pumuki 6.3.127 → 6.3.128

package/VERSION

@@ -1 +1 @@
-v6.3.127
+v6.3.128

package/integrations/config/skillsRuleSet.ts

@@ -21,13 +21,25 @@ export type SkillsRuleSetLoadResult = {
   mappedHeuristicRuleIds: ReadonlySet<string>;
   requiresHeuristicFacts: boolean;
   unsupportedAutoRuleIds?: ReadonlyArray<string>;
+  registryCoverage?: {
+    contract: 'AUTO_RUNTIME_RULES_FOR_STAGE';
+    stage: Exclude<GateStage, 'STAGED'>;
+    registryTotals: {
+      total: number;
+      auto: number;
+      declarative: number;
+    };
+    stageApplicableAutoRuleIds: ReadonlyArray<string>;
+    declarativeRuleIds: ReadonlyArray<string>;
+    excludedDeclarativeReason: string;
+  };
 };
 
 const STAGE_RANK: Record<Exclude<GateStage, 'STAGED'>, number> = {
-  PRE_WRITE: 30,
-  PRE_COMMIT: 30,
+  PRE_WRITE: 10,
+  PRE_COMMIT: 20,
   PRE_PUSH: 30,
-  CI: 30,
+  CI: 40,
 };
 
 const PLATFORM_KEYS: ReadonlyArray<keyof DetectedPlatforms> = [
@@ -445,31 +457,7 @@ const toRuleDefinition = (params: {
     };
   }
 
-  // Declarative rules remain explicit, but AUTO rules without mapping are
-  // excluded from runtime rule conversion and reported separately.
-  return {
-    id: params.rule.id,
-    description: params.rule.description,
-    severity,
-    platform: params.rule.platform,
-    locked: params.rule.locked ?? true,
-    confidence: params.rule.confidence,
-    when: {
-      kind: 'FileContent',
-      regex: ['a^'],
-    },
-    then: {
-      kind: 'Finding',
-      message: `[Declarative] ${params.rule.description}`,
-      code: `${toCode(params.rule.id)}_DECLARATIVE`,
-      source: runtimeIrSource,
-    },
-    scope: resolveScopeForPlatform(
-      params.rule.platform,
-      params.repoRoot,
-      params.observedFilePaths
-    ),
-  };
+  return undefined;
 };
 
 const hasDetectedPlatforms = (detectedPlatforms?: DetectedPlatforms): boolean => {
@@ -546,11 +534,23 @@ export const loadSkillsRuleSetForStage = (
   const rulesById = new Map<string, RuleDefinition>();
   const mappedHeuristicRuleIds = new Set<string>();
   const unsupportedAutoRuleIds = new Set<string>();
+  const registryRuleIds = new Set<string>();
+  const registryAutoRuleIds = new Set<string>();
+  const registryDeclarativeRuleIds = new Set<string>();
+  const stageApplicableAutoRuleIds = new Set<string>();
 
   for (const bundle of activeBundles) {
     const bundlePolicy = policy?.bundles[bundle.name];
 
     for (const compiledRule of bundle.rules) {
+      registryRuleIds.add(compiledRule.id);
+      const evaluationMode = resolveRuleEvaluationMode(compiledRule);
+      if (evaluationMode === 'AUTO') {
+        registryAutoRuleIds.add(compiledRule.id);
+      } else {
+        registryDeclarativeRuleIds.add(compiledRule.id);
+      }
+
       if (
         !isRulePlatformActive({
           rule: compiledRule,
@@ -561,7 +561,13 @@ export const loadSkillsRuleSetForStage = (
       }
 
       const mappedRuleIds = resolveMappedHeuristicRuleIdsForCompiledRule(compiledRule);
-      const evaluationMode = resolveRuleEvaluationMode(compiledRule);
+      if (!stageApplies(stage, compiledRule.stage)) {
+        continue;
+      }
+      if (evaluationMode !== 'AUTO') {
+        continue;
+      }
+      stageApplicableAutoRuleIds.add(compiledRule.id);
       if (evaluationMode === 'AUTO' && mappedRuleIds.length === 0) {
         unsupportedAutoRuleIds.add(compiledRule.id);
         continue;
@@ -596,5 +602,18 @@ export const loadSkillsRuleSetForStage = (
     mappedHeuristicRuleIds,
     requiresHeuristicFacts: mappedHeuristicRuleIds.size > 0,
     unsupportedAutoRuleIds: [...unsupportedAutoRuleIds].sort(),
+    registryCoverage: {
+      contract: 'AUTO_RUNTIME_RULES_FOR_STAGE',
+      stage,
+      registryTotals: {
+        total: registryRuleIds.size,
+        auto: registryAutoRuleIds.size,
+        declarative: registryDeclarativeRuleIds.size,
+      },
+      stageApplicableAutoRuleIds: [...stageApplicableAutoRuleIds].sort(),
+      declarativeRuleIds: [...registryDeclarativeRuleIds].sort(),
+      excludedDeclarativeReason:
+        'DECLARATIVE skills are registry contract/policy rules. They are not executed as PRE_COMMIT runtime detectors; only AUTO rules applicable to the current stage are evaluated.',
+    },
   };
 };

package/integrations/evidence/rulesCoverage.ts

@@ -34,6 +34,9 @@ export const createEmptySnapshotRulesCoverage = (
   stage: GateStage
 ): SnapshotRulesCoverage => ({
   stage,
+  contract: 'AUTO_RUNTIME_RULES_FOR_STAGE',
+  scope_note:
+    'No runtime rules were evaluated for this stage. DECLARATIVE registry rules are not runtime detectors.',
   active_rule_ids: [],
   evaluated_rule_ids: [],
   matched_rule_ids: [],
@@ -60,6 +63,11 @@ export const normalizeSnapshotRulesCoverage = (
   const matchedRuleIds = normalizeStringArray(value.matched_rule_ids);
   const unevaluatedRuleIds = normalizeStringArray(value.unevaluated_rule_ids);
   const unsupportedAutoRuleIds = normalizeStringArray(value.unsupported_auto_rule_ids ?? []);
+  const stageApplicableAutoRuleIds = normalizeStringArray(
+    value.stage_applicable_auto_rule_ids ?? []
+  );
+  const declarativeRuleIds = normalizeStringArray(value.declarative_rule_ids ?? []);
+  const registryTotals = value.registry_totals;
 
   const derivedCounts = {
     active: activeRuleIds.length,
@@ -83,6 +91,15 @@ export const normalizeSnapshotRulesCoverage = (
     ),
   };
 
+  if (registryTotals) {
+    counts.registry_total = normalizeCount(registryTotals.total);
+    counts.registry_auto = normalizeCount(registryTotals.auto);
+    counts.registry_declarative = normalizeCount(registryTotals.declarative);
+  }
+  if (stageApplicableAutoRuleIds.length > 0) {
+    counts.stage_applicable_auto = stageApplicableAutoRuleIds.length;
+  }
+
   if (unsupportedAutoCount > 0) {
     counts.unsupported_auto = unsupportedAutoCount;
   }
@@ -94,6 +111,10 @@ export const normalizeSnapshotRulesCoverage = (
 
   const normalized: SnapshotRulesCoverage = {
     stage,
+    contract: value.contract ?? 'AUTO_RUNTIME_RULES_FOR_STAGE',
+    scope_note:
+      value.scope_note ??
+      'rules_coverage reports AUTO runtime rules applicable to this stage, not total DECLARATIVE registry surface.',
     active_rule_ids: activeRuleIds,
     evaluated_rule_ids: evaluatedRuleIds,
     matched_rule_ids: matchedRuleIds,
@@ -102,6 +123,26 @@ export const normalizeSnapshotRulesCoverage = (
     coverage_ratio: coverageRatio,
   };
 
+  if (registryTotals) {
+    normalized.registry_totals = {
+      total: normalizeCount(registryTotals.total),
+      auto: normalizeCount(registryTotals.auto),
+      declarative: normalizeCount(registryTotals.declarative),
+    };
+  }
+
+  if (stageApplicableAutoRuleIds.length > 0) {
+    normalized.stage_applicable_auto_rule_ids = stageApplicableAutoRuleIds;
+  }
+
+  if (declarativeRuleIds.length > 0) {
+    normalized.declarative_rule_ids = declarativeRuleIds;
+  }
+
+  if (typeof value.declarative_excluded_reason === 'string') {
+    normalized.declarative_excluded_reason = value.declarative_excluded_reason;
+  }
+
   if (unsupportedAutoRuleIds.length > 0 || unsupportedAutoCount > 0) {
     normalized.unsupported_auto_rule_ids = unsupportedAutoRuleIds;
   }

package/integrations/evidence/schema.ts

@@ -47,16 +47,30 @@ export type SnapshotEvaluationMetrics = {
 
 export type SnapshotRulesCoverage = {
   stage: GateStage;
+  contract?: 'AUTO_RUNTIME_RULES_FOR_STAGE';
+  scope_note?: string;
   active_rule_ids: string[];
   evaluated_rule_ids: string[];
   matched_rule_ids: string[];
   unevaluated_rule_ids: string[];
   unsupported_auto_rule_ids?: string[];
+  registry_totals?: {
+    total: number;
+    auto: number;
+    declarative: number;
+  };
+  stage_applicable_auto_rule_ids?: string[];
+  declarative_rule_ids?: string[];
+  declarative_excluded_reason?: string;
   counts: {
     active: number;
     evaluated: number;
     matched: number;
     unevaluated: number;
+    registry_total?: number;
+    registry_auto?: number;
+    registry_declarative?: number;
+    stage_applicable_auto?: number;
     unsupported_auto?: number;
   };
   coverage_ratio: number;

package/integrations/git/runPlatformGate.ts

@@ -1115,10 +1115,24 @@ export async function runPlatformGate(params: {
   const rulesCoverage = coverage
     ? {
       stage: params.policy.stage,
+      contract: skillsRuleSet.registryCoverage?.contract ?? 'AUTO_RUNTIME_RULES_FOR_STAGE',
+      scope_note:
+        'rules_coverage reports AUTO runtime rules applicable to this stage; it does not claim full DECLARATIVE registry execution.',
       active_rule_ids: [...coverage.activeRuleIds],
       evaluated_rule_ids: [...coverage.evaluatedRuleIds],
       matched_rule_ids: [...coverage.matchedRuleIds],
       unevaluated_rule_ids: [...coverage.unevaluatedRuleIds],
+      ...(skillsRuleSet.registryCoverage
+        ? {
+          registry_totals: skillsRuleSet.registryCoverage.registryTotals,
+          stage_applicable_auto_rule_ids: [
+            ...skillsRuleSet.registryCoverage.stageApplicableAutoRuleIds,
+          ],
+          declarative_rule_ids: [...skillsRuleSet.registryCoverage.declarativeRuleIds],
+          declarative_excluded_reason:
+            skillsRuleSet.registryCoverage.excludedDeclarativeReason,
+        }
+        : {}),
       ...((skillsRuleSet.unsupportedAutoRuleIds?.length ?? 0) > 0
         ? {
           unsupported_auto_rule_ids: [...(skillsRuleSet.unsupportedAutoRuleIds ?? [])],
@@ -1129,6 +1143,16 @@ export async function runPlatformGate(params: {
         evaluated: coverage.evaluatedRuleIds.length,
         matched: coverage.matchedRuleIds.length,
         unevaluated: coverage.unevaluatedRuleIds.length,
+        ...(skillsRuleSet.registryCoverage
+          ? {
+            registry_total: skillsRuleSet.registryCoverage.registryTotals.total,
+            registry_auto: skillsRuleSet.registryCoverage.registryTotals.auto,
+            registry_declarative:
+              skillsRuleSet.registryCoverage.registryTotals.declarative,
+            stage_applicable_auto:
+              skillsRuleSet.registryCoverage.stageApplicableAutoRuleIds.length,
+          }
+          : {}),
         ...((skillsRuleSet.unsupportedAutoRuleIds?.length ?? 0) > 0
           ? {
             unsupported_auto: (skillsRuleSet.unsupportedAutoRuleIds ?? []).length,

package/integrations/lifecycle/audit.ts

@@ -1,5 +1,5 @@
 import { readEvidence } from '../evidence/readEvidence';
-import type { AiEvidenceV2_1, SnapshotFinding } from '../evidence/schema';
+import type { AiEvidenceV2_1, SnapshotFinding, SnapshotRulesCoverage } from '../evidence/schema';
 import { GitService, type IGitService } from '../git/GitService';
 import { hasAllowedExtension } from '../git/gitDiffUtils';
 import { runPlatformGate } from '../git/runPlatformGate';
@@ -31,6 +31,18 @@ export type LifecycleAuditResult = {
   snapshot_outcome: string | null;
   findings_count: number;
   blocking_findings_count: number;
+  rules_coverage: SnapshotRulesCoverage | null;
+  rule_id_normalization: {
+    contract: 'registry_or_declared_runtime_normalization';
+    registry_rule_ids_count: number;
+    finding_rule_ids_count: number;
+    entries: ReadonlyArray<{
+      runtime_rule_id: string;
+      registry_rule_id: string | null;
+      status: 'registry_1_to_1' | 'runtime_derived';
+      normalization: string;
+    }>;
+  };
   findings: ReadonlyArray<LifecycleAuditFinding>;
   policy_reconcile_hint: string;
 };
@@ -114,6 +126,39 @@ const extractAuditFindings = (params: {
   return [];
 };
 
+const buildRuleIdNormalization = (params: {
+  findings: ReadonlyArray<LifecycleAuditFinding>;
+  rulesCoverage: SnapshotRulesCoverage | undefined;
+}): LifecycleAuditResult['rule_id_normalization'] => {
+  const registryRuleIds = new Set([
+    ...(params.rulesCoverage?.stage_applicable_auto_rule_ids ?? []),
+    ...(params.rulesCoverage?.declarative_rule_ids ?? []),
+  ]);
+  const findingRuleIds = [...new Set(params.findings.map((finding) => finding.ruleId))].sort();
+  return {
+    contract: 'registry_or_declared_runtime_normalization',
+    registry_rule_ids_count: registryRuleIds.size,
+    finding_rule_ids_count: findingRuleIds.length,
+    entries: findingRuleIds.map((ruleId) => {
+      if (registryRuleIds.has(ruleId)) {
+        return {
+          runtime_rule_id: ruleId,
+          registry_rule_id: ruleId,
+          status: 'registry_1_to_1',
+          normalization: 'finding ruleId is an exact skills registry rule id',
+        };
+      }
+      return {
+        runtime_rule_id: ruleId,
+        registry_rule_id: null,
+        status: 'runtime_derived',
+        normalization:
+          'finding ruleId is emitted by baseline/runtime governance outside the skills registry; see rules_coverage for the AUTO skills scope evaluated at this stage',
+      };
+    }),
+  };
+};
+
 export const runLifecycleAudit = async (params: {
   stage: LifecycleAuditStage;
   auditMode: 'gate' | 'engine';
@@ -192,6 +237,11 @@ export const runLifecycleAudit = async (params: {
     snapshot_outcome: snapshotOutcome,
     findings_count: findings.length,
     blocking_findings_count: findings.filter((finding) => finding.blocking).length,
+    rules_coverage: evidence?.snapshot.rules_coverage ?? null,
+    rule_id_normalization: buildRuleIdNormalization({
+      findings,
+      rulesCoverage: evidence?.snapshot.rules_coverage,
+    }),
     findings,
     policy_reconcile_hint: POLICY_RECONCILE_HINT,
   };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.127",
+  "version": "6.3.128",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/scripts/framework-menu-consumer-actions-lib.ts

@@ -61,7 +61,7 @@ export const createConsumerLegacyMenuActions = (
     },
     {
       id: '14',
-      label: 'Engine audit · FULL tracked repo (no preflight · PRE_COMMIT)',
+      label: 'Engine audit · tracked repo files (AUTO runtime rules · PRE_COMMIT)',
       execute: params.runEngineFullRepoNoPreflight,
     },
     {