pumuki 6.3.119 → 6.3.121

package/AGENTS.md

@@ -81,6 +81,17 @@ Antes de realizar cualquier accion:
   - explicar la regla exacta bloqueante, y
   - pedir decision explicita del usuario antes de continuar.
 
+## Protocolo condicionado de review paralela
+- MUST: Cuando el usuario pida revisar una rama, PR, diff amplio o cambio transversal, usar subagentes paralelos si el alcance lo justifica.
+- MUST: Separar la revision en tres focos independientes:
+  1. riesgos de seguridad
+  2. carencias de tests
+  3. mantenibilidad, deuda y complejidad
+- MUST: Integrar los hallazgos en una unica respuesta final priorizada por severidad, con referencias a archivo/linea y sin duplicar conclusiones.
+- MUST: Mantener el formato de review: hallazgos primero, preguntas/assumptions despues, resumen al final.
+- MUST: No activar este protocolo para implementaciones normales, fixes pequenos, tareas de tracking o cambios documentales simples salvo peticion explicita del usuario.
+- MUST: No sustituir los gates del repo por opiniones de subagentes; los subagentes aportan focos de revision, pero la respuesta final debe contrastar sus hallazgos con codigo, tests y evidencia local.
+
 ## Contrato hard de GitFlow y ramas (no negociable)
 - El ciclo GitFlow del proyecto es obligatorio.
 - Es obligatorio respetar ramas nombradas segun la convencion acordada del repositorio.

package/CHANGELOG.md

@@ -6,6 +6,20 @@ This project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [6.3.121] - 2026-04-28
+
+### Fixed
+
+- **Hotspots brownfield sin umbrales hardcodeados:** `BrownfieldHotspotGuard` deja de bloquear por tamaño implícito en carpetas `presentation`/`application`; el bloqueo por líneas solo se activa cuando el consumer declara explícitamente `max_lines` en `config/pumuki-hotspots.json`.
+- **Cierre de `PUMUKI-INC-114`:** el guard mantiene bloqueo declarativo para hotspots marcados, pero SRP/god class vuelve a depender de reglas/skills AST inteligentes en vez de números internos `800/1200`.
+
+## [6.3.120] - 2026-04-28
+
+### Fixed
+
+- **Watch no interactivo para auditoría machine-readable:** `pumuki watch --scope=repo --once --json` desactiva notificaciones por defecto en esa invocación de una sola pasada para terminar y emitir JSON sin depender de UI del sistema, cerrando `PUMUKI-INC-112`.
+- **Bloqueos de install visibles:** cuando `pumuki install` queda bloqueado por governance, emite una notificación `gate.blocked` y añade el estado de entrega al error, cerrando la brecha de visibilidad de `PUMUKI-INC-113`.
+
 ## [6.3.119] - 2026-04-28
 
 ### Fixed

package/VERSION

@@ -1 +1 @@
-v6.3.119
+v6.3.121

package/integrations/git/brownfieldHotspots.ts

@@ -24,9 +24,6 @@ type ObservedFile = {
 };
 
 const DEFAULT_HOTSPOTS_CONFIG_PATH = 'config/pumuki-hotspots.json';
-const PRESENTATION_OR_APPLICATION_SEGMENTS = ['/presentation/', '/application/'];
-const HIGH_LINE_THRESHOLD = 800;
-const CRITICAL_LINE_THRESHOLD = 1200;
 
 const isObject = (value: unknown): value is Record<string, unknown> =>
   typeof value === 'object' && value !== null;
@@ -102,11 +99,6 @@ const readBrownfieldHotspotConfig = (repoRoot: string): BrownfieldHotspotConfig
   }
 };
 
-const isSensitiveLayerPath = (path: string): boolean => {
-  const normalized = `/${toNormalizedPath(path).toLowerCase()}`;
-  return PRESENTATION_OR_APPLICATION_SEGMENTS.some((segment) => normalized.includes(segment));
-};
-
 const hasRequiredArtifacts = (
   repoRoot: string,
   candidates: ReadonlyArray<string> | undefined
@@ -245,28 +237,15 @@ export const evaluateBrownfieldHotspotFindings = (params: {
 
   for (const file of observedFiles) {
     const configEntry = configByPath.get(file.path);
-    const isSensitiveLayer = isSensitiveLayerPath(file.path);
-    if (typeof file.lineCount === 'number' && (isSensitiveLayer || configEntry?.max_lines)) {
-      const highThreshold = configEntry?.max_lines ?? HIGH_LINE_THRESHOLD;
-      const criticalThreshold = Math.max(highThreshold, CRITICAL_LINE_THRESHOLD);
-      if (file.lineCount > criticalThreshold) {
-        findings.push(
-          toHotspotSizeFinding({
-            stage: params.stage,
-            path: file.path,
-            lineCount: file.lineCount,
-            threshold: criticalThreshold,
-            severity: 'CRITICAL',
-            reason: configEntry?.reason,
-          })
-        );
-      } else if (file.lineCount > highThreshold) {
+    if (typeof file.lineCount === 'number' && configEntry?.max_lines) {
+      const threshold = configEntry.max_lines;
+      if (file.lineCount > threshold) {
         findings.push(
           toHotspotSizeFinding({
             stage: params.stage,
             path: file.path,
             lineCount: file.lineCount,
-            threshold: highThreshold,
+            threshold,
             severity: 'ERROR',
             reason: configEntry?.reason,
           })

package/integrations/lifecycle/cli.ts

@@ -721,7 +721,9 @@ export const parseLifecycleCliArgs = (argv: ReadonlyArray<string>): ParsedArgs =
       watchIntervalMs: watchIntervalMs ?? 3000,
       watchNotifyCooldownMs: watchNotifyCooldownMs ?? 30_000,
       watchSeverityThreshold: watchSeverityThreshold ?? 'high',
-      watchNotifyEnabled: watchNotifyEnabled !== false,
+      watchNotifyEnabled:
+        watchNotifyEnabled !== false &&
+        !(json && watchIterations === 1),
       ...(typeof watchIterations === 'number' ? { watchIterations } : {}),
     };
   }

package/integrations/lifecycle/install.ts

@@ -14,6 +14,7 @@ import { readOpenSpecManagedArtifacts, writeLifecycleState } from './state';
 import { ensureRuntimeArtifactsIgnored } from './artifacts';
 import { runLifecycleAdapterInstall } from './adapter';
 import { runPolicyReconcile } from './policyReconcile';
+import { emitGateBlockedNotification } from '../notifications/emitAuditSummaryNotification';
 
 export type LifecycleInstallResult = {
   repoRoot: string;
@@ -104,6 +105,7 @@ export const runLifecycleInstall = (params?: {
   npm?: ILifecycleNpmService;
   bootstrapOpenSpec?: boolean;
   bestEffortAfterDoctorBlock?: boolean;
+  notifyGateBlocked?: typeof emitGateBlockedNotification;
 }): LifecycleInstallResult => {
   const git = params?.git ?? new LifecycleGitService();
   const bestEffortAfterDoctorBlock =
@@ -134,8 +136,20 @@ export const runLifecycleInstall = (params?: {
       };
     }
     const renderedIssues = report.issues.map((issue) => `- [${issue.severity}] ${issue.message}`).join('\n');
+    const firstIssue = report.issues[0];
+    const notificationResult = (params?.notifyGateBlocked ?? emitGateBlockedNotification)({
+      repoRoot: report.repoRoot,
+      stage: 'PRE_COMMIT',
+      totalViolations: report.issues.length,
+      causeCode: 'LIFECYCLE_INSTALL_SAFETY_BLOCKED',
+      causeMessage: firstIssue?.message ?? 'pumuki install blocked by repository safety checks.',
+      remediation: 'Corrige las incidencias activas del tracking externo y reintenta pumuki install.',
+    });
+    const notificationLine = notificationResult.delivered
+      ? '- [info] Blocking notification delivered.'
+      : `- [warning] Blocking notification not delivered: ${notificationResult.reason}`;
     throw new Error(
-      `pumuki install blocked by repository safety checks.\n${renderedIssues}\n` +
+      `pumuki install blocked by repository safety checks.\n${renderedIssues}\n${notificationLine}\n` +
       'Fix the baseline (for example tracked node_modules) and retry.'
     );
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.119",
+  "version": "6.3.121",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {