pumuki-ast-hooks 5.5.50 → 5.5.52

package/scripts/hooks-system/application/services/installation/mcp/McpServerConfigBuilder.js

@@ -0,0 +1,103 @@
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+const crypto = require('crypto');
+const env = require('../../../../config/env.js');
+
+function slugifyId(input) {
+    return String(input || '')
+        .trim()
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/^-+|-+$/g, '')
+        .slice(0, 48);
+}
+
+class McpServerConfigBuilder {
+    constructor(targetRoot, hookSystemRoot, logger = null) {
+        this.targetRoot = targetRoot;
+        this.hookSystemRoot = hookSystemRoot;
+        this.logger = logger;
+    }
+
+    build() {
+        const serverId = this.computeServerIdForRepo(this.targetRoot);
+        const entrypoint = this.resolveAutomationEntrypoint();
+        const nodePath = this.resolveNodeBinary();
+
+        const mcpConfig = {
+            mcpServers: {
+                [serverId]: {
+                    command: nodePath,
+                    args: [entrypoint],
+                    env: {
+                        REPO_ROOT: this.targetRoot,
+                        AUTO_COMMIT_ENABLED: 'false',
+                        AUTO_PUSH_ENABLED: 'false',
+                        AUTO_PR_ENABLED: 'false'
+                    }
+                }
+            }
+        };
+
+        return { serverId, mcpConfig };
+    }
+
+    resolveAutomationEntrypoint() {
+        const candidates = [
+            this.hookSystemRoot
+                ? path.join(this.hookSystemRoot, 'infrastructure', 'mcp', 'ast-intelligence-automation.js')
+                : null,
+            path.join(this.targetRoot, 'scripts', 'hooks-system', 'infrastructure', 'mcp', 'ast-intelligence-automation.js')
+        ].filter(Boolean);
+
+        for (const candidate of candidates) {
+            try {
+                if (fs.existsSync(candidate)) return candidate;
+            } catch (error) {
+                this.logger?.warn?.('MCP_ENTRYPOINT_CHECK_FAILED', { candidate, error: error.message });
+            }
+        }
+
+        return path.join(this.targetRoot, 'scripts/hooks-system/infrastructure/mcp/ast-intelligence-automation.js');
+    }
+
+    resolveNodeBinary() {
+        let nodePath = process.execPath;
+        if (nodePath && fs.existsSync(nodePath)) return nodePath;
+
+        try {
+            return execSync('which node', { encoding: 'utf-8' }).trim();
+        } catch (error) {
+            if (process.env.DEBUG) {
+                process.stderr.write(`[MCP] which node failed: ${error && error.message ? error.message : String(error)}\n`);
+            }
+            return 'node';
+        }
+    }
+
+    computeServerIdForRepo(repoRoot) {
+        const legacyServerId = 'ast-intelligence-automation';
+        const forced = (env.get('MCP_SERVER_ID', '') || '').trim();
+        if (forced.length > 0) return forced;
+
+        const repoName = path.basename(repoRoot || process.cwd());
+        const slug = slugifyId(repoName) || 'repo';
+        const fp = this.computeRepoFingerprint(repoRoot);
+        return `${legacyServerId}-${slug}-${fp}`;
+    }
+
+    computeRepoFingerprint(repoRoot) {
+        try {
+            const real = fs.realpathSync(repoRoot);
+            return crypto.createHash('sha1').update(real).digest('hex').slice(0, 8);
+        } catch (error) {
+            if (process.env.DEBUG) {
+                process.stderr.write(`[MCP] computeRepoFingerprint fallback: ${error && error.message ? error.message : String(error)}\n`);
+            }
+            return crypto.createHash('sha1').update(String(repoRoot || '')).digest('hex').slice(0, 8);
+        }
+    }
+}
+
+module.exports = McpServerConfigBuilder;

package/scripts/hooks-system/infrastructure/ast/ast-core.js

@@ -45,18 +45,6 @@ function getRepoRoot() {
  */
 function shouldIgnore(file) {
   const p = file.replace(/\\/g, "/");
-  try {
-    const configPaths = loadExclusions()?.exclusions?.paths;
-    if (configPaths && typeof configPaths === 'object') {
-      for (const [key, enabled] of Object.entries(configPaths)) {
-        if (enabled && p.includes(key)) return true;
-      }
-    }
-  } catch (error) {
-    if (process.env.DEBUG) {
-      console.debug(`[ast-core] Failed to load exclusions for shouldIgnore: ${error.message || String(error)}`);
-    }
-  }
   if (p.includes("node_modules/")) return true;
   if (p.includes("/.next/")) return true;
   if (p.includes("/dist/")) return true;
@@ -137,7 +125,7 @@ let exclusionsConfig = null;
 function loadExclusions() {
   if (exclusionsConfig) return exclusionsConfig;
   try {
-    const configPath = path.join(getRepoRoot(), 'config', 'ast-exclusions.json');
+    const configPath = path.join(__dirname, '../../config/ast-exclusions.json');
     if (fs.existsSync(configPath)) {
       exclusionsConfig = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
     }

package/scripts/hooks-system/infrastructure/ast/ast-intelligence.js

@@ -22,7 +22,7 @@ function formatLocalTimestamp(date = new Date()) {
 }
 
 const astModulesPath = __dirname;
-const { createProject, platformOf, mapToLevel, shouldIgnore: coreShouldIgnore } = require(path.join(astModulesPath, "ast-core"));
+const { createProject, platformOf, mapToLevel } = require(path.join(astModulesPath, "ast-core"));
 const MacOSNotificationAdapter = require(path.join(__dirname, '../adapters/MacOSNotificationAdapter'));
 const { runBackendIntelligence } = require(path.join(astModulesPath, "backend/ast-backend"));
 const { runFrontendIntelligence } = require(path.join(astModulesPath, "frontend/ast-frontend"));
@@ -138,6 +138,8 @@ function runProjectHardcodedThresholdAudit(root, allFiles, findings) {
     if (p.includes('/build/')) return true;
     if (p.includes('/coverage/')) return true;
     if (p.includes('/.audit_tmp/')) return true;
+    if (p.includes('/infrastructure/ast/')) return true;
+    if (p.includes('/scripts/hooks-system/')) return true;
     return false;
   };
 
@@ -704,7 +706,6 @@ function listSourceFiles(root) {
  */
 function shouldIgnore(file) {
   const p = file.replace(/\\/g, "/");
-  if (typeof coreShouldIgnore === 'function' && coreShouldIgnore(p)) return true;
   if (p.includes("node_modules/")) return true;
   if (p.includes("/.cursor/")) return true;
   if (/\.bak/i.test(p)) return true;

package/scripts/hooks-system/infrastructure/ast/backend/ast-backend.js

@@ -126,10 +126,13 @@ function runBackendIntelligence(project, findings, platform) {
         return;
       }
       // NO excluir archivos AST - la librería debe auto-auditarse
+      if (isTestFile(filePath)) return;
+
       sf.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
         const className = cls.getName() || '';
         const isValueObject = /Metrics|ValueObject|VO$|Dto$|Entity$/.test(className);
-        if (isValueObject) return;
+        const isTestClass = /Spec$|Test$|Mock/.test(className);
+        if (isValueObject || isTestClass) return;
 
         const methodsCount = cls.getMethods().length;
         const propertiesCount = cls.getProperties().length;
@@ -207,6 +210,9 @@ function runBackendIntelligence(project, findings, platform) {
 
     if (platformOf(filePath) !== "backend") return;
 
+    const normalizedBackendPath = filePath.replace(/\\/g, '/');
+    const isRealBackendAppFile = normalizedBackendPath.includes('/apps/backend/') || normalizedBackendPath.includes('apps/backend/');
+
     // NO excluir archivos AST - la librería debe auto-auditarse para detectar God classes masivas
 
     const fullText = sf.getFullText();
@@ -272,7 +278,7 @@ function runBackendIntelligence(project, findings, platform) {
       fullTextUpper.includes("ConfigService") ||
       usesEnvHelper;
     const hasConfigUsage = /process\.env\b|ConfigService|env\.get(Bool|Number)?\(|\bconfig\s*[\.\[]/i.test(sf.getFullText());
-    if (!hasEnvSpecific && hasConfigUsage && !isTestFile(filePath)) {
+    if (isRealBackendAppFile && !hasEnvSpecific && hasConfigUsage && !isTestFile(filePath)) {
       pushFinding("backend.config.missing_env_separation", "info", sf, sf, "Missing environment-specific configuration - consider NODE_ENV or ConfigService", findings);
     }
 
@@ -287,6 +293,10 @@ function runBackendIntelligence(project, findings, platform) {
       analyzeGodClasses(sf, findings, { SyntaxKind, pushFinding, godClassBaseline });
     }
 
+    if (!isRealBackendAppFile) {
+      return;
+    }
+
     sf.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
       const name = cls.getName();
       if (name && /Entity|Model|Domain/.test(name)) {
@@ -349,16 +359,12 @@ function runBackendIntelligence(project, findings, platform) {
       }
     });
 
-    const filePathNormalizedForMetrics = filePath.replace(/\\/g, "/");
-    const filePathNormalizedForMetricsLower = filePathNormalizedForMetrics.toLowerCase();
-    const isInternalAstToolingFileForMetrics = filePathNormalizedForMetricsLower.includes("/infrastructure/ast/") || filePathNormalizedForMetricsLower.includes("infrastructure/ast/") || filePathNormalizedForMetricsLower.includes("/scripts/hooks-system/infrastructure/ast/");
-
     const fullTextLower = fullText.toLowerCase();
     const hasMetrics = fullTextLower.includes("micrometer") || fullTextLower.includes("prometheus") ||
       fullTextLower.includes("actuator") || fullTextLower.includes("metrics");
     const looksLikeServiceOrController = fullTextLower.includes("controller") || fullTextLower.includes("service");
 
-    if (!isInternalAstToolingFileForMetrics && !hasMetrics && looksLikeServiceOrController) {
+    if (isRealBackendAppFile && !hasMetrics && looksLikeServiceOrController) {
       pushFinding("backend.metrics.missing_prometheus", "info", sf, sf, "Missing application metrics - consider Spring Boot Actuator or Micrometer for monitoring", findings);
     }
 
@@ -478,7 +484,7 @@ function runBackendIntelligence(project, findings, platform) {
     sf.getDescendantsOfKind(SyntaxKind.ThrowStatement).forEach((throwStmt) => {
       const expr = throwStmt.getExpression();
       if (!expr) return;
-      const exprText = expr.getText();
+      const exprText = throwStmt.getExpression().getText();
       if (exprText.includes("Error(") || exprText.includes("Exception(")) {
         const isCustom = exprText.includes("Exception") &&
           (exprText.includes("Validation") ||
@@ -486,7 +492,9 @@ function runBackendIntelligence(project, findings, platform) {
             exprText.includes("Unauthorized") ||
             exprText.includes("Forbidden"));
         if (!isCustom) {
-          pushFinding("backend.error.custom_exceptions", "info", sf, throwStmt, "Generic Error/Exception thrown - create custom exception classes for better error handling", findings);
+          if (isRealBackendAppFile) {
+            pushFinding("backend.error.custom_exceptions", "info", sf, throwStmt, "Generic Error/Exception thrown - create custom exception classes for better error handling", findings);
+          }
         }
       }
     });

package/scripts/hooks-system/infrastructure/ast/backend/detectors/god-class-detector.js

@@ -7,7 +7,8 @@ function analyzeGodClasses(sourceFile, findings, { SyntaxKind, pushFinding, godC
     sourceFile.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
         const className = cls.getName() || '';
         const isValueObject = /Metrics|ValueObject|VO$|Dto$|Entity$/.test(className);
-        if (isValueObject) return;
+        const isTestClass = /Spec$|Test$|Mock/.test(className);
+        if (isValueObject || isTestClass) return;
 
         const methodsCount = cls.getMethods().length;
         const propertiesCount = cls.getProperties().length;

package/scripts/hooks-system/infrastructure/ast/ios/analyzers/iOSCICDChecks.js

@@ -0,0 +1,385 @@
+const fs = require('fs');
+const path = require('path');
+const glob = require('glob');
+
+function checkFastfileExists(ctx) {
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath)) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.missing_fastfile',
+            severity: 'medium',
+            message: 'Proyecto iOS sin Fastfile. Fastlane automatiza builds, tests y deployments.',
+            filePath: 'PROJECT_ROOT',
+            line: 1,
+            suggestion: `Inicializar Fastlane:
+
+fastlane init
+
+Esto crea:
+- fastlane/Fastfile
+- fastlane/Appfile
+- fastlane/Matchfile`
+        });
+        return;
+    }
+    checkFastfileLanes(ctx, fastfilePath);
+}
+
+function checkFastfileLanes(ctx, fastfilePath) {
+    const content = fs.readFileSync(fastfilePath, 'utf-8');
+    const requiredLanes = ['test', 'beta', 'release'];
+    const existingLanes = content.match(/lane\s+:(\w+)/g)?.map(l => l.match(/:(\w+)/)?.[1]) || [];
+    const missingLanes = requiredLanes.filter(lane => !existingLanes.includes(lane));
+
+    if (missingLanes.length > 0) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.fastfile_missing_lanes',
+            severity: 'medium',
+            message: `Fastfile sin lanes esenciales: ${missingLanes.join(', ')}`,
+            filePath: fastfilePath,
+            line: 1,
+            suggestion: `Añadir lanes:
+
+lane :test do
+  scan
+end
+
+lane :beta do
+  build_app
+  upload_to_testflight
+end
+
+lane :release do
+  build_app
+  upload_to_app_store
+end`
+        });
+    }
+
+    if (!content.includes('increment_build_number') && !content.includes('increment_version_number')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.missing_version_increment',
+            severity: 'medium',
+            message: 'Fastfile sin incremento automático de versión/build.',
+            filePath: fastfilePath,
+            line: 1
+        });
+    }
+}
+
+function checkGitHubActionsWorkflow(ctx) {
+    const workflowPath = path.join(ctx.projectRoot, '.github/workflows');
+
+    if (!fs.existsSync(workflowPath)) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.missing_github_actions',
+            severity: 'low',
+            message: 'Proyecto sin GitHub Actions workflows. Automatizar CI/CD.',
+            filePath: 'PROJECT_ROOT',
+            line: 1,
+            suggestion: 'Crear .github/workflows/ios-ci.yml para tests automáticos'
+        });
+        return;
+    }
+
+    const workflows = glob.sync('*.yml', { cwd: workflowPath, absolute: true });
+    const iosWorkflows = workflows.filter(w => {
+        const content = fs.readFileSync(w, 'utf-8');
+        return content.includes('macos') || content.includes('ios') || content.includes('xcodebuild');
+    });
+
+    if (iosWorkflows.length === 0) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.no_ios_workflow',
+            severity: 'medium',
+            message: 'GitHub Actions sin workflow de iOS.',
+            filePath: '.github/workflows/',
+            line: 1
+        });
+        return;
+    }
+
+    iosWorkflows.forEach(workflow => {
+        const content = fs.readFileSync(workflow, 'utf-8');
+
+        if (!content.includes('xcodebuild test')) {
+            ctx.pushFinding(ctx.findings, {
+                ruleId: 'ios.cicd.workflow_missing_tests',
+                severity: 'high',
+                message: 'Workflow de iOS sin tests automáticos.',
+                filePath: workflow,
+                line: 1
+            });
+        }
+
+        if (!content.includes('fastlane')) {
+            ctx.pushFinding(ctx.findings, {
+                ruleId: 'ios.cicd.workflow_without_fastlane',
+                severity: 'low',
+                message: 'Workflow sin Fastlane. Considerar para simplificar pipeline.',
+                filePath: workflow,
+                line: 1
+            });
+        }
+    });
+}
+
+function checkTestFlightConfiguration(ctx) {
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath)) return;
+
+    const content = fs.readFileSync(fastfilePath, 'utf-8');
+    if (content.includes('beta') && !content.includes('upload_to_testflight')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.beta_without_testflight',
+            severity: 'medium',
+            message: 'Lane beta sin upload_to_testflight. Automatizar distribución.',
+            filePath: fastfilePath,
+            line: 1
+        });
+    }
+
+    if (content.includes('upload_to_testflight') && !content.includes('changelog')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.testflight_without_changelog',
+            severity: 'low',
+            message: 'TestFlight sin changelog. Añadir notas de release.',
+            filePath: fastfilePath,
+            line: 1
+        });
+    }
+}
+
+function checkBuildConfiguration(ctx) {
+    const projectFiles = glob.sync('**/*.xcodeproj/project.pbxproj', {
+        cwd: ctx.projectRoot,
+        absolute: true
+    });
+    if (projectFiles.length === 0) return;
+
+    projectFiles.forEach(projectFile => {
+        const content = fs.readFileSync(projectFile, 'utf-8');
+        const configurations = content.match(/buildConfiguration\s*=\s*(\w+)/g) || [];
+        const hasDebug = configurations.some(c => c.includes('Debug'));
+        const hasRelease = configurations.some(c => c.includes('Release'));
+        const hasStaging = configurations.some(c => c.includes('Staging'));
+
+        if (!hasStaging && (hasDebug && hasRelease)) {
+            ctx.pushFinding(ctx.findings, {
+                ruleId: 'ios.cicd.missing_staging_config',
+                severity: 'low',
+                message: 'Sin configuración Staging. Útil para testing pre-production.',
+                filePath: projectFile,
+                line: 1
+            });
+        }
+    });
+}
+
+function checkCertificateManagement(ctx) {
+    const matchfilePath = path.join(ctx.projectRoot, 'fastlane/Matchfile');
+    if (fs.existsSync(matchfilePath)) return;
+
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (fs.existsSync(fastfilePath)) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.missing_match_config',
+            severity: 'medium',
+            message: 'Fastlane sin Match para gestión de certificados.',
+            filePath: 'fastlane/',
+            line: 1,
+            suggestion: 'fastlane match init para gestionar certificados en equipo'
+        });
+    }
+}
+
+function checkCodeSigningConfiguration(ctx) {
+    const projectFiles = glob.sync('**/*.xcodeproj/project.pbxproj', {
+        cwd: ctx.projectRoot,
+        absolute: true
+    });
+
+    projectFiles.forEach(projectFile => {
+        const content = fs.readFileSync(projectFile, 'utf-8');
+        if (content.includes('CODE_SIGN_STYLE = Manual')) {
+            ctx.pushFinding(ctx.findings, {
+                ruleId: 'ios.cicd.manual_code_signing',
+                severity: 'low',
+                message: 'Code signing manual. Considerar Automatic o Match para CI/CD.',
+                filePath: projectFile,
+                line: 1
+            });
+        }
+    });
+}
+
+function checkAutomatedTesting(ctx) {
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath)) return;
+
+    const content = fs.readFileSync(fastfilePath, 'utf-8');
+    if (!content.includes('scan') && !content.includes('run_tests')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.no_automated_tests',
+            severity: 'high',
+            message: 'Fastlane sin tests automatizados. Añadir scan action.',
+            filePath: fastfilePath,
+            line: 1,
+            suggestion: `lane :test do
+  scan(scheme: "MyApp")
+end`
+        });
+    }
+}
+
+function checkVersionBumping(ctx) {
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath)) return;
+
+    const content = fs.readFileSync(fastfilePath, 'utf-8');
+    if (content.includes('upload_to') && !content.includes('increment_build_number')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.missing_build_increment',
+            severity: 'medium',
+            message: 'Deployment sin incremento automático de build number.',
+            filePath: fastfilePath,
+            line: 1
+        });
+    }
+}
+
+function checkReleaseNotes(ctx) {
+    const changelogPath = path.join(ctx.projectRoot, 'CHANGELOG.md');
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath) || fs.existsSync(changelogPath)) return;
+
+    ctx.pushFinding(ctx.findings, {
+        ruleId: 'ios.cicd.missing_changelog',
+        severity: 'low',
+        message: 'Proyecto sin CHANGELOG.md. Documentar cambios para releases.',
+        filePath: 'PROJECT_ROOT',
+        line: 1
+    });
+}
+
+function checkSlackNotifications(ctx) {
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath)) return;
+
+    const content = fs.readFileSync(fastfilePath, 'utf-8');
+    if (content.includes('upload_to') && !content.includes('slack')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.missing_notifications',
+            severity: 'low',
+            message: 'Deployment sin notificaciones. Añadir Slack para avisar al equipo.',
+            filePath: fastfilePath,
+            line: 1
+        });
+    }
+}
+
+function checkMatchConfiguration(ctx) {
+    const matchfilePath = path.join(ctx.projectRoot, 'fastlane/Matchfile');
+    if (!fs.existsSync(matchfilePath)) return;
+
+    const content = fs.readFileSync(matchfilePath, 'utf-8');
+    if (!content.includes('git_url')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.match_missing_git_url',
+            severity: 'high',
+            message: 'Matchfile sin git_url. Match requiere repositorio para certificados.',
+            filePath: matchfilePath,
+            line: 1
+        });
+    }
+}
+
+function checkGymConfiguration(ctx) {
+    const gymfilePath = path.join(ctx.projectRoot, 'fastlane/Gymfile');
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath) || fs.existsSync(gymfilePath)) return;
+
+    const content = fs.readFileSync(fastfilePath, 'utf-8');
+    if (content.includes('build_app') || content.includes('gym')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.missing_gymfile',
+            severity: 'low',
+            message: 'build_app sin Gymfile. Considerar para centralizar configuración de build.',
+            filePath: 'fastlane/',
+            line: 1
+        });
+    }
+}
+
+function checkScanConfiguration(ctx) {
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath)) return;
+
+    const content = fs.readFileSync(fastfilePath, 'utf-8');
+    if (content.includes('scan') && !content.includes('code_coverage')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.scan_without_coverage',
+            severity: 'low',
+            message: 'scan sin code_coverage: true. Activar para métricas.',
+            filePath: fastfilePath,
+            line: 1,
+            suggestion: 'scan(code_coverage: true, scheme: "MyApp")'
+        });
+    }
+}
+
+function checkPilotConfiguration(ctx) {
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath)) return;
+
+    const content = fs.readFileSync(fastfilePath, 'utf-8');
+    if (!content.includes('pilot') && !content.includes('upload_to_testflight')) return;
+
+    if (!content.includes('changelog') && !content.includes('whats_new')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.pilot_missing_changelog',
+            severity: 'low',
+            message: 'TestFlight upload sin changelog/whats_new.',
+            filePath: fastfilePath,
+            line: 1
+        });
+    }
+}
+
+function checkAppStoreMetadata(ctx) {
+    const metadataPath = path.join(ctx.projectRoot, 'fastlane/metadata');
+    if (fs.existsSync(metadataPath)) return;
+
+    const fastfilePath = path.join(ctx.projectRoot, 'fastlane/Fastfile');
+    if (!fs.existsSync(fastfilePath)) return;
+
+    const content = fs.readFileSync(fastfilePath, 'utf-8');
+    if (content.includes('upload_to_app_store') || content.includes('deliver')) {
+        ctx.pushFinding(ctx.findings, {
+            ruleId: 'ios.cicd.missing_metadata',
+            severity: 'low',
+            message: 'Upload a App Store sin metadata/ folder. Versionar descripciones y screenshots.',
+            filePath: 'fastlane/',
+            line: 1,
+            suggestion: 'fastlane deliver init para crear estructura metadata/'
+        });
+    }
+}
+
+module.exports = {
+    checkFastfileExists,
+    checkGitHubActionsWorkflow,
+    checkTestFlightConfiguration,
+    checkBuildConfiguration,
+    checkCertificateManagement,
+    checkCodeSigningConfiguration,
+    checkAutomatedTesting,
+    checkVersionBumping,
+    checkReleaseNotes,
+    checkSlackNotifications,
+    checkMatchConfiguration,
+    checkGymConfiguration,
+    checkScanConfiguration,
+    checkPilotConfiguration,
+    checkAppStoreMetadata,
+};