pumuki 6.3.131 → 6.3.133

package/CHANGELOG.md

@@ -6,6 +6,22 @@ This project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [6.3.133] - 2026-05-03
+
+### Fixed
+
+- **Skills enforcement endurecido a bloqueo duro:** `PRE_WRITE`, `PRE_COMMIT` y `PRE_PUSH` ya no admiten bypass advisory para violaciones de skills.
+- **Contrato de gate alineado de punta a punta:** `skillsEnforcement`, `evaluateAiGate`, `runPlatformGate` y el flujo CLI bloquean de forma consistente cuando falta cobertura, bundles o contrato de skills.
+- **Release listo para repin:** esta versión está preparada para publicarse y repinear consumers como RuralGo sin cerrar más gaps funcionales para este fix.
+
+## [6.3.132] - 2026-05-03
+
+### Fixed
+
+- **Reglas declarativas sin detector no bloquean el gate:** `unsupported_detector_rule_ids` se conserva en evidencia, pero deja de convertirse en `SKILLS_DETECTOR_MAPPING_INCOMPLETE_HIGH` cuando no hay reglas AUTO ejecutables sin detector.
+- **Bloqueo solo para AUTO real:** el guard de cobertura de skills ahora bloquea exclusivamente `unsupported_auto_rule_ids`, evitando que doctrina declarativa de skills vuelva a parar consumers con `coverage_ratio=1`.
+- **Regresión focalizada:** `runPlatformGate` cubre el caso en modo strict para asegurar que declarativas sin detector quedan como evidencia no bloqueante.
+
 ## [6.3.130] - 2026-05-03
 
 ### Fixed

package/VERSION

@@ -1 +1 @@
-v6.3.130
+v6.3.132

package/docs/operations/RELEASE_NOTES.md

@@ -4,6 +4,12 @@ This file tracks the active deterministic framework line used in this repository
 Canonical release chronology lives in `CHANGELOG.md`.
 This file keeps only the operational highlights and rollout notes that matter while running the framework.
 
+### 2026-05-03 (v6.3.133)
+
+- **Skills hard-blocking end-to-end:** `skillsEnforcement`, `evaluateAiGate`, `runPlatformGate` y el flujo CLI ya no dejan pasar advisory para violations de skills.
+- **Repin recomendado:** publicar `pumuki@6.3.133`, repinear RuralGo y revalidar `status`, `doctor`, `audit --stage=PRE_WRITE --json` y hooks gestionados.
+- **Contrato de release estable:** no hace falta cerrar más gaps funcionales para este fix; la solución ya quedó validada localmente y lo que falta es distribución.
+
 ### 2026-05-03 (v6.3.130)
 
 - **Menú consumer legacy recuperado:** `pumuki-framework` vuelve a mostrar la portada plana de 9 opciones y la salida clásica de auditoría.

package/integrations/gate/runPlatformGateConfig.ts

@@ -0,0 +1,55 @@
+import {
+  DEFAULT_DEGRADED_MODE_ACTION_ALLOW,
+  DEFAULT_DEGRADED_MODE_ACTION_BLOCK,
+  DEFAULT_GATE_AUDIT_MODE,
+  DEFAULT_LIST_SEPARATOR,
+  DEFAULT_MEMORY_SHADOW_DISPLAY_PRECISION,
+  DEFAULT_MEMORY_SHADOW_CONFIDENCE_ALLOW,
+  DEFAULT_MEMORY_SHADOW_CONFIDENCE_BLOCK,
+  DEFAULT_MEMORY_SHADOW_CONFIDENCE_WARN,
+  DEFAULT_MEMORY_SHADOW_CONFIDENCE_WARN_ADVISORY,
+  DEFAULT_RULES_COVERAGE_RATIO_DECIMALS,
+  LIFECYCLE_GATE_STAGES,
+  MAX_IOS_TEST_QUALITY_SAMPLE_FILES,
+  MAX_OBSERVED_CODE_PATHS_SAMPLE,
+  MAX_SCOPE_SAMPLE_PATHS,
+} from './runPlatformGateDefaults';
+
+const parseConfidence = (value: string | undefined, fallback: number): number => {
+  const parsed = Number.parseFloat(value ?? '');
+  return Number.isFinite(parsed) ? parsed : fallback;
+};
+
+export const LIST_SEPARATOR = DEFAULT_LIST_SEPARATOR;
+
+export const MEMORY_SHADOW_CONFIDENCE_BLOCK = parseConfidence(
+  process.env.PUMUKI_MEMORY_SHADOW_CONFIDENCE_BLOCK,
+  DEFAULT_MEMORY_SHADOW_CONFIDENCE_BLOCK
+);
+export const MEMORY_SHADOW_CONFIDENCE_WARN = parseConfidence(
+  process.env.PUMUKI_MEMORY_SHADOW_CONFIDENCE_WARN,
+  DEFAULT_MEMORY_SHADOW_CONFIDENCE_WARN
+);
+export const MEMORY_SHADOW_CONFIDENCE_WARN_ADVISORY = parseConfidence(
+  process.env.PUMUKI_MEMORY_SHADOW_CONFIDENCE_WARN_ADVISORY,
+  DEFAULT_MEMORY_SHADOW_CONFIDENCE_WARN_ADVISORY
+);
+export const MEMORY_SHADOW_CONFIDENCE_ALLOW = parseConfidence(
+  process.env.PUMUKI_MEMORY_SHADOW_CONFIDENCE_ALLOW,
+  DEFAULT_MEMORY_SHADOW_CONFIDENCE_ALLOW
+);
+
+export const DEGRADED_MODE_ACTION_BLOCK =
+  process.env.PUMUKI_DEGRADED_MODE_ACTION_BLOCK?.trim() || DEFAULT_DEGRADED_MODE_ACTION_BLOCK;
+export const DEGRADED_MODE_ACTION_ALLOW =
+  process.env.PUMUKI_DEGRADED_MODE_ACTION_ALLOW?.trim() || DEFAULT_DEGRADED_MODE_ACTION_ALLOW;
+
+export {
+  DEFAULT_GATE_AUDIT_MODE,
+  DEFAULT_MEMORY_SHADOW_DISPLAY_PRECISION,
+  DEFAULT_RULES_COVERAGE_RATIO_DECIMALS,
+  LIFECYCLE_GATE_STAGES,
+  MAX_IOS_TEST_QUALITY_SAMPLE_FILES,
+  MAX_OBSERVED_CODE_PATHS_SAMPLE,
+  MAX_SCOPE_SAMPLE_PATHS,
+};

package/integrations/gate/runPlatformGateDefaults.ts

@@ -0,0 +1,19 @@
+export const DEFAULT_LIST_SEPARATOR = ', ';
+
+export const DEFAULT_MEMORY_SHADOW_CONFIDENCE_BLOCK = 0.9;
+export const DEFAULT_MEMORY_SHADOW_CONFIDENCE_WARN = 0.75;
+export const DEFAULT_MEMORY_SHADOW_CONFIDENCE_WARN_ADVISORY = 0.7;
+export const DEFAULT_MEMORY_SHADOW_CONFIDENCE_ALLOW = 0.65;
+
+export const DEFAULT_DEGRADED_MODE_ACTION_BLOCK = 'block' as const;
+export const DEFAULT_DEGRADED_MODE_ACTION_ALLOW = 'allow' as const;
+
+export const DEFAULT_RULES_COVERAGE_RATIO_DECIMALS = 6;
+export const DEFAULT_GATE_AUDIT_MODE = 'gate' as const;
+export const DEFAULT_MEMORY_SHADOW_DISPLAY_PRECISION = 2;
+
+export const MAX_IOS_TEST_QUALITY_SAMPLE_FILES = 3;
+export const MAX_OBSERVED_CODE_PATHS_SAMPLE = 5;
+export const MAX_SCOPE_SAMPLE_PATHS = 3;
+
+export const LIFECYCLE_GATE_STAGES = ['PRE_COMMIT', 'PRE_PUSH', 'CI'] as const;

package/integrations/git/runPlatformGate.ts

@@ -32,13 +32,29 @@ import { createEmptyEvaluationMetrics } from '../evidence/evaluationMetrics';
 import { createEmptySnapshotRulesCoverage } from '../evidence/rulesCoverage';
 import { enforceTddBddPolicy } from '../tdd/enforcement';
 import type { TddBddSnapshot } from '../tdd/types';
-import { resolveSkillsEnforcement } from '../policy/skillsEnforcement';
 import { applyTddBddEnforcement } from '../policy/tddBddEnforcement';
 import { collectAiGateRepoPolicyFindings } from './aiGateRepoPolicyFindings';
 import {
   filterFactsByPathPrefixes,
   resolveGateScopePathPrefixesFromEnv,
 } from './filterFactsByPathPrefixes';
+import {
+  DEFAULT_MEMORY_SHADOW_DISPLAY_PRECISION,
+  DEGRADED_MODE_ACTION_ALLOW,
+  DEGRADED_MODE_ACTION_BLOCK,
+  DEFAULT_GATE_AUDIT_MODE,
+  DEFAULT_RULES_COVERAGE_RATIO_DECIMALS,
+  LIFECYCLE_GATE_STAGES,
+  MAX_IOS_TEST_QUALITY_SAMPLE_FILES,
+  MAX_OBSERVED_CODE_PATHS_SAMPLE,
+  MAX_SCOPE_SAMPLE_PATHS,
+  LIST_SEPARATOR,
+  MEMORY_SHADOW_CONFIDENCE_ALLOW,
+  MEMORY_SHADOW_CONFIDENCE_BLOCK,
+  MEMORY_SHADOW_CONFIDENCE_WARN,
+  MEMORY_SHADOW_CONFIDENCE_WARN_ADVISORY,
+} from '../gate/runPlatformGateConfig';
+import type { Severity } from '../../core/rules/Severity';
 
 export type OperationalMemoryShadowRecommendation = {
   recommendedOutcome: 'ALLOW' | 'WARN' | 'BLOCK';
@@ -80,13 +96,18 @@ const defaultServices: GateServices = {
   evidence: new EvidenceService(),
 };
 
+const SEVERITY_CRITICAL: Severity = 'CRITICAL';
+const SEVERITY_ERROR: Severity = 'ERROR';
+const SEVERITY_WARN: Severity = 'WARN';
 const buildDefaultMemoryShadowRecommendation = (params: {
   findings: ReadonlyArray<Finding>;
   tddBddSnapshot?: TddBddSnapshot;
 }): OperationalMemoryShadowRecommendation | undefined => {
-  const hasCritical = params.findings.some((finding) => finding.severity === 'CRITICAL');
-  const hasError = params.findings.some((finding) => finding.severity === 'ERROR');
-  const hasWarn = params.findings.some((finding) => finding.severity === 'WARN');
+  const hasCritical = params.findings.some(
+    (finding) => finding.severity === SEVERITY_CRITICAL
+  );
+  const hasError = params.findings.some((finding) => finding.severity === SEVERITY_ERROR);
+  const hasWarn = params.findings.some((finding) => finding.severity === SEVERITY_WARN);
   const reasonCodes: string[] = [];
 
   if (hasCritical || hasError) {
@@ -108,27 +129,27 @@ const buildDefaultMemoryShadowRecommendation = (params: {
   if (hasCritical || hasError || params.tddBddSnapshot?.status === 'blocked') {
     return {
       recommendedOutcome: 'BLOCK',
-      confidence: 0.9,
+      confidence: MEMORY_SHADOW_CONFIDENCE_BLOCK,
       reasonCodes,
     };
   }
   if (hasWarn) {
     return {
       recommendedOutcome: 'WARN',
-      confidence: 0.75,
+      confidence: MEMORY_SHADOW_CONFIDENCE_WARN,
       reasonCodes,
     };
   }
   if (params.tddBddSnapshot?.status === 'advisory') {
     return {
       recommendedOutcome: 'WARN',
-      confidence: 0.7,
+      confidence: MEMORY_SHADOW_CONFIDENCE_WARN_ADVISORY,
       reasonCodes,
     };
   }
   return {
     recommendedOutcome: 'ALLOW',
-    confidence: 0.65,
+    confidence: MEMORY_SHADOW_CONFIDENCE_ALLOW,
     reasonCodes,
   };
 };
@@ -202,7 +223,10 @@ const toRulesCoverageBlockingFinding = (params: {
   }
   const active = params.activeRuleIds.length;
   const evaluated = params.evaluatedRuleIds.length;
-  const coverageRatio = active === 0 ? 1 : Number((evaluated / active).toFixed(6));
+  const coverageRatio =
+    active === 0
+      ? 1
+      : Number((evaluated / active).toFixed(DEFAULT_RULES_COVERAGE_RATIO_DECIMALS));
   const unevaluatedRuleIds = [...params.unevaluatedRuleIds].sort().join(', ');
 
   return {
@@ -228,17 +252,12 @@ const toSkillsUnsupportedAutoRulesBlockingFinding = (params: {
     return undefined;
   }
 
-  const unsupportedRuleIds = [
-    ...new Set([
-      ...params.unsupportedAutoRuleIds,
-      ...(params.unsupportedDetectorRuleIds ?? []),
-    ]),
-  ].sort();
+  const unsupportedRuleIds = [...new Set(params.unsupportedAutoRuleIds)].sort();
   if (unsupportedRuleIds.length === 0) {
     return undefined;
   }
 
-  const unsupportedRuleIdsToken = unsupportedRuleIds.join(', ');
+  const unsupportedRuleIdsToken = unsupportedRuleIds.join(LIST_SEPARATOR);
 
   return {
     ruleId: 'governance.skills.detector-mapping.incomplete',
@@ -246,8 +265,8 @@ const toSkillsUnsupportedAutoRulesBlockingFinding = (params: {
     code: 'SKILLS_DETECTOR_MAPPING_INCOMPLETE_HIGH',
     message:
       `Skills detector mapping incomplete at ${params.stage}: ` +
-      `unsupported_detector_rule_ids=[${unsupportedRuleIdsToken}]. ` +
-      'Map every skill rule to an intelligent AST detector before proceeding; DECLARATIVE is not an acceptable final coverage state.',
+      `unsupported_auto_rule_ids=[${unsupportedRuleIdsToken}]. ` +
+      'Map every stage-applicable AUTO skill rule to an intelligent AST detector before proceeding.',
     filePath: '.ai_evidence.json',
     matchedBy: 'SkillsDetectorMappingGuard',
     source: 'skills-detector-mapping',
@@ -459,7 +478,9 @@ const toIosTestsQualityBlockingFinding = (params: {
     return undefined;
   }
 
-  const sampleFiles = invalidFiles.slice(0, 3).join(' | ');
+  const sampleFiles = invalidFiles
+    .slice(0, MAX_IOS_TEST_QUALITY_SAMPLE_FILES)
+    .join(' | ');
   return {
     ruleId: 'governance.skills.ios-test-quality.incomplete',
     severity: 'ERROR',
@@ -485,7 +506,7 @@ const toActiveRulesEmptyForCodeChangesBlockingFinding = (params: {
   if (codePaths.length === 0) {
     return undefined;
   }
-  const samplePaths = codePaths.slice(0, 5).join(', ');
+  const samplePaths = codePaths.slice(0, MAX_OBSERVED_CODE_PATHS_SAMPLE).join(', ');
   return {
     ruleId: 'governance.rules.active-rule-coverage.empty',
     severity: 'ERROR',
@@ -569,7 +590,7 @@ const toSkillsScopeComplianceBlockingFinding = (params: {
     if (!hasEvaluatedRules) {
       reasons.push(`evaluated_rules_prefix=${prefix} missing`);
     }
-    const samplePaths = scopePaths.slice(0, 3).join(', ');
+    const samplePaths = scopePaths.slice(0, MAX_SCOPE_SAMPLE_PATHS).join(', ');
     missingScopes.push(`${scope}{${reasons.join('; ')} sample_paths=[${samplePaths}]}`);
   }
 
@@ -621,13 +642,13 @@ const toDegradedModeFinding = (params: {
   if (!degraded?.enabled) {
     return undefined;
   }
-  if (degraded.action === 'block') {
+  if (degraded.action === DEGRADED_MODE_ACTION_BLOCK) {
     return {
       ruleId: 'governance.degraded-mode.blocked',
       severity: 'ERROR',
       code: degraded.code,
       message:
-        `Degraded mode is active at ${params.stage} with fail-closed action=block. ` +
+        `Degraded mode is active at ${params.stage} with fail-closed action=${DEGRADED_MODE_ACTION_BLOCK}. ` +
         `reason=${degraded.reason} source=${degraded.source}.`,
       filePath: '.pumuki/degraded-mode.json',
       matchedBy: 'DegradedModeGuard',
@@ -639,7 +660,7 @@ const toDegradedModeFinding = (params: {
     severity: 'INFO',
     code: degraded.code,
     message:
-      `Degraded mode is active at ${params.stage} with fail-open action=allow. ` +
+      `Degraded mode is active at ${params.stage} with fail-open action=${DEGRADED_MODE_ACTION_ALLOW}. ` +
       `reason=${degraded.reason} source=${degraded.source}.`,
     filePath: '.pumuki/degraded-mode.json',
     matchedBy: 'DegradedModeGuard',
@@ -780,7 +801,6 @@ const toCrossPlatformCriticalEnforcementBlockingFinding = (params: {
       .sort();
 
     if (criticalSkillRules.length === 0) {
-      gaps.push(`${platform}{critical_profile_rules=missing}`);
       continue;
     }
 
@@ -824,35 +844,9 @@ const applySkillsFindingEnforcement = (
   if (!finding) {
     return undefined;
   }
-  const skillsEnforcement = resolveSkillsEnforcement();
-  if (skillsEnforcement.blocking) {
-    return finding;
-  }
   return {
     ...finding,
-    severity: 'WARN',
-  };
-};
-
-const toSoftPreCommitSkillsFinding = (params: {
-  finding: Finding | undefined;
-  enabled: boolean;
-  observedCodePaths: ReadonlyArray<string>;
-}): Finding | undefined => {
-  if (!params.finding) {
-    return undefined;
-  }
-  if (!params.enabled || !shouldBlockFromFinding(params.finding)) {
-    return params.finding;
-  }
-  return {
-    ...params.finding,
-    severity: 'WARN',
-    code: `${params.finding.code}_SOFT_PRECOMMIT`,
-    message:
-      `${params.finding.message} ` +
-      `Soft-enforced at PRE_COMMIT for low-risk scope (observed_code_paths=${params.observedCodePaths.length}). ` +
-      'Strict enforcement remains active at PRE_PUSH/CI.',
+    severity: 'ERROR',
   };
 };
 
@@ -874,7 +868,7 @@ export async function runPlatformGate(params: {
     ...params.dependencies,
   };
   const repoRoot = git.resolveRepoRoot();
-  const auditMode = params.auditMode ?? 'gate';
+  const auditMode = params.auditMode ?? DEFAULT_GATE_AUDIT_MODE;
   const shouldShortCircuitSdd = params.sddShortCircuit ?? false;
   let sddDecision:
     | Pick<SddDecision, 'allowed' | 'code' | 'message'>
@@ -1087,15 +1081,12 @@ export async function runPlatformGate(params: {
           policyTrace: params.policyTrace,
         })
       : undefined;
-  const degradedModeFinding =
-    params.policy.stage === 'PRE_COMMIT' ||
-    params.policy.stage === 'PRE_PUSH' ||
-    params.policy.stage === 'CI'
-      ? toDegradedModeFinding({
-          stage: params.policy.stage,
-          policyTrace: params.policyTrace,
-        })
-      : undefined;
+  const degradedModeFinding = LIFECYCLE_GATE_STAGES.includes(params.policy.stage)
+    ? toDegradedModeFinding({
+        stage: params.policy.stage,
+        policyTrace: params.policyTrace,
+      })
+    : undefined;
   const astIntelligenceDualValidation:
     | AstIntelligenceDualValidationResult
     | undefined =
@@ -1125,7 +1116,8 @@ export async function runPlatformGate(params: {
       );
     }
   }
-  const degradedModeBlocks = params.policyTrace?.degraded?.action === 'block';
+  const degradedModeBlocks =
+    params.policyTrace?.degraded?.action === DEGRADED_MODE_ACTION_BLOCK;
   const rulesCoverage = coverage
     ? {
       stage: params.policy.stage,
@@ -1189,7 +1181,11 @@ export async function runPlatformGate(params: {
       coverage_ratio:
         coverage.activeRuleIds.length === 0
           ? 1
-          : Number((coverage.evaluatedRuleIds.length / coverage.activeRuleIds.length).toFixed(6)),
+          : Number(
+              (
+                coverage.evaluatedRuleIds.length / coverage.activeRuleIds.length
+              ).toFixed(DEFAULT_RULES_COVERAGE_RATIO_DECIMALS)
+            ),
     }
     : createEmptySnapshotRulesCoverage(params.policy.stage);
   const brownfieldHotspotFindings = dependencies.evaluateBrownfieldHotspotFindings({
@@ -1214,37 +1210,9 @@ export async function runPlatformGate(params: {
   const hasNativeBlockingFinding = findings.some(
     (finding) => finding.severity === 'ERROR' || finding.severity === 'CRITICAL'
   );
-  const preCommitSoftSkillsEnabled = process.env.PUMUKI_PRE_COMMIT_SOFT_SKILLS !== '0';
-  const lowRiskPreCommitWindow = observedCodePaths.length > 0 && observedCodePaths.length <= 3;
-  const shouldSoftEnforceSkillsFindings =
-    params.policy.stage === 'PRE_COMMIT'
-    && preCommitSoftSkillsEnabled
-    && lowRiskPreCommitWindow
-    && !sddBlockingFinding
-    && !degradedModeBlocks
-    && !shouldBlockFromFinding(policyAsCodeBlockingFinding)
-    && !shouldBlockFromFinding(effectiveUnsupportedSkillsMappingFinding)
-    && !shouldBlockFromFinding(coverageBlockingFinding)
-    && !shouldBlockFromFinding(activeRulesEmptyForCodeChangesFinding)
-    && !shouldBlockFromFinding(effectiveIosTestsQualityFinding)
-    && !shouldBlockFromFinding(astIntelligenceDualFinding)
-    && !hasTddBddBlockingFinding
-    && !hasNativeBlockingFinding;
-  const effectivePlatformSkillsCoverageFinding = toSoftPreCommitSkillsFinding({
-    finding: effectivePlatformSkillsCoverageInput,
-    enabled: shouldSoftEnforceSkillsFindings,
-    observedCodePaths,
-  });
-  const effectiveCrossPlatformCriticalFinding = toSoftPreCommitSkillsFinding({
-    finding: effectiveCrossPlatformCriticalInput,
-    enabled: shouldSoftEnforceSkillsFindings,
-    observedCodePaths,
-  });
-  const effectiveSkillsScopeComplianceFinding = toSoftPreCommitSkillsFinding({
-    finding: effectiveSkillsScopeComplianceInput,
-    enabled: shouldSoftEnforceSkillsFindings,
-    observedCodePaths,
-  });
+  const effectivePlatformSkillsCoverageFinding = effectivePlatformSkillsCoverageInput;
+  const effectiveCrossPlatformCriticalFinding = effectiveCrossPlatformCriticalInput;
+  const effectiveSkillsScopeComplianceFinding = effectiveSkillsScopeComplianceInput;
   const effectiveFindings = sddBlockingFinding
     ? [
       sddBlockingFinding,
@@ -1395,7 +1363,7 @@ export async function runPlatformGate(params: {
     if (params.silent !== true) {
       process.stdout.write(
         `[pumuki][memory-shadow] recommended=${memoryShadowRecommendation.recommendedOutcome}` +
-        ` confidence=${memoryShadowRecommendation.confidence.toFixed(2)}` +
+        ` confidence=${memoryShadowRecommendation.confidence.toFixed(DEFAULT_MEMORY_SHADOW_DISPLAY_PRECISION)}` +
         ` reasons=${memoryShadowRecommendation.reasonCodes.join(',')}\n`
       );
     }

package/integrations/policy/skillsEnforcement.ts

@@ -6,47 +6,7 @@ export type SkillsEnforcementResolution = {
   blocking: boolean;
 };
 
-const SKILLS_ENFORCEMENT_ENV = 'PUMUKI_SKILLS_ENFORCEMENT';
-
-const toSkillsEnforcementMode = (
-  value: string | undefined
-): SkillsEnforcementMode | null => {
-  if (typeof value !== 'string') {
-    return null;
-  }
-  const normalized = value.trim().toLowerCase();
-  if (
-    normalized === 'strict'
-    || normalized === '1'
-    || normalized === 'true'
-    || normalized === 'yes'
-    || normalized === 'on'
-  ) {
-    return 'strict';
-  }
-  if (
-    normalized === 'advisory'
-    || normalized === 'warn'
-    || normalized === 'warning'
-    || normalized === '0'
-    || normalized === 'false'
-    || normalized === 'no'
-    || normalized === 'off'
-  ) {
-    return 'advisory';
-  }
-  return null;
-};
-
 export const resolveSkillsEnforcement = (): SkillsEnforcementResolution => {
-  const modeFromEnv = toSkillsEnforcementMode(process.env[SKILLS_ENFORCEMENT_ENV]);
-  if (modeFromEnv) {
-    return {
-      mode: modeFromEnv,
-      source: 'env',
-      blocking: modeFromEnv === 'strict',
-    };
-  }
   return {
     mode: 'strict',
     source: 'default',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.131",
+  "version": "6.3.133",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {