pumuki-ast-hooks 5.5.52 → 5.5.54

package/hooks/git-status-monitor.ts

@@ -42,6 +42,7 @@ function getGitStatus(projectDir: string): GitStatus | null {
             hasUncommittedChanges: lines.length > 0
         };
     } catch (err) {
+        console.error(`[git-status-monitor] Failed to read git status: ${(err as Error).message}`);
         return null;
     }
 }
@@ -79,6 +80,7 @@ function detectPlatformFromFiles(projectDir: string): string[] {
             }
         }
     } catch (err) {
+        console.error(`[git-status-monitor] Failed to detect platforms from files: ${(err as Error).message}`);
     }
 
     return platforms.length > 0 ? platforms : ['frontend', 'backend', 'ios', 'android'];
@@ -134,6 +136,7 @@ async function main() {
                     sound: 'Ping'
                 });
             } catch (err) {
+                console.error(`[git-status-monitor] Notification failed (staged): ${(err as Error).message}`);
             }
         } else if (totalChanges > 10) {
             try {
@@ -144,11 +147,13 @@ async function main() {
                     sound: 'Glass'
                 });
             } catch (err) {
+                console.error(`[git-status-monitor] Notification failed (unstaged): ${(err as Error).message}`);
             }
         }
 
         process.exit(0);
     } catch (err) {
+        console.error(`[git-status-monitor] Unexpected error: ${(err as Error).message}`);
         process.exit(0);
     }
 }

package/hooks/notify-macos.ts

@@ -24,6 +24,7 @@ export function sendMacOSNotification(options: NotificationOptions): void {
     try {
         execSync(`osascript -e '${script}'`, { stdio: 'ignore' });
     } catch (err) {
+        console.error(`[notify-macos] Failed to send notification: ${(err as Error).message}`);
     }
 }
 

package/hooks/pre-tool-use-evidence-validator.ts

@@ -235,6 +235,7 @@ async function main() {
                     sound: 'Basso'
                 });
             } catch (err) {
+                process.stderr.write(`Notification failed: ${err instanceof Error ? err.message : String(err)}\n`);
             }
             process.stderr.write(`${validation.error || ''}\n`);
             process.exit(2);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki-ast-hooks",
-  "version": "5.5.52",
+  "version": "5.5.54",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {
@@ -134,4 +134,4 @@
     "./skills": "./skills/skill-rules.json",
     "./hooks": "./hooks/index.js"
   }
-}
+}

package/scripts/hooks-system/application/services/AutonomousOrchestrator.js

@@ -31,10 +31,47 @@ class AutonomousOrchestrator {
         }
     }
 
+    detectFromBranchKeywords(branchName) {
+        try {
+            const PlatformHeuristics = require('./platform/PlatformHeuristics');
+            const heuristics = new PlatformHeuristics(this.platformDetector);
+            return heuristics.detectFromBranchKeywords(branchName);
+        } catch (error) {
+            const msg = error && error.message ? error.message : String(error);
+            this.logger?.debug?.('ORCHESTRATOR_BRANCH_KEYWORDS_DETECTION_ERROR', { error: msg });
+            return [];
+        }
+    }
+
+    detectFromEvidenceFile() {
+        try {
+            const PlatformHeuristics = require('./platform/PlatformHeuristics');
+            const heuristics = new PlatformHeuristics(this.platformDetector);
+            return heuristics.detectFromEvidenceFile();
+        } catch (error) {
+            const msg = error && error.message ? error.message : String(error);
+            this.logger?.debug?.('ORCHESTRATOR_EVIDENCE_FILE_DETECTION_ERROR', { error: msg });
+            return [];
+        }
+    }
+
     detectFromASTSystemFilesLegacy(files) {
         return this.detectFromASTSystemFiles(files);
     }
 
+    async scoreConfidence(platforms) {
+        try {
+            const PlatformAnalysisService = require('./PlatformAnalysisService');
+            const analysisService = new PlatformAnalysisService(this.platformDetector);
+            const context = await this.contextEngine.detectContext();
+            return analysisService.analyzeConfidence(platforms || [], context || {});
+        } catch (error) {
+            const msg = error && error.message ? error.message : String(error);
+            this.logger?.debug?.('ORCHESTRATOR_SCORE_CONFIDENCE_ERROR', { error: msg });
+            return [];
+        }
+    }
+
     async analyzeContext() {
         const platforms = await this.detectActivePlatforms();
         const scores = await this.scoreConfidence(platforms);

package/scripts/hooks-system/application/services/guard/GuardConfig.js

@@ -3,9 +3,11 @@ const AuditLogger = require('../logging/AuditLogger');
 
 class GuardConfig {
     constructor(env = envHelper) {
-        
-        this.auditLogger = new AuditLogger({ repoRoot: process.cwd() });const getNumber = (name, def) =>
+        this.auditLogger = new AuditLogger({ repoRoot: process.cwd() });
+
+        const getNumber = (name, def) =>
             typeof env.getNumber === 'function' ? env.getNumber(name, def) : Number(env[name] || def);
+
         const getBool = (name, def) =>
             typeof env.getBool === 'function' ? env.getBool(name, def) : (env[name] !== 'false');
 

package/scripts/hooks-system/application/services/installation/GitEnvironmentService.js

@@ -128,6 +128,20 @@ if [[ "$CURRENT_BRANCH" == "main" ]] || [[ "$CURRENT_BRANCH" == "master" ]] || [
   exit 1
 fi
 
+# Enforce Git Flow checks (strict) before allowing commit
+ENFORCER_SCRIPT="scripts/hooks-system/infrastructure/shell/gitflow/gitflow-enforcer.sh"
+if [[ -f "$ENFORCER_SCRIPT" ]]; then
+  echo ""
+  echo "🔍 Running Git Flow checks (strict)..."
+  echo ""
+  if ! GITFLOW_STRICT_CHECK=true bash "$ENFORCER_SCRIPT" check; then
+    echo ""
+    echo "🚨 COMMIT BLOCKED: Git Flow checks failed"
+    echo ""
+    exit 1
+  fi
+fi
+
 # Check if there are staged files
 STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM 2>/dev/null | grep -E '\\.(ts|tsx|js|jsx|swift|kt)$' || true)
 if [ -z "$STAGED_FILES" ]; then
@@ -263,10 +277,14 @@ fi
 # Run gitflow-enforcer if available (optional validation)
 ENFORCER_SCRIPT="scripts/hooks-system/infrastructure/shell/gitflow/gitflow-enforcer.sh"
 if [[ -f "$ENFORCER_SCRIPT" ]]; then
-  if ! bash "$ENFORCER_SCRIPT" check 2>/dev/null; then
+  echo ""
+  echo "🔍 Running Git Flow checks (strict)..."
+  echo ""
+  if ! GITFLOW_STRICT_CHECK=true bash "$ENFORCER_SCRIPT" check; then
     echo ""
-    echo "⚠️  Git Flow check completed with warnings (non-blocking)"
+    echo "🚨 PUSH BLOCKED: Git Flow checks failed"
     echo ""
+    exit 1
   fi
 fi
 

package/scripts/hooks-system/infrastructure/ast/ast-core.js

@@ -45,6 +45,18 @@ function getRepoRoot() {
  */
 function shouldIgnore(file) {
   const p = file.replace(/\\/g, "/");
+  try {
+    const configPaths = loadExclusions()?.exclusions?.paths;
+    if (configPaths && typeof configPaths === 'object') {
+      for (const [key, enabled] of Object.entries(configPaths)) {
+        if (enabled && p.includes(key)) return true;
+      }
+    }
+  } catch (error) {
+    if (process.env.DEBUG) {
+      console.debug(`[ast-core] Failed to load exclusions for shouldIgnore: ${error.message || String(error)}`);
+    }
+  }
   if (p.includes("node_modules/")) return true;
   if (p.includes("/.next/")) return true;
   if (p.includes("/dist/")) return true;
@@ -125,7 +137,7 @@ let exclusionsConfig = null;
 function loadExclusions() {
   if (exclusionsConfig) return exclusionsConfig;
   try {
-    const configPath = path.join(__dirname, '../../config/ast-exclusions.json');
+    const configPath = path.join(getRepoRoot(), 'config', 'ast-exclusions.json');
     if (fs.existsSync(configPath)) {
       exclusionsConfig = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
     }

package/scripts/hooks-system/infrastructure/ast/ast-intelligence.js

@@ -22,7 +22,7 @@ function formatLocalTimestamp(date = new Date()) {
 }
 
 const astModulesPath = __dirname;
-const { createProject, platformOf, mapToLevel } = require(path.join(astModulesPath, "ast-core"));
+const { createProject, platformOf, mapToLevel, shouldIgnore: coreShouldIgnore } = require(path.join(astModulesPath, "ast-core"));
 const MacOSNotificationAdapter = require(path.join(__dirname, '../adapters/MacOSNotificationAdapter'));
 const { runBackendIntelligence } = require(path.join(astModulesPath, "backend/ast-backend"));
 const { runFrontendIntelligence } = require(path.join(astModulesPath, "frontend/ast-frontend"));
@@ -138,8 +138,6 @@ function runProjectHardcodedThresholdAudit(root, allFiles, findings) {
     if (p.includes('/build/')) return true;
     if (p.includes('/coverage/')) return true;
     if (p.includes('/.audit_tmp/')) return true;
-    if (p.includes('/infrastructure/ast/')) return true;
-    if (p.includes('/scripts/hooks-system/')) return true;
     return false;
   };
 
@@ -706,6 +704,7 @@ function listSourceFiles(root) {
  */
 function shouldIgnore(file) {
   const p = file.replace(/\\/g, "/");
+  if (typeof coreShouldIgnore === 'function' && coreShouldIgnore(p)) return true;
   if (p.includes("node_modules/")) return true;
   if (p.includes("/.cursor/")) return true;
   if (/\.bak/i.test(p)) return true;

package/scripts/hooks-system/infrastructure/ast/backend/ast-backend.js

@@ -126,13 +126,10 @@ function runBackendIntelligence(project, findings, platform) {
         return;
       }
       // NO excluir archivos AST - la librería debe auto-auditarse
-      if (isTestFile(filePath)) return;
-
       sf.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
         const className = cls.getName() || '';
         const isValueObject = /Metrics|ValueObject|VO$|Dto$|Entity$/.test(className);
-        const isTestClass = /Spec$|Test$|Mock/.test(className);
-        if (isValueObject || isTestClass) return;
+        if (isValueObject) return;
 
         const methodsCount = cls.getMethods().length;
         const propertiesCount = cls.getProperties().length;

package/scripts/hooks-system/infrastructure/ast/backend/detectors/god-class-detector.js

@@ -7,8 +7,7 @@ function analyzeGodClasses(sourceFile, findings, { SyntaxKind, pushFinding, godC
     sourceFile.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
         const className = cls.getName() || '';
         const isValueObject = /Metrics|ValueObject|VO$|Dto$|Entity$/.test(className);
-        const isTestClass = /Spec$|Test$|Mock/.test(className);
-        if (isValueObject || isTestClass) return;
+        if (isValueObject) return;
 
         const methodsCount = cls.getMethods().length;
         const propertiesCount = cls.getProperties().length;

package/scripts/hooks-system/infrastructure/ast/common/ast-common.js

@@ -148,15 +148,22 @@ function runCommonIntelligence(project, findings) {
     sf.getDescendantsOfKind(SyntaxKind.CatchClause).forEach((clause) => {
       const block = typeof clause.getBlock === 'function' ? clause.getBlock() : null;
       const statements = block && typeof block.getStatements === 'function' ? block.getStatements() : [];
+
       if ((statements || []).length === 0) {
-        pushFinding(
-          'common.error.empty_catch',
-          'critical',
-          sf,
-          clause,
-          'Empty catch block detected - always handle errors (log, rethrow, wrap, or return Result)',
-          findings
-        );
+        const blockText = block ? block.getText() : '';
+        const hasTestAssertions = /XCTFail|XCTAssert|guard\s+case|expect\(|assert/i.test(blockText);
+        const hasErrorHandling = /throw|console\.|logger\.|log\(|print\(/i.test(blockText);
+
+        if (!hasTestAssertions && !hasErrorHandling) {
+          pushFinding(
+            'common.error.empty_catch',
+            'critical',
+            sf,
+            clause,
+            'Empty catch block detected - always handle errors (log, rethrow, wrap, or return Result)',
+            findings
+          );
+        }
       }
     });
 

package/scripts/hooks-system/infrastructure/ast/ios/analyzers/iOSEnterpriseAnalyzer.js

@@ -1,7 +1,7 @@
 const path = require('path');
 const fs = require('fs').promises;
 const { SourceKittenParser } = require('../parsers/SourceKittenParser');
-const { pushFinding, mapToLevel } = require(path.join(__dirname, '../../ast-core'));
+const checks = require('./iOSEnterpriseChecks');
 
 class iOSEnterpriseAnalyzer {
   constructor() {
@@ -9,230 +9,6 @@ class iOSEnterpriseAnalyzer {
     this.findings = [];
   }
 
-  async analyzeFile(filePath, findings) {
-    this.findings = findings;
-
-    try {
-      const ast = await this.parser.parseFile(filePath);
-
-      if (!ast.parsed) {
-        console.warn(`[iOS Enterprise] Could not parse ${filePath}: ${ast.error}`);
-        return;
-      }
-
-      const content = await fs.readFile(filePath, 'utf-8');
-
-      const classes = this.parser.extractClasses(ast);
-      const functions = this.parser.extractFunctions(ast);
-      const properties = this.parser.extractProperties(ast);
-      const protocols = this.parser.extractProtocols(ast);
-
-      await this.analyzeSwiftModerno(ast, content, filePath);
-      await this.analyzeSwiftUI(ast, classes, filePath);
-      await this.analyzeUIKit(ast, classes, filePath);
-      await this.analyzeProtocolOriented(protocols, filePath);
-      await this.analyzeValueTypes(classes, filePath);
-      await this.analyzeMemoryManagement(content, filePath);
-      await this.analyzeOptionals(content, filePath);
-      await this.analyzeDependencyInjection(classes, filePath);
-      await this.analyzeNetworking(content, filePath);
-      await this.analyzePersistence(content, filePath);
-      await this.analyzeCombine(content, filePath);
-      await this.analyzeConcurrency(content, filePath);
-      await this.analyzeTesting(content, filePath);
-      await this.analyzeUITesting(content, filePath);
-      await this.analyzeSecurity(content, filePath);
-      await this.analyzeAccessibility(content, filePath);
-      await this.analyzeLocalization(content, filePath);
-      await this.analyzeArchitecturePatterns(classes, functions, filePath);
-      await this.analyzePerformance(functions, content, filePath);
-      await this.analyzeCodeOrganization(filePath, content);
-
-    } catch (error) {
-      console.error(`[iOS Enterprise] Error analyzing ${filePath}:`, error.message);
-    }
-  }
-
-  async analyzeSwiftModerno(ast, content, filePath) {
-    if (content.includes('completion:') && !content.includes('async ')) {
-      this.addFinding('ios.async_await_missing', 'medium', filePath, 1,
-        'Using completion handlers instead of async/await (Swift 5.9+ required)');
-    }
-
-    const taskCount = (content.match(/\bTask\s*\{/g) || []).length;
-    if (taskCount > 3 && !content.includes('TaskGroup')) {
-      this.addFinding('ios.structured_concurrency_missing', 'medium', filePath, 1,
-        `Multiple Task blocks (${taskCount}) without TaskGroup - use structured concurrency`);
-    }
-
-    if (content.includes('actor ') && !content.includes(': Sendable')) {
-      this.addFinding('ios.sendable_missing', 'low', filePath, 1,
-        'Actor should conform to Sendable protocol for thread-safe types');
-    }
-
-    if (content.includes('func ') && content.includes('-> View') && !content.includes('some View')) {
-      this.addFinding('ios.opaque_types_missing', 'low', filePath, 1,
-        'Use "some View" instead of explicit View protocol return');
-    }
-
-    if (content.includes('UIViewController') && !content.includes('@State') && !content.includes('@Binding')) {
-      this.addFinding('ios.property_wrappers_missing', 'info', filePath, 1,
-        'Consider using SwiftUI property wrappers (@State, @Binding) for state management');
-    }
-
-    const functions = this.parser.extractFunctions(ast);
-    functions.forEach(fn => {
-      if (fn.name.includes('Array') || fn.name.includes('Collection')) {
-        if (!content.includes('<T>') && !content.includes('<Element>')) {
-          this.addFinding('ios.generics_missing', 'low', filePath, fn.line,
-            `Function ${fn.name} should use generics for type safety`);
-        }
-      }
-    });
-  }
-
-  async analyzeSwiftUI(ast, classes, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-    const usesSwiftUI = this.parser.usesSwiftUI(ast);
-    const usesUIKit = this.parser.usesUIKit(ast);
-
-    if (usesUIKit && !usesSwiftUI) {
-      this.addFinding('ios.swiftui_first', 'medium', filePath, 1,
-        'Consider migrating to SwiftUI for new views (UIKit only when strictly necessary)');
-    }
-
-    if (usesSwiftUI) {
-      if (!content.includes('@State')) {
-        this.addFinding('ios.state_local_missing', 'info', filePath, 1,
-          'SwiftUI view without @State - consider if local state is needed');
-      }
-
-      if (content.includes('ObservableObject') && !content.includes('@StateObject')) {
-        this.addFinding('ios.stateobject_missing', 'high', filePath, 1,
-          'ObservableObject should be owned with @StateObject, not @ObservedObject');
-      }
-
-      if (content.includes('class') && content.includes('ObservableObject') && !content.includes('@EnvironmentObject')) {
-        this.addFinding('ios.environmentobject_missing', 'info', filePath, 1,
-          'Consider using @EnvironmentObject for dependency injection in SwiftUI');
-      }
-
-      if (content.includes('.frame(') && content.includes('CGRect(')) {
-        this.addFinding('ios.declarativo_missing', 'medium', filePath, 1,
-          'Using imperative CGRect in SwiftUI - use declarative .frame() modifiers');
-      }
-
-      const geometryReaderCount = (content.match(/GeometryReader/g) || []).length;
-      if (geometryReaderCount > 2) {
-        this.addFinding('ios.geometryreader_moderation', 'medium', filePath, 1,
-          `Excessive GeometryReader usage (${geometryReaderCount}x) - use only when necessary`);
-      }
-    }
-  }
-
-  async analyzeUIKit(ast, classes, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-
-    classes.forEach(cls => {
-      if (cls.name.includes('ViewController')) {
-        const linesCount = cls.substructure.length * 10;
-        if (linesCount > 300) {
-          this.addFinding('ios.massive_viewcontrollers', 'high', filePath, cls.line,
-            `Massive ViewController ${cls.name} (~${linesCount} lines) - break down into smaller components`);
-        }
-
-        if (!content.includes('ViewModel')) {
-          this.addFinding('ios.uikit.viewmodel_delegation', 'medium', filePath, cls.line,
-            `ViewController ${cls.name} should delegate logic to ViewModel (MVVM pattern)`);
-        }
-      }
-    });
-
-    if (filePath.endsWith('.swift') && !filePath.includes('analyzer') && !filePath.includes('detector')) {
-      if (content.includes('storyboard') || content.includes('.xib') || content.includes('.nib')) {
-        this.addFinding('ios.storyboards', 'high', filePath, 1,
-          'Storyboard/XIB detected - use programmatic UI for better version control');
-      }
-    }
-  }
-
-  async analyzeProtocolOriented(protocols, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-
-    if (protocols.length > 0 && !content.includes('extension ')) {
-      this.addFinding('ios.pop.missing_extensions', 'low', filePath, 1,
-        'Protocols detected but no extensions - consider protocol extensions for default implementations');
-    }
-
-    if (content.includes('class ') && content.includes(': ')) {
-      const inheritanceCount = (content.match(/class\s+\w+\s*:\s*\w+/g) || []).length;
-      if (inheritanceCount > 2) {
-        this.addFinding('ios.pop.missing_composition_over_inheritance', 'medium', filePath, 1,
-          `Excessive class inheritance (${inheritanceCount}x) - prefer protocol composition`);
-      }
-    }
-  }
-
-  async analyzeValueTypes(classes, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-
-    classes.forEach(cls => {
-      if (!cls.inheritedTypes.length && !content.includes('ObservableObject')) {
-        this.addFinding('ios.values.classes_instead_structs', 'medium', filePath, cls.line,
-          `Class ${cls.name} without inheritance - consider struct for value semantics`);
-      }
-    });
-
-    const varCount = (content.match(/\bvar\s+/g) || []).length;
-    const letCount = (content.match(/\blet\s+/g) || []).length;
-    if (varCount > letCount) {
-      this.addFinding('ios.values.mutability', 'low', filePath, 1,
-        `More var (${varCount}) than let (${letCount}) - prefer immutability`);
-    }
-  }
-
-  async analyzeMemoryManagement(content, filePath) {
-    const closureMatches = content.match(/\{\s*\[/g);
-    const weakSelfMatches = content.match(/\[weak self\]/g);
-    if (closureMatches && closureMatches.length > (weakSelfMatches?.length || 0)) {
-      this.addFinding('ios.memory.missing_weak_self', 'high', filePath, 1,
-        'Closures without [weak self] - potential retain cycles');
-    }
-
-    if (content.includes('self.') && content.includes('{') && !content.includes('[weak self]')) {
-      this.addFinding('ios.memory.retain_cycles', 'high', filePath, 1,
-        'Potential retain cycle - closure captures self without [weak self]');
-    }
-
-    if (content.includes('class ') && !content.includes('deinit')) {
-      this.addFinding('ios.memory.missing_deinit', 'low', filePath, 1,
-        'Class without deinit - consider adding for cleanup verification');
-    }
-  }
-
-  async analyzeOptionals(content, filePath) {
-    const forceUnwraps = content.match(/(\w+)\s*!/g);
-    if (forceUnwraps && forceUnwraps.length > 0) {
-      const nonIBOutlets = forceUnwraps.filter(match => !content.includes(`@IBOutlet`));
-      if (nonIBOutlets.length > 0) {
-        this.addFinding('ios.force_unwrapping', 'high', filePath, 1,
-          `Force unwrapping (!) detected ${nonIBOutlets.length}x - use if let or guard let`);
-      }
-    }
-
-    const ifLetCount = (content.match(/if\s+let\s+/g) || []).length;
-    const guardLetCount = (content.match(/guard\s+let\s+/g) || []).length;
-    if (ifLetCount === 0 && guardLetCount === 0 && content.includes('?')) {
-      this.addFinding('ios.optionals.optional_binding', 'medium', filePath, 1,
-        'Optionals present but no optional binding - use if let or guard let');
-    }
-
-    if (content.includes('?') && !content.includes('??')) {
-      this.addFinding('ios.optionals.missing_nil_coalescing', 'info', filePath, 1,
-        'Consider using nil coalescing operator (??) for default values');
-    }
-  }
-
   addFinding(ruleId, severity, filePath, line, message) {
     this.findings.push({
       ruleId,
@@ -244,180 +20,41 @@ class iOSEnterpriseAnalyzer {
     });
   }
 
-  async analyzeDependencyInjection(classes, filePath) {
-    const content = await fs.readFile(filePath, 'utf-8');
-
-    if (content.includes('.shared') || content.includes('static let shared')) {
-      this.addFinding('ios.di.singleton_usage', 'high', filePath, 1,
-        'Singleton detected - use dependency injection instead');
-    }
-
-    classes.forEach(cls => {
-      if (cls.name.includes('ViewModel') || cls.name.includes('Service')) {
-        const hasInit = content.includes(`init(`);
-        if (!hasInit) {
-          this.addFinding('ios.di.missing_protocol_injection', 'medium', filePath, cls.line,
-            `${cls.name} should inject dependencies via initializer`);
-        }
-      }
-    });
-
-    if (content.includes('init(') && content.match(/init\([^)]{50,}\)/)) {
-      this.addFinding('ios.di.missing_factory', 'low', filePath, 1,
-        'Complex initialization - consider factory pattern');
-    }
-  }
-
-  async analyzeNetworking(content, filePath) {
-    if (String(filePath || '').endsWith('/Package.swift') || String(filePath || '').endsWith('Package.swift')) {
-      return;
-    }
-    if (!content.includes('URLSession') && !content.includes('Alamofire')) {
-      if (content.includes('http://') || content.includes('https://')) {
-        this.addFinding('ios.networking.missing_urlsession', 'high', filePath, 1,
-          'Network URLs detected but no URLSession/Alamofire usage');
+  async analyzeFile(filePath, findings) {
+    this.findings = findings;
+    try {
+      const ast = await this.parser.parseFile(filePath);
+      if (!ast.parsed) {
+        console.warn(`[iOS Enterprise] Could not parse ${filePath}: ${ast.error}`);
+        return;
       }
-    }
-
-    if (content.includes('URLSession') && content.includes('completionHandler:') && !content.includes('async')) {
-      this.addFinding('ios.networking.completion_handlers_instead_async', 'medium', filePath, 1,
-        'Using completion handlers with URLSession - migrate to async/await');
-    }
-
-    if (content.includes('JSONSerialization') && !content.includes('Codable')) {
-      this.addFinding('ios.networking.missing_codable', 'medium', filePath, 1,
-        'Manual JSON parsing - use Codable for type safety');
-    }
-
-    if (content.includes('URLSession') && !content.includes('NetworkError')) {
-      this.addFinding('ios.networking.missing_error_handling', 'high', filePath, 1,
-        'Network code without custom NetworkError enum');
-    }
-
-    // Check for SSL pinning implementation
-    const hasSSLPinningImplementation =
-      content.includes('serverTrustPolicy') ||
-      content.includes('pinning') ||
-      (content.includes('URLSessionDelegate') && content.includes('URLAuthenticationChallenge'));
-
-    if (content.includes('URLSession') && !hasSSLPinningImplementation) {
-      this.addFinding('ios.networking.missing_ssl_pinning', 'medium', filePath, 1,
-        'Consider SSL pinning for high-security apps');
-    }
-
-    if (content.includes('URLSession') && !content.includes('retry')) {
-      this.addFinding('ios.networking.missing_retry', 'low', filePath, 1,
-        'Network requests without retry logic');
-    }
-  }
-
-  async analyzePersistence(content, filePath) {
-    if (content.includes('UserDefaults') && (content.includes('password') || content.includes('token') || content.includes('auth'))) {
-      this.addFinding('ios.persistence.userdefaults_sensitive', 'critical', filePath, 1,
-        'Sensitive data in UserDefaults - use Keychain instead');
-    }
-
-    if ((content.includes('password') || content.includes('token')) && !content.includes('Keychain') && !content.includes('Security')) {
-      this.addFinding('ios.persistence.missing_keychain', 'critical', filePath, 1,
-        'Sensitive data detected but no Keychain usage');
-    }
 
-    if (content.includes('NSManagedObjectContext') && content.includes('.main')) {
-      this.addFinding('ios.persistence.core_data_on_main', 'high', filePath, 1,
-        'Core Data operations on main thread - use background context');
-    }
-
-    if (content.includes('NSPersistentContainer') && !content.includes('NSMigrationManager')) {
-      this.addFinding('ios.persistence.missing_migration', 'medium', filePath, 1,
-        'Core Data without migration strategy');
-    }
-  }
-
-  async analyzeCombine(content, filePath) {
-    if (content.includes('.sink(') && !content.includes('AnyCancellable')) {
-      this.addFinding('ios.combine.missing_cancellables', 'high', filePath, 1,
-        'Combine sink without storing AnyCancellable - memory leak');
-    }
-
-    if (content.includes('@Published') && !content.includes('import Combine')) {
-      this.addFinding('ios.combine.published_without_combine', 'high', filePath, 1,
-        '@Published used but Combine not imported');
-    }
-
-    if (content.includes('.sink(') && !content.includes('receiveCompletion')) {
-      this.addFinding('ios.combine.error_handling', 'medium', filePath, 1,
-        'Combine subscriber without error handling (receiveCompletion)');
-    }
-
-    if (content.includes('Future<') && !content.includes('async')) {
-      this.addFinding('ios.combine.prefer_async_await', 'low', filePath, 1,
-        'Combine Future for single value - consider async/await instead');
-    }
-  }
-
-  async analyzeConcurrency(content, filePath) {
-    if (content.includes('DispatchQueue') && !content.includes('async func')) {
-      this.addFinding('ios.concurrency.dispatchqueue_old', 'medium', filePath, 1,
-        'Using DispatchQueue - prefer async/await for new code');
-    }
-
-    if (content.includes('DispatchQueue.main') && content.includes('UI')) {
-      this.addFinding('ios.concurrency.missing_mainactor', 'medium', filePath, 1,
-        'Manual main thread dispatch - use @MainActor annotation');
-    }
-
-    if (content.includes('Task {') && !content.includes('.cancel()') && !content.includes('Task.isCancelled')) {
-      this.addFinding('ios.concurrency.task_cancellation', 'low', filePath, 1,
-        'Task without cancellation handling');
-    }
-
-    if (content.includes('var ') && content.includes('queue') && !content.includes('actor')) {
-      this.addFinding('ios.concurrency.actor_missing', 'medium', filePath, 1,
-        'Manual synchronization with queue - consider actor for thread safety');
-    }
-  }
-
-  async analyzeTesting(content, filePath) {
-    if (filePath.includes('Test') && !content.includes('XCTest') && !content.includes('Quick')) {
-      this.addFinding('ios.testing.missing_xctest', 'high', filePath, 1,
-        'Test file without XCTest or Quick import');
-    }
-
-    if (filePath.includes('Test') && !content.includes('makeSUT') && content.includes('func test')) {
-      this.addFinding('ios.testing.missing_makesut', 'medium', filePath, 1,
-        'Test without makeSUT pattern - centralize system under test creation');
-    }
-
-    if (filePath.includes('Test') && !content.includes('trackForMemoryLeaks') && content.includes('class')) {
-      this.addFinding('ios.testing.missing_memory_leak_tracking', 'medium', filePath, 1,
-        'Test without trackForMemoryLeaks helper');
-    }
-
-    if (filePath.includes('Test') && content.includes('init(') && !content.includes('Protocol')) {
-      this.addFinding('ios.testing.concrete_dependencies', 'medium', filePath, 1,
-        'Test using concrete dependencies - inject protocols for testability');
-    }
-  }
-
-  async analyzeUITesting(content, filePath) {
-    if (filePath.includes('UITest') && !content.includes('XCUIApplication')) {
-      this.addFinding('ios.uitesting.missing_xcuitest', 'high', filePath, 1,
-        'UI test file without XCUIApplication');
-    }
-
-    if (filePath.includes('UITest') && !content.includes('accessibilityIdentifier')) {
-      this.addFinding('ios.uitesting.missing_accessibility', 'medium', filePath, 1,
-        'UI test without accessibility identifiers for element location');
-    }
-
-    if (filePath.includes('UITest') && content.includes('XCUIElement') && !content.includes('Page')) {
-      this.addFinding('ios.uitesting.missing_page_object', 'low', filePath, 1,
-        'UI test without Page Object pattern for encapsulation');
-    }
-
-    if (filePath.includes('UITest') && content.includes('.tap()') && !content.includes('waitForExistence')) {
-      this.addFinding('ios.uitesting.missing_wait', 'high', filePath, 1,
-        'UI test tapping without waitForExistence - flaky test');
+      const content = await fs.readFile(filePath, 'utf-8');
+      const classes = this.parser.extractClasses(ast) || [];
+      const functions = this.parser.extractFunctions(ast) || [];
+      const protocols = this.parser.extractProtocols(ast) || [];
+      const usesSwiftUI = typeof this.parser.usesSwiftUI === 'function' ? this.parser.usesSwiftUI(ast) : false;
+      const usesUIKit = typeof this.parser.usesUIKit === 'function' ? this.parser.usesUIKit(ast) : false;
+
+      const add = (ruleId, severity, line, message) =>
+        this.addFinding(ruleId, severity, filePath, line, message);
+
+      checks.analyzeSwiftModerno({ content, functions, filePath, addFinding: add });
+      checks.analyzeSwiftUI({ usesSwiftUI, usesUIKit, content, classes, filePath, addFinding: add });
+      checks.analyzeUIKit({ classes, content, filePath, addFinding: add });
+      checks.analyzeProtocolOriented({ protocols, content, filePath, addFinding: add });
+      checks.analyzeValueTypes({ classes, content, filePath, addFinding: add });
+      checks.analyzeMemoryManagement({ content, filePath, addFinding: add });
+      checks.analyzeOptionals({ content, filePath, addFinding: add });
+      checks.analyzeDependencyInjection({ classes, content, filePath, addFinding: add });
+      checks.analyzeNetworking({ content, filePath, addFinding: add });
+      checks.analyzePersistence({ content, filePath, addFinding: add });
+      checks.analyzeCombine({ content, filePath, addFinding: add });
+      checks.analyzeConcurrency({ content, filePath, addFinding: add });
+      checks.analyzeTesting({ content, filePath, addFinding: add });
+      checks.analyzeUITesting({ content, filePath, addFinding: add });
+    } catch (error) {
+      console.error(`[iOS Enterprise] Error analyzing ${filePath}:`, error.message);
     }
   }
 

package/scripts/hooks-system/infrastructure/ast/ios/analyzers/iOSEnterpriseChecks.js

@@ -0,0 +1,350 @@
+function analyzeSwiftModerno({ content, functions = [], filePath, addFinding }) {
+    if (content.includes('completion:') && !content.includes('async ')) {
+        addFinding('ios.async_await_missing', 'medium', filePath, 1,
+            'Using completion handlers instead of async/await (Swift 5.9+ required)');
+    }
+
+    const taskCount = (content.match(/\bTask\s*\{/g) || []).length;
+    if (taskCount > 3 && !content.includes('TaskGroup')) {
+        addFinding('ios.structured_concurrency_missing', 'medium', filePath, 1,
+            `Multiple Task blocks (${taskCount}) without TaskGroup - use structured concurrency`);
+    }
+
+    if (content.includes('actor ') && !content.includes(': Sendable')) {
+        addFinding('ios.sendable_missing', 'low', filePath, 1,
+            'Actor should conform to Sendable protocol for thread-safe types');
+    }
+
+    if (content.includes('func ') && content.includes('-> View') && !content.includes('some View')) {
+        addFinding('ios.opaque_types_missing', 'low', filePath, 1,
+            'Use "some View" instead of explicit View protocol return');
+    }
+
+    if (content.includes('UIViewController') && !content.includes('@State') && !content.includes('@Binding') && !content.includes('@ObservedObject')) {
+        addFinding('ios.property_wrappers_missing', 'info', filePath, 1,
+            'Consider using SwiftUI property wrappers (@State, @Binding, @ObservedObject) for state management');
+    }
+
+    const extractedFunctions = parser.extractFunctions ? parser.extractFunctions({ parsed: true }) || [] : [];
+    extractedFunctions.forEach(fn => {
+        if (fn.name.includes('Array') || fn.name.includes('Collection')) {
+            if (!content.includes('<T>') && !content.includes('<Element>')) {
+                addFinding('ios.generics_missing', 'low', filePath, fn.line,
+                    `Function ${fn.name} should use generics for type safety`);
+            }
+        }
+    });
+}
+
+async function analyzeSwiftUI({ usesSwiftUI, usesUIKit, content, classes, filePath, addFinding }) {
+    if (usesUIKit && !usesSwiftUI) {
+        addFinding('ios.swiftui_first', 'medium', filePath, 1,
+            'Consider migrating to SwiftUI for new views (UIKit only when strictly necessary)');
+    }
+
+    if (usesSwiftUI) {
+        if (!content.includes('@State')) {
+            addFinding('ios.state_local_missing', 'info', filePath, 1,
+                'SwiftUI view without @State - consider if local state is needed');
+        }
+
+        if (content.includes('ObservableObject') && !content.includes('@StateObject')) {
+            addFinding('ios.stateobject_missing', 'high', filePath, 1,
+                'ObservableObject should be owned with @StateObject, not @ObservedObject');
+        }
+
+        if (content.includes('class') && content.includes('ObservableObject') && !content.includes('@EnvironmentObject')) {
+            addFinding('ios.environmentobject_missing', 'info', filePath, 1,
+                'Consider using @EnvironmentObject for dependency injection in SwiftUI');
+        }
+
+        if (content.includes('.frame(') && content.includes('CGRect(')) {
+            addFinding('ios.declarativo_missing', 'medium', filePath, 1,
+                'Using imperative CGRect in SwiftUI - use declarative .frame() modifiers');
+        }
+
+        const geometryReaderCount = (content.match(/GeometryReader/g) || []).length;
+        if (geometryReaderCount > 2) {
+            addFinding('ios.geometryreader_moderation', 'medium', filePath, 1,
+                `Excessive GeometryReader usage (${geometryReaderCount}x) - use only when necessary`);
+        }
+    }
+}
+
+async function analyzeUIKit({ classes, content, filePath, addFinding }) {
+    classes.forEach(cls => {
+        if (cls.name.includes('ViewController')) {
+            const linesCount = cls.substructure.length * 10;
+            if (linesCount > 300) {
+                addFinding('ios.massive_viewcontrollers', 'high', filePath, cls.line,
+                    `Massive ViewController ${cls.name} (~${linesCount} lines) - break down into smaller components`);
+            }
+
+            if (!content.includes('ViewModel')) {
+                addFinding('ios.uikit.viewmodel_delegation', 'medium', filePath, cls.line,
+                    `ViewController ${cls.name} should delegate logic to ViewModel (MVVM pattern)`);
+            }
+        }
+    });
+
+    if (filePath.endsWith('.swift') && !filePath.includes('analyzer') && !filePath.includes('detector')) {
+        if (content.includes('storyboard') || content.includes('.xib') || content.includes('.nib')) {
+            addFinding('ios.storyboards', 'high', filePath, 1,
+                'Storyboard/XIB detected - use programmatic UI for better version control');
+        }
+    }
+}
+
+async function analyzeProtocolOriented({ protocols, content, filePath, addFinding }) {
+    if (protocols.length > 0 && !content.includes('extension ')) {
+        addFinding('ios.pop.missing_extensions', 'low', filePath, 1,
+            'Protocols detected but no extensions - consider protocol extensions for default implementations');
+    }
+
+    if (content.includes('class ') && content.includes(': ')) {
+        const inheritanceCount = (content.match(/class\s+\w+\s*:\s*\w+/g) || []).length;
+        if (inheritanceCount > 2) {
+            addFinding('ios.pop.missing_composition_over_inheritance', 'medium', filePath, 1,
+                `Excessive class inheritance (${inheritanceCount}x) - prefer protocol composition`);
+        }
+    }
+}
+
+async function analyzeValueTypes({ classes, content, filePath, addFinding }) {
+    classes.forEach(cls => {
+        if (!cls.inheritedTypes.length && !content.includes('ObservableObject')) {
+            addFinding('ios.values.classes_instead_structs', 'medium', filePath, cls.line,
+                `Class ${cls.name} without inheritance - consider struct for value semantics`);
+        }
+    });
+
+    const varCount = (content.match(/\bvar\s+/g) || []).length;
+    const letCount = (content.match(/\blet\s+/g) || []).length;
+    if (varCount > letCount) {
+        addFinding('ios.values.mutability', 'low', filePath, 1,
+            `More var (${varCount}) than let (${letCount}) - prefer immutability`);
+    }
+}
+
+function analyzeMemoryManagement({ content, filePath, addFinding }) {
+    const closureMatches = content.match(/\{\s*\[/g);
+    const weakSelfMatches = content.match(/\[weak self\]/g);
+    if (closureMatches && closureMatches.length > (weakSelfMatches?.length || 0)) {
+        addFinding('ios.memory.missing_weak_self', 'high', filePath, 1,
+            'Closures without [weak self] - potential retain cycles');
+    }
+
+    if (content.includes('self.') && content.includes('{') && !content.includes('[weak self]')) {
+        addFinding('ios.memory.retain_cycles', 'high', filePath, 1,
+            'Potential retain cycle - closure captures self without [weak self]');
+    }
+
+    if (content.includes('class ') && !content.includes('deinit')) {
+        addFinding('ios.memory.missing_deinit', 'low', filePath, 1,
+            'Class without deinit - consider adding for cleanup verification');
+    }
+}
+
+function analyzeOptionals({ content, filePath, addFinding }) {
+    const forceUnwraps = content.match(/(\w+)\s*!/g);
+    if (forceUnwraps && forceUnwraps.length > 0) {
+        const nonIBOutlets = forceUnwraps.filter(match => !content.includes(`@IBOutlet`));
+        if (nonIBOutlets.length > 0) {
+            addFinding('ios.force_unwrapping', 'high', filePath, 1,
+                `Force unwrapping (!) detected ${nonIBOutlets.length}x - use if let or guard let`);
+        }
+    }
+
+    const ifLetCount = (content.match(/if\s+let\s+/g) || []).length;
+    const guardLetCount = (content.match(/guard\s+let\s+/g) || []).length;
+    if (ifLetCount === 0 && guardLetCount === 0 && content.includes('?')) {
+        addFinding('ios.optionals.optional_binding', 'medium', filePath, 1,
+            'Optionals present but no optional binding - use if let or guard let');
+    }
+
+    if (content.includes('?') && !content.includes('??')) {
+        addFinding('ios.optionals.missing_nil_coalescing', 'info', filePath, 1,
+            'Consider using nil coalescing operator (??) for default values');
+    }
+}
+
+async function analyzeDependencyInjection({ classes, content, filePath, addFinding }) {
+    if (content.includes('.shared') || content.includes('static let shared')) {
+        addFinding('ios.di.singleton_usage', 'high', filePath, 1,
+            'Singleton detected - use dependency injection instead');
+    }
+
+    classes.forEach(cls => {
+        if (cls.name.includes('ViewModel') || cls.name.includes('Service')) {
+            const hasInit = content.includes('init(');
+            if (!hasInit) {
+                addFinding('ios.di.missing_protocol_injection', 'medium', filePath, cls.line,
+                    `${cls.name} should inject dependencies via initializer`);
+            }
+        }
+    });
+
+    if (content.includes('init(') && content.match(/init\([^)]{50,}\)/)) {
+        addFinding('ios.di.missing_factory', 'low', filePath, 1,
+            'Complex initialization - consider factory pattern');
+    }
+}
+
+async function analyzeNetworking({ content, filePath, addFinding }) {
+    if (String(filePath || '').endsWith('/Package.swift') || String(filePath || '').endsWith('Package.swift')) {
+        return;
+    }
+    if (!content.includes('URLSession') && !content.includes('Alamofire')) {
+        if (content.includes('http://') || content.includes('https://')) {
+            addFinding('ios.networking.missing_urlsession', 'high', filePath, 1,
+                'Network URLs detected but no URLSession/Alamofire usage');
+        }
+    }
+
+    if (content.includes('URLSession') && content.includes('completionHandler:') && !content.includes('async')) {
+        addFinding('ios.networking.completion_handlers_instead_async', 'medium', filePath, 1,
+            'Using completion handlers with URLSession - migrate to async/await');
+    }
+
+    if (content.includes('JSONSerialization') && !content.includes('Codable')) {
+        addFinding('ios.networking.missing_codable', 'medium', filePath, 1,
+            'Manual JSON parsing - use Codable for type safety');
+    }
+
+    if (content.includes('URLSession') && !content.includes('NetworkError')) {
+        addFinding('ios.networking.missing_error_handling', 'high', filePath, 1,
+            'Network code without custom NetworkError enum');
+    }
+
+    const hasSSLPinningImplementation =
+        content.includes('serverTrustPolicy') ||
+        content.includes('pinning') ||
+        (content.includes('URLSessionDelegate') && content.includes('URLAuthenticationChallenge'));
+
+    if (content.includes('URLSession') && !hasSSLPinningImplementation) {
+        addFinding('ios.networking.missing_ssl_pinning', 'medium', filePath, 1,
+            'Consider SSL pinning for high-security apps');
+    }
+
+    if (content.includes('URLSession') && !content.includes('retry')) {
+        addFinding('ios.networking.missing_retry', 'low', filePath, 1,
+            'Network requests without retry logic');
+    }
+}
+
+async function analyzePersistence({ content, filePath, addFinding }) {
+    if (content.includes('UserDefaults') && (content.includes('password') || content.includes('token') || content.includes('auth'))) {
+        addFinding('ios.persistence.userdefaults_sensitive', 'critical', filePath, 1,
+            'Sensitive data in UserDefaults - use Keychain instead');
+    }
+
+    if ((content.includes('password') || content.includes('token')) && !content.includes('Keychain') && !content.includes('Security')) {
+        addFinding('ios.persistence.missing_keychain', 'critical', filePath, 1,
+            'Sensitive data detected but no Keychain usage');
+    }
+
+    if (content.includes('NSManagedObjectContext') && content.includes('.main')) {
+        addFinding('ios.persistence.core_data_on_main', 'high', filePath, 1,
+            'Core Data operations on main thread - use background context');
+    }
+
+    if (content.includes('NSPersistentContainer') && !content.includes('NSMigrationManager')) {
+        addFinding('ios.persistence.missing_migration', 'medium', filePath, 1,
+            'Core Data without migration strategy');
+    }
+}
+
+function analyzeCombine({ content, filePath, addFinding }) {
+    if (content.includes('.sink(') && !content.includes('AnyCancellable')) {
+        addFinding('ios.combine.missing_cancellables', 'high', filePath, 1,
+            'Combine sink without storing AnyCancellable - memory leak');
+    }
+
+    if (content.includes('@Published') && !content.includes('import Combine')) {
+        addFinding('ios.combine.published_without_combine', 'high', filePath, 1,
+            '@Published used but Combine not imported');
+    }
+
+    if (content.includes('.sink(') && !content.includes('receiveCompletion')) {
+        addFinding('ios.combine.error_handling', 'medium', filePath, 1,
+            'Combine subscriber without error handling (receiveCompletion)');
+    }
+
+    if (content.includes('Future<') && !content.includes('async')) {
+        addFinding('ios.combine.prefer_async_await', 'low', filePath, 1,
+            'Combine Future for single value - consider async/await instead');
+    }
+}
+
+function analyzeConcurrency({ content, filePath, addFinding }) {
+    if (content.includes('DispatchQueue') && !content.includes('async func')) {
+        addFinding('ios.concurrency.dispatchqueue_old', 'medium', filePath, 1,
+            'Using DispatchQueue - prefer async/await for new code');
+    }
+
+    if (content.includes('DispatchQueue.main') && content.includes('UI')) {
+        addFinding('ios.concurrency.missing_mainactor', 'medium', filePath, 1,
+            'Manual main thread dispatch - use @MainActor annotation');
+    }
+
+    if (content.includes('Task {') && !content.includes('.cancel()') && !content.includes('Task.isCancelled')) {
+        addFinding('ios.concurrency.task_cancellation', 'low', filePath, 1,
+            'Task without cancellation handling');
+    }
+
+    if (content.includes('var ') && content.includes('queue') && !content.includes('actor')) {
+        addFinding('ios.concurrency.actor_missing', 'medium', filePath, 1,
+            'Manual synchronization with queue - consider actor for thread safety');
+    }
+}
+
+function analyzeTesting({ content, filePath, addFinding }) {
+    if (filePath.includes('Test') && !content.includes('XCTest') && !content.includes('Quick')) {
+        addFinding('ios.testing.missing_xctest', 'high', filePath, 1,
+            'Test file without XCTest or Quick import');
+    }
+
+    if (filePath.includes('Test') && !content.includes('makeSUT') && content.includes('func test')) {
+        addFinding('ios.testing.missing_makesut', 'medium', filePath, 1,
+            'Test without makeSUT pattern - centralize system under test creation');
+    }
+
+    if (filePath.includes('Test') && !content.includes('trackForMemoryLeaks') && content.includes('class')) {
+        addFinding('ios.testing.missing_memory_leak_tracking', 'medium', filePath, 1,
+            'Test without trackForMemoryLeaks helper');
+    }
+
+    if (filePath.includes('Test') && content.includes('init(') && !content.includes('Protocol')) {
+        addFinding('ios.testing.concrete_dependencies', 'medium', filePath, 1,
+            'Test using concrete dependencies - inject protocols for testability');
+    }
+}
+
+function analyzeUITesting({ content, filePath, addFinding }) {
+    if (filePath.includes('UITest') && !content.includes('XCTest')) {
+        addFinding('ios.uitesting.missing_xctest', 'medium', filePath, 1,
+            'UI Test without XCTest import');
+    }
+
+    if (filePath.includes('UITest') && !content.includes('XCUIApplication')) {
+        addFinding('ios.uitesting.missing_application_launch', 'medium', filePath, 1,
+            'UI Test missing XCUIApplication launch');
+    }
+}
+
+module.exports = {
+    analyzeSwiftModerno,
+    analyzeSwiftUI,
+    analyzeUIKit,
+    analyzeProtocolOriented,
+    analyzeValueTypes,
+    analyzeMemoryManagement,
+    analyzeOptionals,
+    analyzeDependencyInjection,
+    analyzeNetworking,
+    analyzePersistence,
+    analyzeCombine,
+    analyzeConcurrency,
+    analyzeTesting,
+    analyzeUITesting,
+};

package/scripts/hooks-system/infrastructure/mcp/ast-intelligence-automation.js

@@ -992,48 +992,64 @@ async function aiGateCheck() {
             }
         }
 
-        const platformsToLoad = detectedPlatforms.length > 0
-            ? detectedPlatforms.map(p => String(p).toLowerCase())
-            : ['backend', 'frontend', 'ios', 'android'];
+        const fallbackPlatforms = ['backend', 'frontend', 'ios', 'android'];
+        const platformsForRules = (detectedPlatforms.length > 0 ? detectedPlatforms : fallbackPlatforms)
+            .filter(Boolean);
+        const normalizedPlatforms = Array.from(new Set(platformsForRules));
 
         let mandatoryRules = null;
         try {
-            const rulesData = await loadPlatformRules(platformsToLoad);
+            const rulesData = await loadPlatformRules(normalizedPlatforms);
+            const rulesSample = rulesData.criticalRules.slice(0, 5).map(r => r.rule || r);
+            const rulesCount = rulesData.criticalRules.length;
             mandatoryRules = {
-                platforms: platformsToLoad,
-                criticalRules: rulesData.criticalRules || [],
-                rulesLoaded: Object.keys(rulesData.rules || {}),
-                warning: '⚠️ AI MUST read and follow these rules before ANY code generation or modification'
+                platforms: normalizedPlatforms,
+                criticalRules: rulesData.criticalRules,
+                rulesLoaded: Object.keys(rulesData.rules),
+                totalRulesCount: rulesCount,
+                rulesSample,
+                proofOfRead: `✅ VERIFIED: ${rulesCount} critical rules loaded from ${Object.keys(rulesData.rules).join(', ')}`
             };
-        } catch (err) {
+        } catch (error) {
             if (process.env.DEBUG) {
-                process.stderr.write(`[MCP] loadPlatformRules failed: ${err.message}\n`);
+                process.stderr.write(`[MCP] loadPlatformRules failed: ${error.message}\n`);
             }
+
             mandatoryRules = {
-                platforms: platformsToLoad,
+                platforms: normalizedPlatforms,
                 criticalRules: [],
                 rulesLoaded: [],
-                warning: '⚠️ Rules loading failed but AI MUST still follow project conventions',
-                error: err.message
+                status: 'FAILED_TO_LOAD',
+                error: `Failed to load rules content: ${error && error.message ? error.message : String(error)}`
             };
         }
 
+        const rulesLoadedSuccessfully = mandatoryRules &&
+            mandatoryRules.criticalRules &&
+            mandatoryRules.criticalRules.length > 0;
+
+        if (!rulesLoadedSuccessfully) {
+            violations.push('❌ RULES_NOT_LOADED: Critical platform rules could not be loaded. AI cannot proceed without reading mandatory rules.');
+        }
+
+        const finalBlocked = isBlocked || !rulesLoadedSuccessfully;
+
         return {
-            status: isBlocked ? 'BLOCKED' : 'ALLOWED',
+            status: finalBlocked ? 'BLOCKED' : 'ALLOWED',
             timestamp: new Date().toISOString(),
             branch: currentBranch,
             violations,
             warnings,
             autoFixes,
-            mandatory_rules: mandatoryRules,
-            summary: isBlocked
+            mandatory_rules: rulesLoadedSuccessfully
+                ? { ...mandatoryRules, status: 'LOADED_OK' }
+                : mandatoryRules,
+            summary: finalBlocked
                 ? `🚫 BLOCKED: ${violations.length} violation(s). Fix before proceeding.`
-                : `🚦 ALLOWED: Gate passed.${warnings.length > 0 ? ` ${warnings.length} warning(s).` : ''}`,
-            instructions: isBlocked
+                : `🚦 ALLOWED: Gate passed. ${mandatoryRules.totalRulesCount} critical rules loaded and verified.`,
+            instructions: finalBlocked
                 ? 'DO NOT proceed with user task. Announce violations and fix them first.'
-                : mandatoryRules
-                    ? `You may proceed with user task. CRITICAL: Review mandatory_rules.criticalRules BEFORE generating ANY code.`
-                    : 'You may proceed with user task.'
+                : `✅ ${mandatoryRules.totalRulesCount} RULES LOADED. Sample: ${mandatoryRules.rulesSample.slice(0, 2).join(' | ')}... Review ALL rules in mandatory_rules.criticalRules before ANY code generation.`
         };
     };
 
@@ -1050,6 +1066,13 @@ async function aiGateCheck() {
         violations: ['❌ GATE_TIMEOUT: AI gate check timed out. Retry or run ai-start manually.'],
         warnings: [],
         autoFixes: [],
+        mandatory_rules: {
+            platforms: ['backend', 'frontend', 'ios', 'android'],
+            criticalRules: [],
+            rulesLoaded: [],
+            warning: '⚠️ AI MUST read and follow these rules before ANY code generation or modification',
+            error: 'Rules could not be loaded due to timeout'
+        },
         summary: '🚫 BLOCKED: Gate check timed out.',
         instructions: 'DO NOT proceed with user task. Retry the gate check.'
     };

package/scripts/hooks-system/infrastructure/orchestration/__tests__/intelligent-audit.spec.js

@@ -11,6 +11,22 @@ describe('intelligent-audit', () => {
     const mod = require('../intelligent-audit');
     expect(typeof mod.runIntelligentAudit).toBe('function');
   });
+
+  it('should filter staged violations strictly (no substring matches, no .audit_tmp)', () => {
+    const mod = require('../intelligent-audit');
+
+    expect(typeof mod.isViolationInStagedFiles).toBe('function');
+
+    const stagedSet = new Set([
+      'apps/ios/Application/AppCoordinator.swift'
+    ]);
+
+    expect(mod.isViolationInStagedFiles('apps/ios/Application/AppCoordinator.swift', stagedSet)).toBe(true);
+    expect(mod.isViolationInStagedFiles('apps/ios/Application/AppCoordinator.swift.backup', stagedSet)).toBe(false);
+    expect(mod.isViolationInStagedFiles('.audit_tmp/AppCoordinator.123.staged.swift', stagedSet)).toBe(false);
+    expect(mod.isViolationInStagedFiles('some/dir/.audit_tmp/AppCoordinator.123.staged.swift', stagedSet)).toBe(false);
+    expect(mod.isViolationInStagedFiles('apps/ios/Application/AppCoordinator', stagedSet)).toBe(false);
+  });
 });
 
 describe('AI_EVIDENCE.json structure validation', () => {

package/scripts/hooks-system/infrastructure/orchestration/intelligent-audit.js

@@ -235,6 +235,28 @@ function toRepoRelativePath(filePath) {
   return normalized;
 }
 
+function isAuditTmpPath(repoRelativePath) {
+  const normalized = normalizePathForMatch(repoRelativePath);
+  return normalized.startsWith('.audit_tmp/') || normalized.includes('/.audit_tmp/');
+}
+
+function isViolationInStagedFiles(violationPath, stagedSet) {
+  if (!violationPath) {
+    return false;
+  }
+
+  const repoRelative = toRepoRelativePath(violationPath);
+  if (!repoRelative) {
+    return false;
+  }
+
+  if (isAuditTmpPath(repoRelative)) {
+    return false;
+  }
+
+  return stagedSet.has(repoRelative);
+}
+
 function resolveAuditTmpDir() {
   const configured = (env.get('AUDIT_TMP', '') || '').trim();
   if (configured.length > 0) {
@@ -273,18 +295,7 @@ async function runIntelligentAudit() {
 
       const stagedViolations = rawViolations.filter(v => {
         const violationPath = toRepoRelativePath(v.filePath || v.file || '');
-        if (!violationPath) {
-          return false;
-        }
-        if (stagedSet.has(violationPath)) {
-          return true;
-        }
-        for (const sf of stagedSet) {
-          if (sf && (violationPath === sf || violationPath.endsWith('/' + sf) || violationPath.includes('/' + sf))) {
-            return true;
-          }
-        }
-        return false;
+        return isViolationInStagedFiles(violationPath, stagedSet);
       });
 
       console.log(`[Intelligent Audit] Gate scope: STAGING (${stagedFiles.length} files)`);
@@ -550,7 +561,7 @@ async function updateAIEvidence(violations, gateResult, tokenUsage) {
           file: v.filePath || v.file || 'unknown',
           line: v.line || null,
           severity: v.severity,
-          rule: ruleId,
+          rule_id: ruleId,
           message: v.message || v.description || '',
           category: v.category || deriveCategoryFromRuleId(ruleId),
           intelligent_evaluation: v.intelligentEvaluation || false,
@@ -683,4 +694,4 @@ if (require.main === module) {
   });
 }
 
-module.exports = { runIntelligentAudit };
+module.exports = { runIntelligentAudit, isViolationInStagedFiles, toRepoRelativePath };

package/scripts/hooks-system/infrastructure/shell/gitflow/gitflow-enforcer.sh

@@ -198,6 +198,16 @@ verify_atomic_commit() {
   done
 
   if (( root_count > 1 )); then
+    local has_scripts=0
+    local has_tests=0
+    for root in $roots_list; do
+      [[ "$root" == "scripts" ]] && has_scripts=1
+      [[ "$root" == "tests" ]] && has_tests=1
+    done
+    if [[ $has_scripts -eq 1 && $has_tests -eq 1 && $root_count -eq 2 ]]; then
+      printf "${GREEN}✅ Commit %s toca scripts + tests (permitido para bugfixes/features con tests).${NC}\n" "$commit"
+      return 0
+    fi
     printf "${RED}❌ Commit %s toca múltiples raíces (%s). Divide los cambios en commits atómicos.${NC}\n" "$commit" "$roots_list"
     return 1
   fi