pumuki 6.3.113 → 6.3.115

package/integrations/git/aiGateRepoPolicyFindings.ts

@@ -1,20 +1,98 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { resolve } from 'node:path';
 import type { Finding } from '../../core/gate/Finding';
 import type { GateStage } from '../../core/gate/GateStage';
 import { evaluateAiGate, type AiGateStage } from '../gate/evaluateAiGate';
-import { resolveRepoTrackingState } from '../lifecycle/trackingState';
 
 const AI_GATE_STAGES = new Set<AiGateStage>(['PRE_WRITE', 'PRE_COMMIT', 'PRE_PUSH', 'CI']);
 
 const REPO_POLICY_CODES = new Set<string>([
   'GITFLOW_PROTECTED_BRANCH',
-  'GITFLOW_BRANCH_NAMING_INVALID',
-  'TRACKING_CANONICAL_SOURCE_CONFLICT',
-  'TRACKING_CANONICAL_FILE_MISSING',
   'TRACKING_CANONICAL_IN_PROGRESS_INVALID',
   'EVIDENCE_PREWRITE_WORKTREE_OVER_LIMIT',
   'EVIDENCE_PREWRITE_WORKTREE_WARN',
 ]);
 
+const TRACKING_CANDIDATE_FILES = [
+  'docs/technical/08-validation/refactor/pumuki-integration-feedback.md',
+  'docs/RURALGO_SEGUIMIENTO.md',
+  'docs/pumuki/PUMUKI_BUGS_MEJORAS.md',
+  'docs/BUGS_Y_MEJORAS_PUMUKI.md',
+  'PUMUKI-RESET-MASTER-PLAN.md',
+  'RURALGO_SEGUIMIENTO.md',
+] as const;
+
+type TrackingActiveEntry = {
+  taskId: string | null;
+  lineNumber: number;
+};
+
+export const collectTrackingActiveEntriesFromMarkdown = (
+  markdown: string
+): ReadonlyArray<TrackingActiveEntry> => {
+  const entries: TrackingActiveEntry[] = [];
+  const lines = markdown.split(/\r?\n/u);
+  for (const [index, line] of lines.entries()) {
+    const boardRowMatch = line.match(/^\|\s*🚧\s*\|\s*([A-Z0-9-]+)\s*\|/u);
+    if (boardRowMatch) {
+      entries.push({
+        taskId: boardRowMatch[1]!.trim(),
+        lineNumber: index + 1,
+      });
+      continue;
+    }
+    const tableMatch = line.match(
+      /^\|\s*\d+\s*\|\s*`([^`]+)`\s*\|.*\|\s*🚧(?:\s+reported\s+activo|\s+En construcción|\s+En construccion)?\s*\|/u
+    );
+    if (tableMatch) {
+      entries.push({
+        taskId: tableMatch[1]!.trim(),
+        lineNumber: index + 1,
+      });
+      continue;
+    }
+    const bulletMatch = line.match(/^- 🚧 (`?P[0-9A-Za-z.-]+`?)/u);
+    if (bulletMatch) {
+      entries.push({
+        taskId: bulletMatch[1]!.replaceAll('`', '').trim(),
+        lineNumber: index + 1,
+      });
+      continue;
+    }
+    if (/^- Estado:\s*🚧/u.test(line)) {
+      entries.push({
+        taskId: null,
+        lineNumber: index + 1,
+      });
+    }
+  }
+  return entries;
+};
+
+const formatTrackingEntry = (entry: TrackingActiveEntry): string =>
+  entry.taskId ? `${entry.taskId}@L${entry.lineNumber}` : `line_${entry.lineNumber}`;
+
+export const appendTrackingActionableContext = (params: {
+  repoRoot: string;
+  message: string;
+}): string => {
+  for (const candidate of TRACKING_CANDIDATE_FILES) {
+    const candidatePath = resolve(params.repoRoot, candidate);
+    if (!existsSync(candidatePath)) {
+      continue;
+    }
+    const source = readFileSync(candidatePath, 'utf8');
+    const entries = collectTrackingActiveEntriesFromMarkdown(source);
+    if (entries.length === 0) {
+      continue;
+    }
+    const preview = entries.slice(0, 3).map(formatTrackingEntry).join(', ');
+    const overflow = entries.length > 3 ? ` (+${entries.length - 3} more)` : '';
+    return `${params.message} active_entries=${preview}${overflow} tracking_source=${candidate}`;
+  }
+  return params.message;
+};
+
 const toRepoPolicyFinding = (params: {
   code: string;
   message: string;
@@ -28,18 +106,6 @@ const toRepoPolicyFinding = (params: {
   source: 'ai_gate:repo_policy',
 });
 
-const appendTrackingActionableContext = (repoRoot: string, message: string): string => {
-  const tracking = resolveRepoTrackingState(repoRoot);
-  const activeEntries = (tracking.in_progress_entries ?? [])
-    .map((entry) => `${entry.task_id ?? 'UNKNOWN'}@L${entry.line_number}`)
-    .join(', ');
-  if (!activeEntries) {
-    return message;
-  }
-  const lastRunStatus = tracking.last_run_status ?? 'absent';
-  return `${message} active_entries=${activeEntries} last_run_status=${lastRunStatus}.`;
-};
-
 export const collectAiGateRepoPolicyFindings = (params: {
   repoRoot: string;
   stage: GateStage;
@@ -58,7 +124,10 @@ export const collectAiGateRepoPolicyFindings = (params: {
         code: v.code,
         message:
           v.code === 'TRACKING_CANONICAL_IN_PROGRESS_INVALID'
-            ? appendTrackingActionableContext(params.repoRoot, v.message)
+            ? appendTrackingActionableContext({
+              repoRoot: params.repoRoot,
+              message: v.message,
+            })
             : v.message,
         severity: v.severity === 'ERROR' ? 'ERROR' : 'WARN',
       })

package/integrations/git/runPlatformGate.ts

@@ -1372,15 +1372,7 @@ export async function runPlatformGate(params: {
 
   if (gateOutcome === 'BLOCK') {
     if (params.silent !== true) {
-      const renderStage =
-        params.policy.stage === 'PRE_PUSH'
-          ? 'PRE_PUSH'
-          : params.policy.stage === 'CI'
-            ? 'CI'
-            : 'PRE_COMMIT';
-      dependencies.printGateFindings(findingsWithWaiver, {
-        stage: renderStage,
-      });
+    dependencies.printGateFindings(findingsWithWaiver);
     }
     return 1;
   }

package/integrations/git/runPlatformGateFacts.ts

@@ -19,6 +19,11 @@ export type GateScope =
     kind: 'workingTree';
     extensions?: string[];
   }
+  | {
+    kind: 'unstaged';
+    extensions?: string[];
+    includeUntracked?: boolean;
+  }
   | {
     kind: 'range';
     fromRef: string;
@@ -26,7 +31,17 @@ export type GateScope =
     extensions?: string[];
   };
 
-const DEFAULT_EXTENSIONS = ['.swift', '.ts', '.tsx', '.js', '.jsx', '.kt', '.kts'];
+export const DEFAULT_FACT_FILE_EXTENSIONS: ReadonlyArray<string> = [
+  '.swift',
+  '.ts',
+  '.tsx',
+  '.js',
+  '.jsx',
+  '.kt',
+  '.kts',
+];
+
+const DEFAULT_EXTENSIONS = DEFAULT_FACT_FILE_EXTENSIONS;
 
 export const countScannedFilesFromFacts = (facts: ReadonlyArray<Fact>): number => {
   const contentPaths = new Set<string>();
@@ -66,6 +81,9 @@ export const resolveFactsForGateScope = async (params: {
   if (params.scope.kind === 'workingTree') {
     return params.git.getStagedAndUnstagedFacts(extensions);
   }
+  if (params.scope.kind === 'unstaged') {
+    return params.git.getUnstagedFacts(extensions, params.scope.includeUntracked);
+  }
 
   return getFactsForCommitRange({
     fromRef: params.scope.fromRef,

package/integrations/git/runPlatformGateOutput.ts

@@ -1,5 +1,27 @@
 import type { Finding } from '../../core/gate/Finding';
-import { resolveGovernanceCatalogAction } from '../gate/governanceActionCatalog';
+
+const BLOCK_NEXT_ACTION_BY_CODE: Readonly<Record<string, string>> = {
+  SDD_SESSION_MISSING:
+    'npx --yes --package pumuki@latest pumuki sdd session --open --change=<id>',
+  SDD_SESSION_INVALID:
+    'npx --yes --package pumuki@latest pumuki sdd session --refresh --ttl-minutes=90',
+  PRE_PUSH_UPSTREAM_MISSING:
+    'git push --set-upstream origin <branch>',
+  PRE_PUSH_UPSTREAM_MISALIGNED:
+    'git branch --unset-upstream && git push --set-upstream origin <branch>',
+  EVIDENCE_STALE:
+    'npx --yes --package pumuki@latest pumuki-pre-commit',
+  EVIDENCE_BRANCH_MISMATCH:
+    'npx --yes --package pumuki@latest pumuki-pre-commit',
+  GIT_ATOMICITY_TOO_MANY_FILES:
+    'git restore --staged . && separa cambios en commits más pequeños',
+  GIT_ATOMICITY_TOO_MANY_SCOPES:
+    'Revisa scope_files del bloqueo y aplica: git restore --staged . && git add <scope>/ && git commit -m "<tipo>: <scope>"',
+  ACTIVE_RULE_IDS_EMPTY_FOR_CODE_CHANGES_HIGH:
+    'Reconcilia policy/skills y reintenta PRE_COMMIT: npx --yes --package pumuki@latest pumuki policy reconcile --strict --json && npx --yes --package pumuki@latest pumuki-pre-commit',
+  SKILLS_SKILLS_FRONTEND_NO_SOLID_VIOLATIONS:
+    'Aplica refactor incremental: extrae 1 componente/hook por commit y vuelve a ejecutar PRE_COMMIT.',
+};
 
 const severityWeight = (severity: string): number => {
   switch (severity.toUpperCase()) {
@@ -31,7 +53,13 @@ const resolvePrimaryFinding = (findings: ReadonlyArray<Finding>): Finding => {
 };
 
 const sortFindingsBySeverity = (findings: ReadonlyArray<Finding>): ReadonlyArray<Finding> =>
-  [...findings].sort((left, right) => severityWeight(right.severity) - severityWeight(left.severity));
+  [...findings].sort((left, right) => {
+    const severityDelta = severityWeight(right.severity) - severityWeight(left.severity);
+    if (severityDelta !== 0) {
+      return severityDelta;
+    }
+    return left.ruleId.localeCompare(right.ruleId);
+  });
 
 const normalizeAnchorLine = (lines: Finding['lines']): number => {
   if (Array.isArray(lines)) {
@@ -75,56 +103,27 @@ const formatFinding = (finding: Finding): string => {
   return `[${severity}] ${finding.ruleId}: ${finding.message} -> ${location}`;
 };
 
-const resolveAtomicityFallback = (code: string): string | null => {
-  switch (code) {
-    case 'GIT_ATOMICITY_TOO_MANY_FILES':
-      return 'git restore --staged . && separa cambios en commits más pequeños';
-    case 'GIT_ATOMICITY_TOO_MANY_SCOPES':
-      return 'Revisa scope_files del bloqueo y aplica: git restore --staged . && git add <scope>/ && git commit -m "<tipo>: <scope>"';
-    default:
-      return null;
-  }
-};
-
-export const printGateFindings = (
-  findings: ReadonlyArray<Finding>,
-  params?: { stage?: 'PRE_COMMIT' | 'PRE_PUSH' | 'CI' }
-): void => {
+export const printGateFindings = (findings: ReadonlyArray<Finding>): void => {
   if (findings.length === 0) {
     return;
   }
-  const primary = resolvePrimaryFinding(findings);
-  const action = resolveGovernanceCatalogAction({
-    code: primary.code,
-    stage: params?.stage ?? 'PRE_COMMIT',
-    fallback: {
-      reason_code: primary.code,
-      instruction: 'Corrige el bloqueante primario y vuelve a ejecutar la validación del stage actual.',
-      next_action: {
-        kind: 'info',
-        message:
-          resolveAtomicityFallback(primary.code)
-          ?? 'Corrige el bloqueante primario y vuelve a ejecutar el mismo comando.',
-      },
-    },
-  });
-  const nextAction = action.next_action.command ?? action.next_action.message;
+  const orderedFindings = sortFindingsBySeverity(findings);
+  const primary = resolvePrimaryFinding(orderedFindings);
+  const nextAction =
+    BLOCK_NEXT_ACTION_BY_CODE[primary.code]
+    ?? 'Corrige el bloqueante primario y vuelve a ejecutar el mismo comando.';
   process.stdout.write(
     `[pumuki][block-summary] primary=${primary.code} severity=${primary.severity.toUpperCase()} rule=${primary.ruleId}\n`
   );
-  process.stdout.write(`[pumuki][block-summary] reason_code=${action.reason_code}\n`);
-  process.stdout.write(`[pumuki][block-summary] instruction=${action.instruction}\n`);
   process.stdout.write(`[pumuki][block-summary] next_action=${nextAction}\n`);
-  if (action.next_action.command) {
-    process.stdout.write(`[pumuki][block-summary] command=${action.next_action.command}\n`);
-  }
-  const orderedFindings = sortFindingsBySeverity(findings);
   const secondaryWarnings = orderedFindings.filter(
-    (finding) => finding !== primary && finding.severity.toUpperCase() === 'WARN'
+    (finding) =>
+      finding !== primary &&
+      severityWeight(finding.severity) < severityWeight(primary.severity)
   );
-  for (const warning of secondaryWarnings) {
+  for (const finding of secondaryWarnings) {
     process.stdout.write(
-      `[pumuki][warning-summary] secondary=${warning.code} severity=${warning.severity.toUpperCase()} rule=${warning.ruleId}\n`
+      `[pumuki][warning-summary] secondary=${finding.code} severity=${finding.severity.toUpperCase()} rule=${finding.ruleId}\n`
     );
   }
   for (const finding of orderedFindings) {

package/integrations/lifecycle/adapter.templates.json

@@ -31,6 +31,7 @@
   "repo": [
     {
       "path": ".pumuki/adapter.json",
+      "mode": "json-merge",
       "payload": {
         "hooks": {
           "pre_write": {

package/integrations/lifecycle/adapter.ts

@@ -2,7 +2,6 @@ import { mkdirSync, readFileSync, writeFileSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { dirname, isAbsolute, join, resolve } from 'node:path';
 import { LifecycleGitService, type ILifecycleGitService } from './gitService';
-import { writeLifecycleBootstrapManifest } from './bootstrapManifest';
 
 export type AdapterAgent = string;
 
@@ -12,10 +11,6 @@ export type LifecycleAdapterInstallResult = {
   dryRun: boolean;
   written: boolean;
   changedFiles: ReadonlyArray<string>;
-  bootstrapManifest: {
-    path: string;
-    changed: boolean;
-  };
 };
 
 type AdapterTemplate = {
@@ -159,30 +154,11 @@ export const runLifecycleAdapterInstall = (params: {
     writeFileSync(absolutePath, nextContents, 'utf8');
   }
 
-  let bootstrapManifest = {
-    path: join(repoRoot, '.pumuki', 'bootstrap-manifest.json'),
-    changed: false,
-  };
-  if (!dryRun) {
-    const manifestWrite = writeLifecycleBootstrapManifest({
-      git,
-      repoRoot,
-    });
-    bootstrapManifest = {
-      path: manifestWrite.path,
-      changed: manifestWrite.changed,
-    };
-    if (manifestWrite.changed) {
-      changedFiles.push('.pumuki/bootstrap-manifest.json');
-    }
-  }
-
   return {
     repoRoot,
     agent: params.agent,
     dryRun,
     written: !dryRun,
     changedFiles,
-    bootstrapManifest,
   };
 };

package/integrations/lifecycle/audit.ts

@@ -0,0 +1,101 @@
+import { readEvidence } from '../evidence/readEvidence';
+import { GitService } from '../git/GitService';
+import { hasAllowedExtension } from '../git/gitDiffUtils';
+import { runPlatformGate } from '../git/runPlatformGate';
+import { evaluatePlatformGateFindings } from '../git/runPlatformGateEvaluation';
+import { DEFAULT_FACT_FILE_EXTENSIONS } from '../git/runPlatformGateFacts';
+import { resolvePolicyForStage } from '../gate/stagePolicies';
+
+export type LifecycleAuditStage = 'PRE_COMMIT' | 'PRE_PUSH' | 'CI';
+
+export type LifecycleAuditResult = {
+  command: 'pumuki audit';
+  repo_root: string;
+  stage: LifecycleAuditStage;
+  scope: { kind: 'repo' };
+  audit_mode: 'gate' | 'engine';
+  gate_exit_code: number;
+  files_scanned: number | null;
+  untracked_matching_extensions_count: number;
+  snapshot_outcome: string | null;
+  policy_reconcile_hint: string;
+};
+
+const POLICY_RECONCILE_HINT =
+  'If .pumuki/policy-as-code.json signatures drift after a pumuki upgrade, run: pumuki policy reconcile --apply';
+
+const countUntrackedMatchingExtensions = (
+  git: GitService,
+  extensions: ReadonlyArray<string>
+): number => {
+  const repoRoot = git.resolveRepoRoot();
+  const raw = git.runGit(['ls-files', '--others', '--exclude-standard'], repoRoot);
+  return raw
+    .split('\n')
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0)
+    .filter((path) => hasAllowedExtension(path, extensions)).length;
+};
+
+export const runLifecycleAudit = async (params: {
+  stage: LifecycleAuditStage;
+  auditMode: 'gate' | 'engine';
+}): Promise<LifecycleAuditResult> => {
+  const git = new GitService();
+  const repoRoot = git.resolveRepoRoot();
+  const resolved = resolvePolicyForStage(params.stage, repoRoot);
+  const extensions = DEFAULT_FACT_FILE_EXTENSIONS;
+  const untrackedMatchingExtensionsCount = countUntrackedMatchingExtensions(git, extensions);
+
+  const gateParams =
+    params.auditMode === 'engine'
+      ? {
+          policy: resolved.policy,
+          policyTrace: resolved.trace,
+          scope: { kind: 'repo' as const },
+          silent: true,
+          auditMode: 'engine' as const,
+          dependencies: {
+            evaluatePlatformGateFindings: (
+              evalParams: Parameters<typeof evaluatePlatformGateFindings>[0]
+            ) =>
+              evaluatePlatformGateFindings(evalParams, {
+                loadHeuristicsConfig: () => ({
+                  astSemanticEnabled: true,
+                  typeScriptScope: 'all',
+                }),
+              }),
+            printGateFindings: () => {},
+          },
+        }
+      : {
+          policy: resolved.policy,
+          policyTrace: resolved.trace,
+          scope: { kind: 'repo' as const },
+          silent: true,
+          auditMode: 'gate' as const,
+        };
+
+  const gateExitCode = await runPlatformGate(gateParams);
+  const evidence = readEvidence(repoRoot);
+  const filesScanned =
+    typeof evidence?.snapshot.files_scanned === 'number' &&
+    Number.isFinite(evidence.snapshot.files_scanned)
+      ? evidence.snapshot.files_scanned
+      : null;
+  const snapshotOutcome =
+    typeof evidence?.snapshot.outcome === 'string' ? evidence.snapshot.outcome : null;
+
+  return {
+    command: 'pumuki audit',
+    repo_root: repoRoot,
+    stage: params.stage,
+    scope: { kind: 'repo' },
+    audit_mode: params.auditMode,
+    gate_exit_code: gateExitCode,
+    files_scanned: filesScanned,
+    untracked_matching_extensions_count: untrackedMatchingExtensionsCount,
+    snapshot_outcome: snapshotOutcome,
+    policy_reconcile_hint: POLICY_RECONCILE_HINT,
+  };
+};