return true;

package/scripts/hooks-system/infrastructure/ast/backend/ast-backend.js

@@ -126,13 +126,10 @@ function runBackendIntelligence(project, findings, platform) {
         return;
       }
       // NO excluir archivos AST - la librería debe auto-auditarse
-      if (isTestFile(filePath)) return;
-
       sf.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
         const className = cls.getName() || '';
         const isValueObject = /Metrics|ValueObject|VO$|Dto$|Entity$/.test(className);
-        const isTestClass = /Spec$|Test$|Mock/.test(className);
-        if (isValueObject || isTestClass) return;
+        if (isValueObject) return;
 
         const methodsCount = cls.getMethods().length;
         const propertiesCount = cls.getProperties().length;

package/scripts/hooks-system/infrastructure/ast/backend/detectors/god-class-detector.js

@@ -7,8 +7,7 @@ function analyzeGodClasses(sourceFile, findings, { SyntaxKind, pushFinding, godC
     sourceFile.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
         const className = cls.getName() || '';
         const isValueObject = /Metrics|ValueObject|VO$|Dto$|Entity$/.test(className);
-        const isTestClass = /Spec$|Test$|Mock/.test(className);
-        if (isValueObject || isTestClass) return;
+        if (isValueObject) return;
 
         const methodsCount = cls.getMethods().length;
         const propertiesCount = cls.getProperties().length;

package/scripts/hooks-system/infrastructure/ast/ios/analyzers/iOSEnterpriseAnalyzer.js

@@ -1,7 +1,7 @@
 const path = require('path');
 const fs = require('fs').promises;
 const { SourceKittenParser } = require('../parsers/SourceKittenParser');
-const { pushFinding, mapToLevel } = require(path.join(__dirname, '../../ast-core'));
+const checks = require('./iOSEnterpriseChecks');
 
 class iOSEnterpriseAnalyzer {
   constructor() {
@@ -9,230 +9,6 @@ class iOSEnterpriseAnalyzer {
     this.findings = [];
   }
 
-  async analyzeFile(filePath, findings) {
-    this.findings = findings;
-
-    try {
-      const ast = await this.parser.parseFile(filePath);
-
-      if (!ast.parsed) {
-        console.warn(`[iOS Enterprise] Could not parse ${filePath}: ${ast.error}`);
-        return;
-      }
-
-      const content = await fs.readFile(filePath, 'utf-8');
-
-      const classes = this.parser.extractClasses(ast);
-      const functions = this.parser.extractFunctions(ast);
-      const properties = this.parser.extractProperties(ast);
-      const protocols = this.parser.extractProtocols(ast);
-
-      await this.analyzeSwiftModerno(ast, content, filePath);
-      await this.analyzeSwiftUI(ast, classes, filePath);
-      await this.analyzeUIKit(ast, classes, filePath);
-      await this.analyzeProtocolOriented(protocols, filePath);
-      await this.analyzeValueTypes(classes, filePath);
-      await this.analyzeMemoryManagement(content, filePath);
-      await this.analyzeOptionals(content, filePath);
-      await this.analyzeDependencyInjection(classes, filePath);
-      await this.analyzeNetworking(content, filePath);
-      await this.analyzePersistence(content, filePath);
-      await this.analyzeCombine(content, filePath);
-      await this.analyzeConcurrency(content, filePath);
-      await this.analyzeTesting(content, filePath);
-      await this.analyzeUITesting(content, filePath);
-      await this.analyzeSecurity(content, filePath);
-      await this.analyzeAccessibility(content, filePath);
-      await this.analyzeLocalization(content, filePath);
-      await this.analyzeArchitecturePatterns(classes, functions, filePath);
-      await this.analyzePerformance(functions, content, filePath);
-      await this.analyzeCodeOrganization(filePath, content);
-
-    } catch (error) {
-      console.error(`[iOS Enterprise] Error analyzing ${filePath}:`, error.message);
-    }
-  }
-
-  async analyzeSwiftModerno(ast, content, filePath) {
-    if (content.includes('completion:') && !content.includes('async ')) {
-      this.addFinding('ios.async_await_missing', 'medium', filePath, 1,
-        'Using completion handlers instead of async/await (Swift 5.9+ required)');
-    }
-
-    const taskCount = (content.match(/\bTask\s*\{/g) || []).length;
-    if (taskCount > 3 && !content.includes('TaskGroup')) {
-      this.addFinding('ios.structured_concurrency_missing', 'medium', filePath, 1,
-        `Multiple Task blocks (${taskCount}) without TaskGroup - use structured concurrency`);
-    }
-
-    if (content.includes('actor ') && !content.includes(': Sendable')) {
-      this.addFinding('ios.sendable_missing', 'low', filePath, 1,
-        'Actor should conform to Sendable protocol for thread-safe types');
-    }
-
-    if (content.includes('func ') && content.includes('-> View') && !content.includes('some View')) {
-      this.addFinding('ios.opaque_types_missing', 'low', filePath, 1,
-        'Use "some View" instead of explicit View protocol return');
-    }
-
-    if (content.includes('UIViewController') && !content.includes('@State') && !content.includes('@Binding')) {
-      this.addFinding('ios.property_wrappers_missing', 'info', filePath, 1,
-        'Consider using SwiftUI property wrappers (@State, @Binding) for state management');
-    }
-
-    const functions = this.parser.extractFunctions(ast);
-    functions.forEach(fn => {
-      if (fn.name.includes('Array') || fn.name.includes('Collection')) {
-        if (!content.includes('<T>') && !content.includes('<Element>')) {
-          this.addFinding('ios.generics_missing', 'low', filePath, fn.line,
-            `Function ${fn.name} should use generics for type safety`);
-        }
-      }
-    });
-  }
-
-  async analyzeSwiftUI(ast, classes, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-    const usesSwiftUI = this.parser.usesSwiftUI(ast);
-    const usesUIKit = this.parser.usesUIKit(ast);
-
-    if (usesUIKit && !usesSwiftUI) {
-      this.addFinding('ios.swiftui_first', 'medium', filePath, 1,
-        'Consider migrating to SwiftUI for new views (UIKit only when strictly necessary)');
-    }
-
-    if (usesSwiftUI) {
-      if (!content.includes('@State')) {
-        this.addFinding('ios.state_local_missing', 'info', filePath, 1,
-          'SwiftUI view without @State - consider if local state is needed');
-      }
-
-      if (content.includes('ObservableObject') && !content.includes('@StateObject')) {
-        this.addFinding('ios.stateobject_missing', 'high', filePath, 1,
-          'ObservableObject should be owned with @StateObject, not @ObservedObject');
-      }
-
-      if (content.includes('class') && content.includes('ObservableObject') && !content.includes('@EnvironmentObject')) {
-        this.addFinding('ios.environmentobject_missing', 'info', filePath, 1,
-          'Consider using @EnvironmentObject for dependency injection in SwiftUI');
-      }
-
-      if (content.includes('.frame(') && content.includes('CGRect(')) {
-        this.addFinding('ios.declarativo_missing', 'medium', filePath, 1,
-          'Using imperative CGRect in SwiftUI - use declarative .frame() modifiers');
-      }
-
-      const geometryReaderCount = (content.match(/GeometryReader/g) || []).length;
-      if (geometryReaderCount > 2) {
-        this.addFinding('ios.geometryreader_moderation', 'medium', filePath, 1,
-          `Excessive GeometryReader usage (${geometryReaderCount}x) - use only when necessary`);
-      }
-    }
-  }
-
-  async analyzeUIKit(ast, classes, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-
-    classes.forEach(cls => {
-      if (cls.name.includes('ViewController')) {
-        const linesCount = cls.substructure.length * 10;
-        if (linesCount > 300) {
-          this.addFinding('ios.massive_viewcontrollers', 'high', filePath, cls.line,
-            `Massive ViewController ${cls.name} (~${linesCount} lines) - break down into smaller components`);
-        }
-
-        if (!content.includes('ViewModel')) {
-          this.addFinding('ios.uikit.viewmodel_delegation', 'medium', filePath, cls.line,
-            `ViewController ${cls.name} should delegate logic to ViewModel (MVVM pattern)`);
-        }
-      }
-    });
-
-    if (filePath.endsWith('.swift') && !filePath.includes('analyzer') && !filePath.includes('detector')) {
-      if (content.includes('storyboard') || content.includes('.xib') || content.includes('.nib')) {
-        this.addFinding('ios.storyboards', 'high', filePath, 1,
-          'Storyboard/XIB detected - use programmatic UI for better version control');
-      }
-    }
-  }
-
-  async analyzeProtocolOriented(protocols, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-
-    if (protocols.length > 0 && !content.includes('extension ')) {
-      this.addFinding('ios.pop.missing_extensions', 'low', filePath, 1,
-        'Protocols detected but no extensions - consider protocol extensions for default implementations');
-    }
-
-    if (content.includes('class ') && content.includes(': ')) {
-      const inheritanceCount = (content.match(/class\s+\w+\s*:\s*\w+/g) || []).length;
-      if (inheritanceCount > 2) {
-        this.addFinding('ios.pop.missing_composition_over_inheritance', 'medium', filePath, 1,
-          `Excessive class inheritance (${inheritanceCount}x) - prefer protocol composition`);
-      }
-    }
-  }
-
-  async analyzeValueTypes(classes, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-
-    classes.forEach(cls => {
-      if (!cls.inheritedTypes.length && !content.includes('ObservableObject')) {
-        this.addFinding('ios.values.classes_instead_structs', 'medium', filePath, cls.line,
-          `Class ${cls.name} without inheritance - consider struct for value semantics`);
-      }
-    });
-
-    const varCount = (content.match(/\bvar\s+/g) || []).length;
-    const letCount = (content.match(/\blet\s+/g) || []).length;
-    if (varCount > letCount) {
-      this.addFinding('ios.values.mutability', 'low', filePath, 1,
-        `More var (${varCount}) than let (${letCount}) - prefer immutability`);
-    }
-  }
-
-  async analyzeMemoryManagement(content, filePath) {
-    const closureMatches = content.match(/\{\s*\[/g);
-    const weakSelfMatches = content.match(/\[weak self\]/g);
-    if (closureMatches && closureMatches.length > (weakSelfMatches?.length || 0)) {
-      this.addFinding('ios.memory.missing_weak_self', 'high', filePath, 1,
-        'Closures without [weak self] - potential retain cycles');
-    }
-
-    if (content.includes('self.') && content.includes('{') && !content.includes('[weak self]')) {
-      this.addFinding('ios.memory.retain_cycles', 'high', filePath, 1,
-        'Potential retain cycle - closure captures self without [weak self]');
-    }
-
-    if (content.includes('class ') && !content.includes('deinit')) {
-      this.addFinding('ios.memory.missing_deinit', 'low', filePath, 1,
-        'Class without deinit - consider adding for cleanup verification');
-    }
-  }
-
-  async analyzeOptionals(content, filePath) {
-    const forceUnwraps = content.match(/(\w+)\s*!/g);
-    if (forceUnwraps && forceUnwraps.length > 0) {
-      const nonIBOutlets = forceUnwraps.filter(match => !content.includes(`@IBOutlet`));
-      if (nonIBOutlets.length > 0) {
-        this.addFinding('ios.force_unwrapping', 'high', filePath, 1,
-          `Force unwrapping (!) detected ${nonIBOutlets.length}x - use if let or guard let`);
-      }
-    }
-
-    const ifLetCount = (content.match(/if\s+let\s+/g) || []).length;
-    const guardLetCount = (content.match(/guard\s+let\s+/g) || []).length;
-    if (ifLetCount === 0 && guardLetCount === 0 && content.includes('?')) {
-      this.addFinding('ios.optionals.optional_binding', 'medium', filePath, 1,
-        'Optionals present but no optional binding - use if let or guard let');
-    }
-
-    if (content.includes('?') && !content.includes('??')) {
-      this.addFinding('ios.optionals.missing_nil_coalescing', 'info', filePath, 1,
-        'Consider using nil coalescing operator (??) for default values');
-    }
-  }
-
   addFinding(ruleId, severity, filePath, line, message) {
     this.findings.push({
       ruleId,
@@ -244,180 +20,41 @@ class iOSEnterpriseAnalyzer {
     });
   }
 
-  async analyzeDependencyInjection(classes, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-
-    if (content.includes('.shared') || content.includes('static let shared')) {
-      this.addFinding('ios.di.singleton_usage', 'high', filePath, 1,
-        'Singleton detected - use dependency injection instead');
-    }
-
-    classes.forEach(cls => {
-      if (cls.name.includes('ViewModel') || cls.name.includes('Service')) {
-        const hasInit = content.includes(`init(`);
-        if (!hasInit) {
-          this.addFinding('ios.di.missing_protocol_injection', 'medium', filePath, cls.line,
-            `${cls.name} should inject dependencies via initializer`);
-        }
-      }
-    });
-
-    if (content.includes('init(') && content.match(/init\([^)]{50,}\)/)) {
-      this.addFinding('ios.di.missing_factory', 'low', filePath, 1,
-        'Complex initialization - consider factory pattern');
-    }
-  }
-
-  async analyzeNetworking(content, filePath) {
-    if (String(filePath || '').endsWith('/Package.swift') || String(filePath || '').endsWith('Package.swift')) {
-      return;
-    }
-    if (!content.includes('URLSession') && !content.includes('Alamofire')) {
-      if (content.includes('http://') || content.includes('https://')) {
-        this.addFinding('ios.networking.missing_urlsession', 'high', filePath, 1,
-          'Network URLs detected but no URLSession/Alamofire usage');
+  async analyzeFile(filePath, findings) {
+    this.findings = findings;
+    try {
+      const ast = await this.parser.parseFile(filePath);
+      if (!ast.parsed) {
+        console.warn(`[iOS Enterprise] Could not parse ${filePath}: ${ast.error}`);
+        return;
       }
-    }
-
-    if (content.includes('URLSession') && content.includes('completionHandler:') && !content.includes('async')) {
-      this.addFinding('ios.networking.completion_handlers_instead_async', 'medium', filePath, 1,
-        'Using completion handlers with URLSession - migrate to async/await');
-    }
-
-    if (content.includes('JSONSerialization') && !content.includes('Codable')) {
-      this.addFinding('ios.networking.missing_codable', 'medium', filePath, 1,
-        'Manual JSON parsing - use Codable for type safety');
-    }
-
-    if (content.includes('URLSession') && !content.includes('NetworkError')) {
-      this.addFinding('ios.networking.missing_error_handling', 'high', filePath, 1,
-        'Network code without custom NetworkError enum');
-    }
-
-    // Check for SSL pinning implementation
-    const hasSSLPinningImplementation =
-      content.includes('serverTrustPolicy') ||
-      content.includes('pinning') ||
-      (content.includes('URLSessionDelegate') && content.includes('URLAuthenticationChallenge'));
-
-    if (content.includes('URLSession') && !hasSSLPinningImplementation) {
-      this.addFinding('ios.networking.missing_ssl_pinning', 'medium', filePath, 1,
-        'Consider SSL pinning for high-security apps');
-    }
-
-    if (content.includes('URLSession') && !content.includes('retry')) {
-      this.addFinding('ios.networking.missing_retry', 'low', filePath, 1,
-        'Network requests without retry logic');
-    }
-  }
-
-  async analyzePersistence(content, filePath) {
-    if (content.includes('UserDefaults') && (content.includes('password') || content.includes('token') || content.includes('auth'))) {
-      this.addFinding('ios.persistence.userdefaults_sensitive', 'critical', filePath, 1,
-        'Sensitive data in UserDefaults - use Keychain instead');
-    }
-
-    if ((content.includes('password') || content.includes('token')) && !content.includes('Keychain') && !content.includes('Security')) {
-      this.addFinding('ios.persistence.missing_keychain', 'critical', filePath, 1,
-        'Sensitive data detected but no Keychain usage');
-    }
 
-    if (content.includes('NSManagedObjectContext') && content.includes('.main')) {
-      this.addFinding('ios.persistence.core_data_on_main', 'high', filePath, 1,
-        'Core Data operations on main thread - use background context');
-    }
-
-    if (content.includes('NSPersistentContainer') && !content.includes('NSMigrationManager')) {
-      this.addFinding('ios.persistence.missing_migration', 'medium', filePath, 1,
-        'Core Data without migration strategy');
-    }
-  }
-
-  async analyzeCombine(content, filePath) {
-    if (content.includes('.sink(') && !content.includes('AnyCancellable')) {
-      this.addFinding('ios.combine.missing_cancellables', 'high', filePath, 1,
-        'Combine sink without storing AnyCancellable - memory leak');
-    }
-
-    if (content.includes('@Published') && !content.includes('import Combine')) {
-      this.addFinding('ios.combine.published_without_combine', 'high', filePath, 1,
-        '@Published used but Combine not imported');
-    }
-
-    if (content.includes('.sink(') && !content.includes('receiveCompletion')) {
-      this.addFinding('ios.combine.error_handling', 'medium', filePath, 1,
-        'Combine subscriber without error handling (receiveCompletion)');
-    }
-
-    if (content.includes('Future<') && !content.includes('async')) {
-      this.addFinding('ios.combine.prefer_async_await', 'low', filePath, 1,
-        'Combine Future for single value - consider async/await instead');
-    }
-  }
-
-  async analyzeConcurrency(content, filePath) {
-    if (content.includes('DispatchQueue') && !content.includes('async func')) {
-      this.addFinding('ios.concurrency.dispatchqueue_old', 'medium', filePath, 1,
-        'Using DispatchQueue - prefer async/await for new code');
-    }
-
-    if (content.includes('DispatchQueue.main') && content.includes('UI')) {
-      this.addFinding('ios.concurrency.missing_mainactor', 'medium', filePath, 1,
-        'Manual main thread dispatch - use @MainActor annotation');
-    }
-
-    if (content.includes('Task {') && !content.includes('.cancel()') && !content.includes('Task.isCancelled')) {
-      this.addFinding('ios.concurrency.task_cancellation', 'low', filePath, 1,
-        'Task without cancellation handling');
-    }
-
-    if (content.includes('var ') && content.includes('queue') && !content.includes('actor')) {
-      this.addFinding('ios.concurrency.actor_missing', 'medium', filePath, 1,
-        'Manual synchronization with queue - consider actor for thread safety');
-    }
-  }
-
-  async analyzeTesting(content, filePath) {
-    if (filePath.includes('Test') && !content.includes('XCTest') && !content.includes('Quick')) {
-      this.addFinding('ios.testing.missing_xctest', 'high', filePath, 1,
-        'Test file without XCTest or Quick import');
-    }
-
-    if (filePath.includes('Test') && !content.includes('makeSUT') && content.includes('func test')) {
-      this.addFinding('ios.testing.missing_makesut', 'medium', filePath, 1,
-        'Test without makeSUT pattern - centralize system under test creation');
-    }
-
-    if (filePath.includes('Test') && !content.includes('trackForMemoryLeaks') && content.includes('class')) {
-      this.addFinding('ios.testing.missing_memory_leak_tracking', 'medium', filePath, 1,
-        'Test without trackForMemoryLeaks helper');
-    }
-
-    if (filePath.includes('Test') && content.includes('init(') && !content.includes('Protocol')) {
-      this.addFinding('ios.testing.concrete_dependencies', 'medium', filePath, 1,
-        'Test using concrete dependencies - inject protocols for testability');
-    }
-  }
-
-  async analyzeUITesting(content, filePath) {
-    if (filePath.includes('UITest') && !content.includes('XCUIApplication')) {
-      this.addFinding('ios.uitesting.missing_xcuitest', 'high', filePath, 1,
-        'UI test file without XCUIApplication');
-    }
-
-    if (filePath.includes('UITest') && !content.includes('accessibilityIdentifier')) {
-      this.addFinding('ios.uitesting.missing_accessibility', 'medium', filePath, 1,
-        'UI test without accessibility identifiers for element location');
-    }
-
-    if (filePath.includes('UITest') && content.includes('XCUIElement') && !content.includes('Page')) {
-      this.addFinding('ios.uitesting.missing_page_object', 'low', filePath, 1,
-        'UI test without Page Object pattern for encapsulation');
-    }
-
-    if (filePath.includes('UITest') && content.includes('.tap()') && !content.includes('waitForExistence')) {
-      this.addFinding('ios.uitesting.missing_wait', 'high', filePath, 1,
-        'UI test tapping without waitForExistence - flaky test');
+      const content = await fs.readFile(filePath, 'utf-8');
+      const classes = this.parser.extractClasses(ast) || [];
+      const functions = this.parser.extractFunctions(ast) || [];
+      const protocols = this.parser.extractProtocols(ast) || [];
+      const usesSwiftUI = typeof this.parser.usesSwiftUI === 'function' ? this.parser.usesSwiftUI(ast) : false;
+      const usesUIKit = typeof this.parser.usesUIKit === 'function' ? this.parser.usesUIKit(ast) : false;
+
+      const add = (ruleId, severity, line, message) =>
+        this.addFinding(ruleId, severity, filePath, line, message);
+
+      checks.analyzeSwiftModerno({ content, functions, filePath, addFinding: add });
+      checks.analyzeSwiftUI({ usesSwiftUI, usesUIKit, content, classes, filePath, addFinding: add });
+      checks.analyzeUIKit({ classes, content, filePath, addFinding: add });
+      checks.analyzeProtocolOriented({ protocols, content, filePath, addFinding: add });
+      checks.analyzeValueTypes({ classes, content, filePath, addFinding: add });
+      checks.analyzeMemoryManagement({ content, filePath, addFinding: add });
+      checks.analyzeOptionals({ content, filePath, addFinding: add });
+      checks.analyzeDependencyInjection({ classes, content, filePath, addFinding: add });
+      checks.analyzeNetworking({ content, filePath, addFinding: add });
+      checks.analyzePersistence({ content, filePath, addFinding: add });
+      checks.analyzeCombine({ content, filePath, addFinding: add });
+      checks.analyzeConcurrency({ content, filePath, addFinding: add });
+      checks.analyzeTesting({ content, filePath, addFinding: add });
+      checks.analyzeUITesting({ content, filePath, addFinding: add });
+    } catch (error) {
+      console.error(`[iOS Enterprise] Error analyzing ${filePath}:`, error.message);
     }
   }
 

package/scripts/hooks-system/infrastructure/ast/ios/analyzers/iOSEnterpriseChecks.js

@@ -0,0 +1,350 @@
+function analyzeSwiftModerno({ content, functions = [], filePath, addFinding }) {
+    if (content.includes('completion:') && !content.includes('async ')) {
+        addFinding('ios.async_await_missing', 'medium', filePath, 1,
+            'Using completion handlers instead of async/await (Swift 5.9+ required)');
+    }
+
+    const taskCount = (content.match(/\bTask\s*\{/g) || []).length;
+    if (taskCount > 3 && !content.includes('TaskGroup')) {
+        addFinding('ios.structured_concurrency_missing', 'medium', filePath, 1,
+            `Multiple Task blocks (${taskCount}) without TaskGroup - use structured concurrency`);
+    }
+
+    if (content.includes('actor ') && !content.includes(': Sendable')) {
+        addFinding('ios.sendable_missing', 'low', filePath, 1,
+            'Actor should conform to Sendable protocol for thread-safe types');
+    }
+
+    if (content.includes('func ') && content.includes('-> View') && !content.includes('some View')) {
+        addFinding('ios.opaque_types_missing', 'low', filePath, 1,
+            'Use "some View" instead of explicit View protocol return');
+    }
+
+    if (content.includes('UIViewController') && !content.includes('@State') && !content.includes('@Binding') && !content.includes('@ObservedObject')) {
+        addFinding('ios.property_wrappers_missing', 'info', filePath, 1,
+            'Consider using SwiftUI property wrappers (@State, @Binding, @ObservedObject) for state management');
+    }
+
+    const extractedFunctions = parser.extractFunctions ? parser.extractFunctions({ parsed: true }) || [] : [];
+    extractedFunctions.forEach(fn => {
+        if (fn.name.includes('Array') || fn.name.includes('Collection')) {
+            if (!content.includes('<T>') && !content.includes('<Element>')) {
+                addFinding('ios.generics_missing', 'low', filePath, fn.line,
+                    `Function ${fn.name} should use generics for type safety`);
+            }
+        }
+    });
+}
+
+async function analyzeSwiftUI({ usesSwiftUI, usesUIKit, content, classes, filePath, addFinding }) {
+    if (usesUIKit && !usesSwiftUI) {
+        addFinding('ios.swiftui_first', 'medium', filePath, 1,
+            'Consider migrating to SwiftUI for new views (UIKit only when strictly necessary)');
+    }
+
+    if (usesSwiftUI) {
+        if (!content.includes('@State')) {
+            addFinding('ios.state_local_missing', 'info', filePath, 1,
+                'SwiftUI view without @State - consider if local state is needed');
+        }
+
+        if (content.includes('ObservableObject') && !content.includes('@StateObject')) {
+            addFinding('ios.stateobject_missing', 'high', filePath, 1,
+                'ObservableObject should be owned with @StateObject, not @ObservedObject');
+        }
+
+        if (content.includes('class') && content.includes('ObservableObject') && !content.includes('@EnvironmentObject')) {
+            addFinding('ios.environmentobject_missing', 'info', filePath, 1,
+                'Consider using @EnvironmentObject for dependency injection in SwiftUI');
+        }
+
+        if (content.includes('.frame(') && content.includes('CGRect(')) {
+            addFinding('ios.declarativo_missing', 'medium', filePath, 1,
+                'Using imperative CGRect in SwiftUI - use declarative .frame() modifiers');
+        }
+
+        const geometryReaderCount = (content.match(/GeometryReader/g) || []).length;
+        if (geometryReaderCount > 2) {
+            addFinding('ios.geometryreader_moderation', 'medium', filePath, 1,
+                `Excessive GeometryReader usage (${geometryReaderCount}x) - use only when necessary`);
+        }
+    }
+}
+
+async function analyzeUIKit({ classes, content, filePath, addFinding }) {
+    classes.forEach(cls => {
+        if (cls.name.includes('ViewController')) {
+            const linesCount = cls.substructure.length * 10;
+            if (linesCount > 300) {
+                addFinding('ios.massive_viewcontrollers', 'high', filePath, cls.line,
+                    `Massive ViewController ${cls.name} (~${linesCount} lines) - break down into smaller components`);
+            }
+
+            if (!content.includes('ViewModel')) {
+                addFinding('ios.uikit.viewmodel_delegation', 'medium', filePath, cls.line,
+                    `ViewController ${cls.name} should delegate logic to ViewModel (MVVM pattern)`);
+            }
+        }
+    });
+
+    if (filePath.endsWith('.swift') && !filePath.includes('analyzer') && !filePath.includes('detector')) {
+        if (content.includes('storyboard') || content.includes('.xib') || content.includes('.nib')) {
+            addFinding('ios.storyboards', 'high', filePath, 1,
+                'Storyboard/XIB detected - use programmatic UI for better version control');
+        }
+    }
+}
+
+async function analyzeProtocolOriented({ protocols, content, filePath, addFinding }) {
+    if (protocols.length > 0 && !content.includes('extension ')) {
+        addFinding('ios.pop.missing_extensions', 'low', filePath, 1,
+            'Protocols detected but no extensions - consider protocol extensions for default implementations');
+    }
+
+    if (content.includes('class ') && content.includes(': ')) {
+        const inheritanceCount = (content.match(/class\s+\w+\s*:\s*\w+/g) || []).length;
+        if (inheritanceCount > 2) {
+            addFinding('ios.pop.missing_composition_over_inheritance', 'medium', filePath, 1,
+                `Excessive class inheritance (${inheritanceCount}x) - prefer protocol composition`);
+        }
+    }
+}
+
+async function analyzeValueTypes({ classes, content, filePath, addFinding }) {
+    classes.forEach(cls => {
+        if (!cls.inheritedTypes.length && !content.includes('ObservableObject')) {
+            addFinding('ios.values.classes_instead_structs', 'medium', filePath, cls.line,
+                `Class ${cls.name} without inheritance - consider struct for value semantics`);
+        }
+    });
+
+    const varCount = (content.match(/\bvar\s+/g) || []).length;
+    const letCount = (content.match(/\blet\s+/g) || []).length;
+    if (varCount > letCount) {
+        addFinding('ios.values.mutability', 'low', filePath, 1,
+            `More var (${varCount}) than let (${letCount}) - prefer immutability`);
+    }
+}
+
+function analyzeMemoryManagement({ content, filePath, addFinding }) {
+    const closureMatches = content.match(/\{\s*\[/g);
+    const weakSelfMatches = content.match(/\[weak self\]/g);
+    if (closureMatches && closureMatches.length > (weakSelfMatches?.length || 0)) {
+        addFinding('ios.memory.missing_weak_self', 'high', filePath, 1,
+            'Closures without [weak self] - potential retain cycles');
+    }
+
+    if (content.includes('self.') && content.includes('{') && !content.includes('[weak self]')) {
+        addFinding('ios.memory.retain_cycles', 'high', filePath, 1,
+            'Potential retain cycle - closure captures self without [weak self]');
+    }
+
+    if (content.includes('class ') && !content.includes('deinit')) {
+        addFinding('ios.memory.missing_deinit', 'low', filePath, 1,
+            'Class without deinit - consider adding for cleanup verification');
+    }
+}
+
+function analyzeOptionals({ content, filePath, addFinding }) {
+    const forceUnwraps = content.match(/(\w+)\s*!/g);
+    if (forceUnwraps && forceUnwraps.length > 0) {
+        const nonIBOutlets = forceUnwraps.filter(match => !content.includes(`@IBOutlet`));
+        if (nonIBOutlets.length > 0) {
+            addFinding('ios.force_unwrapping', 'high', filePath, 1,
+                `Force unwrapping (!) detected ${nonIBOutlets.length}x - use if let or guard let`);
+        }
+    }
+
+    const ifLetCount = (content.match(/if\s+let\s+/g) || []).length;
+    const guardLetCount = (content.match(/guard\s+let\s+/g) || []).length;
+    if (ifLetCount === 0 && guardLetCount === 0 && content.includes('?')) {
+        addFinding('ios.optionals.optional_binding', 'medium', filePath, 1,
+            'Optionals present but no optional binding - use if let or guard let');
+    }
+
+    if (content.includes('?') && !content.includes('??')) {
+        addFinding('ios.optionals.missing_nil_coalescing', 'info', filePath, 1,
+            'Consider using nil coalescing operator (??) for default values');
+    }
+}
+
+async function analyzeDependencyInjection({ classes, content, filePath, addFinding }) {
+    if (content.includes('.shared') || content.includes('static let shared')) {
+        addFinding('ios.di.singleton_usage', 'high', filePath, 1,
+            'Singleton detected - use dependency injection instead');
+    }
+
+    classes.forEach(cls => {
+        if (cls.name.includes('ViewModel') || cls.name.includes('Service')) {
+            const hasInit = content.includes('init(');
+            if (!hasInit) {
+                addFinding('ios.di.missing_protocol_injection', 'medium', filePath, cls.line,
+                    `${cls.name} should inject dependencies via initializer`);
+            }
+        }
+    });
+
+    if (content.includes('init(') && content.match(/init\([^)]{50,}\)/)) {
+        addFinding('ios.di.missing_factory', 'low', filePath, 1,
+            'Complex initialization - consider factory pattern');
+    }
+}
+
+async function analyzeNetworking({ content, filePath, addFinding }) {
+    if (String(filePath || '').endsWith('/Package.swift') || String(filePath || '').endsWith('Package.swift')) {
+        return;
+    }
+    if (!content.includes('URLSession') && !content.includes('Alamofire')) {
+        if (content.includes('http://') || content.includes('https://')) {
+            addFinding('ios.networking.missing_urlsession', 'high', filePath, 1,
+                'Network URLs detected but no URLSession/Alamofire usage');
+        }
+    }
+
+    if (content.includes('URLSession') && content.includes('completionHandler:') && !content.includes('async')) {
+        addFinding('ios.networking.completion_handlers_instead_async', 'medium', filePath, 1,
+            'Using completion handlers with URLSession - migrate to async/await');
+    }
+
+    if (content.includes('JSONSerialization') && !content.includes('Codable')) {
+        addFinding('ios.networking.missing_codable', 'medium', filePath, 1,
+            'Manual JSON parsing - use Codable for type safety');
+    }
+
+    if (content.includes('URLSession') && !content.includes('NetworkError')) {
+        addFinding('ios.networking.missing_error_handling', 'high', filePath, 1,
+            'Network code without custom NetworkError enum');
+    }
+
+    const hasSSLPinningImplementation =
+        content.includes('serverTrustPolicy') ||
+        content.includes('pinning') ||
+        (content.includes('URLSessionDelegate') && content.includes('URLAuthenticationChallenge'));
+
+    if (content.includes('URLSession') && !hasSSLPinningImplementation) {
+        addFinding('ios.networking.missing_ssl_pinning', 'medium', filePath, 1,
+            'Consider SSL pinning for high-security apps');
+    }
+
+    if (content.includes('URLSession') && !content.includes('retry')) {
+        addFinding('ios.networking.missing_retry', 'low', filePath, 1,
+            'Network requests without retry logic');
+    }
+}
+
+async function analyzePersistence({ content, filePath, addFinding }) {
+    if (content.includes('UserDefaults') && (content.includes('password') || content.includes('token') || content.includes('auth'))) {
+        addFinding('ios.persistence.userdefaults_sensitive', 'critical', filePath, 1,
+            'Sensitive data in UserDefaults - use Keychain instead');
+    }
+
+    if ((content.includes('password') || content.includes('token')) && !content.includes('Keychain') && !content.includes('Security')) {
+        addFinding('ios.persistence.missing_keychain', 'critical', filePath, 1,
+            'Sensitive data detected but no Keychain usage');
+    }
+
+    if (content.includes('NSManagedObjectContext') && content.includes('.main')) {
+        addFinding('ios.persistence.core_data_on_main', 'high', filePath, 1,
+            'Core Data operations on main thread - use background context');
+    }
+
+    if (content.includes('NSPersistentContainer') && !content.includes('NSMigrationManager')) {
+        addFinding('ios.persistence.missing_migration', 'medium', filePath, 1,
+            'Core Data without migration strategy');
+    }
+}
+
+function analyzeCombine({ content, filePath, addFinding }) {
+    if (content.includes('.sink(') && !content.includes('AnyCancellable')) {
+        addFinding('ios.combine.missing_cancellables', 'high', filePath, 1,
+            'Combine sink without storing AnyCancellable - memory leak');
+    }
+
+    if (content.includes('@Published') && !content.includes('import Combine')) {
+        addFinding('ios.combine.published_without_combine', 'high', filePath, 1,
+            '@Published used but Combine not imported');
+    }
+
+    if (content.includes('.sink(') && !content.includes('receiveCompletion')) {
+        addFinding('ios.combine.error_handling', 'medium', filePath, 1,
+            'Combine subscriber without error handling (receiveCompletion)');
+    }
+
+    if (content.includes('Future<') && !content.includes('async')) {
+        addFinding('ios.combine.prefer_async_await', 'low', filePath, 1,
+            'Combine Future for single value - consider async/await instead');
+    }
+}
+
+function analyzeConcurrency({ content, filePath, addFinding }) {
+    if (content.includes('DispatchQueue') && !content.includes('async func')) {
+        addFinding('ios.concurrency.dispatchqueue_old', 'medium', filePath, 1,
+            'Using DispatchQueue - prefer async/await for new code');
+    }
+
+    if (content.includes('DispatchQueue.main') && content.includes('UI')) {
+        addFinding('ios.concurrency.missing_mainactor', 'medium', filePath, 1,
+            'Manual main thread dispatch - use @MainActor annotation');
+    }
+
+    if (content.includes('Task {') && !content.includes('.cancel()') && !content.includes('Task.isCancelled')) {
+        addFinding('ios.concurrency.task_cancellation', 'low', filePath, 1,
+            'Task without cancellation handling');
+    }
+
+    if (content.includes('var ') && content.includes('queue') && !content.includes('actor')) {
+        addFinding('ios.concurrency.actor_missing', 'medium', filePath, 1,
+            'Manual synchronization with queue - consider actor for thread safety');
+    }
+}
+
+function analyzeTesting({ content, filePath, addFinding }) {
+    if (filePath.includes('Test') && !content.includes('XCTest') && !content.includes('Quick')) {
+        addFinding('ios.testing.missing_xctest', 'high', filePath, 1,
+            'Test file without XCTest or Quick import');
+    }
+
+    if (filePath.includes('Test') && !content.includes('makeSUT') && content.includes('func test')) {
+        addFinding('ios.testing.missing_makesut', 'medium', filePath, 1,
+            'Test without makeSUT pattern - centralize system under test creation');
+    }
+
+    if (filePath.includes('Test') && !content.includes('trackForMemoryLeaks') && content.includes('class')) {
+        addFinding('ios.testing.missing_memory_leak_tracking', 'medium', filePath, 1,
+            'Test without trackForMemoryLeaks helper');
+    }
+
+    if (filePath.includes('Test') && content.includes('init(') && !content.includes('Protocol')) {
+        addFinding('ios.testing.concrete_dependencies', 'medium', filePath, 1,
+            'Test using concrete dependencies - inject protocols for testability');
+    }
+}
+
+function analyzeUITesting({ content, filePath, addFinding }) {
+    if (filePath.includes('UITest') && !content.includes('XCTest')) {
+        addFinding('ios.uitesting.missing_xctest', 'medium', filePath, 1,
+            'UI Test without XCTest import');
+    }
+
+    if (filePath.includes('UITest') && !content.includes('XCUIApplication')) {
+        addFinding('ios.uitesting.missing_application_launch', 'medium', filePath, 1,
+            'UI Test missing XCUIApplication launch');
+    }
+}
+
+module.exports = {
+    analyzeSwiftModerno,
+    analyzeSwiftUI,
+    analyzeUIKit,
+    analyzeProtocolOriented,
+    analyzeValueTypes,
+    analyzeMemoryManagement,
+    analyzeOptionals,
+    analyzeDependencyInjection,
+    analyzeNetworking,
+    analyzePersistence,
+    analyzeCombine,
+    analyzeConcurrency,
+    analyzeTesting,
+    analyzeUITesting,
+};

package/scripts/hooks-system/infrastructure/orchestration/__tests__/intelligent-audit.spec.js

@@ -11,6 +11,22 @@ describe('intelligent-audit', () => {
     const mod = require('../intelligent-audit');
     expect(typeof mod.runIntelligentAudit).toBe('function');
   });
+
+  it('should filter staged violations strictly (no substring matches, no .audit_tmp)', () => {
+    const mod = require('../intelligent-audit');
+
+    expect(typeof mod.isViolationInStagedFiles).toBe('function');
+
+    const stagedSet = new Set([
+      'apps/ios/Application/AppCoordinator.swift'
+    ]);
+
+    expect(mod.isViolationInStagedFiles('apps/ios/Application/AppCoordinator.swift', stagedSet)).toBe(true);
+    expect(mod.isViolationInStagedFiles('apps/ios/Application/AppCoordinator.swift.backup', stagedSet)).toBe(false);
+    expect(mod.isViolationInStagedFiles('.audit_tmp/AppCoordinator.123.staged.swift', stagedSet)).toBe(false);
+    expect(mod.isViolationInStagedFiles('some/dir/.audit_tmp/AppCoordinator.123.staged.swift', stagedSet)).toBe(false);
+    expect(mod.isViolationInStagedFiles('apps/ios/Application/AppCoordinator', stagedSet)).toBe(false);
+  });
 });
 
 describe('AI_EVIDENCE.json structure validation', () => {

package/scripts/hooks-system/infrastructure/orchestration/intelligent-audit.js

@@ -561,7 +561,7 @@ async function updateAIEvidence(violations, gateResult, tokenUsage) {
           file: v.filePath || v.file || 'unknown',
           line: v.line || null,
           severity: v.severity,
-          rule: ruleId,
+          rule_id: ruleId,
           message: v.message || v.description || '',
           category: v.category || deriveCategoryFromRuleId(ruleId),
           intelligent_evaluation: v.intelligentEvaluation || false,

package/scripts/hooks-system/infrastructure/shell/gitflow/gitflow-enforcer.sh

@@ -25,6 +25,7 @@ AUTO_MERGE_PR=${GITFLOW_AUTO_MERGE:-false}
 PR_BASE_BRANCH=${GITFLOW_PR_BASE:-develop}
 STRICT_ATOMIC=${GITFLOW_STRICT_ATOMIC:-true}
 REQUIRE_TEST_RELATIONS=${GITFLOW_REQUIRE_TESTS:-true}
+STRICT_CHECK=${GITFLOW_STRICT_CHECK:-false}
 
 print_section() {
   printf "${BLUE}═══════════════════════════════════════════════════════════════${NC}\n"
@@ -167,12 +168,17 @@ verify_atomic_commit() {
     return 0
   fi
 
-  mapfile -t files < <($GIT_BIN diff --name-only "${commit}^..${commit}")
+  local files=()
+  while IFS= read -r file; do
+    [[ -z "$file" ]] && continue
+    files+=("$file")
+  done < <($GIT_BIN diff --name-only "${commit}^..${commit}")
   if [[ "${#files[@]}" -eq 0 ]]; then
     return 0
   fi
 
-  declare -A roots=()
+  local roots_list
+  roots_list=()
   for file in "${files[@]}"; do
     local root="${file%%/*}"
     if [[ "$root" == "$file" ]]; then
@@ -186,12 +192,37 @@ verify_atomic_commit() {
         root="(root)"
         ;;
     esac
-    roots["$root"]=1
+
+    local seen=0
+    local existing
+    if (( ${#roots_list[@]:-0} > 0 )); then
+      for existing in "${roots_list[@]}"; do
+        if [[ "$existing" == "$root" ]]; then
+          seen=1
+          break
+        fi
+      done
+    fi
+    if [[ "$seen" -eq 0 ]]; then
+      roots_list+=("$root")
+    fi
   done
 
-  local root_count=${#roots[@]}
+  local root_count=${#roots_list[@]}
   if (( root_count > 1 )); then
-    printf "${RED}❌ Commit %s toca múltiples raíces (%s). Divide los cambios en commits atómicos.${NC}\n" "$commit" "$(printf "%s " "${!roots[@]}")"
+    local has_scripts=0
+    local has_tests=0
+    for root in "${roots_list[@]}"; do
+      [[ "$root" == "scripts" ]] && has_scripts=1
+      [[ "$root" == "tests" ]] && has_tests=1
+    done
+    
+    if [[ $has_scripts -eq 1 && $has_tests -eq 1 && $root_count -eq 2 ]]; then
+      printf "${GREEN}✅ Commit %s toca scripts + tests (permitido para bugfixes/features con tests).${NC}\n" "$commit"
+      return 0
+    fi
+    
+    printf "${RED}❌ Commit %s toca múltiples raíces (%s). Divide los cambios en commits atómicos.${NC}\n" "$commit" "$(printf "%s " "${roots_list[@]}")"
     return 1
   fi
   if (( root_count == 0 )); then
@@ -199,7 +230,7 @@ verify_atomic_commit() {
     return 0
   fi
   local root_name
-  for root_name in "${!roots[@]}"; do
+  for root_name in "${roots_list[@]}"; do
     printf "${GREEN}✅ Commit %s cumple atomicidad (raíz %s).${NC}\n" "$commit" "$root_name"
   done
   return 0
@@ -219,7 +250,11 @@ verify_pending_commits_atomic() {
     return $?
   fi
 
-  mapfile -t commits < <($GIT_BIN rev-list "${base_ref}..${branch}")
+  local commits=()
+  while IFS= read -r commit; do
+    [[ -z "$commit" ]] && continue
+    commits+=("$commit")
+  done < <($GIT_BIN rev-list "${base_ref}..${branch}")
   local failed=0
   for commit in "${commits[@]}"; do
     if ! verify_atomic_commit "$commit"; then
@@ -349,22 +384,50 @@ cmd_check() {
   local branch
   branch=$(current_branch)
   printf "${CYAN}📍 Rama actual: %s${NC}\n" "$branch"
-  ensure_evidence_fresh || true
-  lint_hooks_system || true
-  run_mobile_checks || true
+  local failed=0
+
+  if [[ "${STRICT_CHECK}" == "true" ]]; then
+    ensure_evidence_fresh || failed=1
+    lint_hooks_system || failed=1
+    run_mobile_checks || failed=1
+  else
+    ensure_evidence_fresh || true
+    lint_hooks_system || true
+    run_mobile_checks || true
+  fi
   print_sync_table
   print_cleanup_candidates
-  verify_atomic_commit "HEAD" || true
-  if [[ "$REQUIRE_TEST_RELATIONS" == "true" ]]; then
-    verify_related_files_commit "HEAD" || true
+  if [[ "${STRICT_CHECK}" == "true" ]]; then
+    verify_atomic_commit "HEAD" || failed=1
+    if [[ "$REQUIRE_TEST_RELATIONS" == "true" ]]; then
+      verify_related_files_commit "HEAD" || failed=1
+    fi
+    if ! verify_pending_commits_atomic "$branch"; then
+      failed=1
+    fi
+    if [[ "$REQUIRE_TEST_RELATIONS" == "true" ]]; then
+      if ! verify_pending_commits_related "$branch"; then
+        failed=1
+      fi
+    fi
+  else
+    verify_atomic_commit "HEAD" || true
+    if [[ "$REQUIRE_TEST_RELATIONS" == "true" ]]; then
+      verify_related_files_commit "HEAD" || true
+    fi
   fi
   local pending
   pending=$(unpushed_commits "$branch")
   if [[ "$pending" != "0" ]]; then
     printf "${YELLOW}⚠️  Commits sin subir (${pending}). Ejecuta git push.${NC}\n"
+    if [[ "${STRICT_CHECK}" == "true" ]]; then
+      failed=1
+    fi
   else
     printf "${GREEN}✅ No hay commits pendientes de push.${NC}\n"
   fi
+
+  return $failed
 }
 
 cmd_cycle() {
@@ -518,8 +581,6 @@ main() {
   esac
 }
 
-main "$@"
-
 is_test_file() {
   local file="$1"
   case "$file" in
@@ -620,10 +681,15 @@ verify_pending_commits_related() {
   local base_ref="origin/${branch}"
 
   if ! $GIT_BIN show-ref --verify --quiet "refs/remotes/origin/${branch}"; then
-    return verify_related_files_commit "HEAD"
+    verify_related_files_commit "HEAD"
+    return $?
   fi
 
-  mapfile -t commits < <($GIT_BIN rev-list "${base_ref}..${branch}")
+  local commits=()
+  while IFS= read -r commit; do
+    [[ -z "$commit" ]] && continue
+    commits+=("$commit")
+  done < <($GIT_BIN rev-list "${base_ref}..${branch}")
   local failed=0
   local commit
   for commit in "${commits[@]}"; do
@@ -633,3 +699,5 @@ verify_pending_commits_related() {
   done
   return $failed
 }
+
+main "$@"