pumuki 6.3.140 → 6.3.142

package/CHANGELOG.md

@@ -6,6 +6,19 @@ This project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [6.3.142] - 2026-05-05
+
+### Fixed
+
+- **PUMUKI-INC-059 iOS SOLID en PRE_WRITE:** la skill iOS `Verificar que NO viole SOLID (SRP, OCP, LSP, ISP, DIP)` se normaliza al id canónico `skills.ios.no-solid-violations` y al alias real del lock legacy, activa los nodos AST OCP/SRP/DIP/ISP/LSP y bloquea desde `PRE_WRITE` sin depender de `PUMUKI_ENABLE_AST_HEURISTICS`.
+- **Skills hard-blocking multi-stage:** `no-solid-violations` se promueve a bloqueo desde `PRE_WRITE`, `PRE_COMMIT`, `PRE_PUSH` y `CI`, evitando que una violación iOS OCP/SRP llegue a disco o al commit.
+
+## [6.3.141] - 2026-05-05
+
+### Fixed
+
+- **PRE_PUSH en ramas actualizadas desde base:** el guard de atomicidad ignora commits heredados de `main`/`develop` y commits merge al validar trazabilidad y límites por commit, evitando bloqueos falsos en rollouts que solo resolvieron conflictos con la rama base.
+
 ## [6.3.140] - 2026-05-05
 
 ### Fixed

package/core/facts/detectors/typescript/index.test.ts

@@ -4248,6 +4248,34 @@ test('hasHardcodedValuePattern detecta literals de configuracion y omite valores
   assert.equal(hasHardcodedValuePattern(neutralLiteralAst), false);
 });
 
+test('hasHardcodedValuePattern no bloquea tokens internos de metadata AST', () => {
+  const astNodeTokenAst = {
+    type: 'VariableDeclarator',
+    id: { type: 'Identifier', name: 'astNodeToken' },
+    init: {
+      type: 'StringLiteral',
+      value: 'none',
+      loc: { start: { line: 4 }, end: { line: 4 } },
+    },
+    loc: { start: { line: 4 }, end: { line: 4 } },
+  };
+  const astNodesTokenAst = {
+    type: 'VariableDeclarator',
+    id: { type: 'Identifier', name: 'astNodesToken' },
+    init: {
+      type: 'StringLiteral',
+      value: 'none',
+      loc: { start: { line: 8 }, end: { line: 8 } },
+    },
+    loc: { start: { line: 8 }, end: { line: 8 } },
+  };
+
+  assert.equal(hasHardcodedValuePattern(astNodeTokenAst), false);
+  assert.equal(findHardcodedValuePatternMatch(astNodeTokenAst), undefined);
+  assert.equal(hasHardcodedValuePattern(astNodesTokenAst), false);
+  assert.equal(findHardcodedValuePatternMatch(astNodesTokenAst), undefined);
+});
+
 test('hasHardcodedValuePattern usa tokens exactos y no subcadenas accidentales', () => {
   const reportFunctionAst = {
     type: 'FunctionDeclaration',

package/core/facts/detectors/typescript/index.ts

@@ -4908,6 +4908,10 @@ const isBenignConfigMetadataName = (value: string): boolean => {
   if (normalized.length === 0) {
     return true;
   }
+  const tokenSet = new Set(identifierNameTokens(normalized));
+  if (tokenSet.has('ast') && (tokenSet.has('node') || tokenSet.has('nodes')) && tokenSet.has('token')) {
+    return true;
+  }
   if (
     normalized.startsWith('skills.') ||
     normalized.startsWith('heuristics.') ||

package/core/rules/presets/iosEnterpriseRuleSet.test.ts

@@ -33,6 +33,11 @@ test('iosEnterpriseRuleSet define reglas locked para plataforma ios', () => {
   assert.equal(byId.get('ios.solid.isp.fat-protocol-dependency')?.when.kind, 'Heuristic');
   assert.equal(byId.get('ios.solid.lsp.narrowed-precondition-substitution')?.when.kind, 'Heuristic');
   assert.equal(byId.get('ios.solid.srp.presentation-mixed-responsibilities')?.when.kind, 'Heuristic');
+  assert.equal(byId.get('ios.solid.ocp.discriminator-switch-branching')?.stage, 'PRE_WRITE');
+  assert.equal(byId.get('ios.solid.dip.concrete-framework-dependency')?.stage, 'PRE_WRITE');
+  assert.equal(byId.get('ios.solid.isp.fat-protocol-dependency')?.stage, 'PRE_WRITE');
+  assert.equal(byId.get('ios.solid.lsp.narrowed-precondition-substitution')?.stage, 'PRE_WRITE');
+  assert.equal(byId.get('ios.solid.srp.presentation-mixed-responsibilities')?.stage, 'PRE_WRITE');
   assert.equal(byId.get('ios.canary-001.presentation-mixed-responsibilities')?.when.kind, 'Heuristic');
   assert.equal(byId.get('ios.tdd.domain-changes-require-tests')?.when.kind, 'All');
   assert.equal(byId.get('ios.no-completion-handlers-outside-bridges')?.when.kind, 'Heuristic');

package/core/rules/presets/iosEnterpriseRuleSet.ts

@@ -44,7 +44,7 @@ export const iosEnterpriseRuleSet: RuleSet = [
       'Blocks iOS application or presentation types that must be modified to support new discriminator cases instead of extending behavior through abstractions.',
     severity: 'CRITICAL',
     platform: 'ios',
-    stage: 'PRE_COMMIT',
+    stage: 'PRE_WRITE',
     locked: true,
     scope: {
       include: ['**/*.swift'],
@@ -70,7 +70,7 @@ export const iosEnterpriseRuleSet: RuleSet = [
       'Blocks iOS application or presentation types that depend directly on concrete framework services instead of abstractions.',
     severity: 'CRITICAL',
     platform: 'ios',
-    stage: 'PRE_COMMIT',
+    stage: 'PRE_WRITE',
     locked: true,
     scope: {
       include: ['**/*.swift'],
@@ -96,7 +96,7 @@ export const iosEnterpriseRuleSet: RuleSet = [
       'Blocks iOS application or presentation types that depend on fat protocols instead of a minimal port tailored to the members they actually use.',
     severity: 'CRITICAL',
     platform: 'ios',
-    stage: 'PRE_COMMIT',
+    stage: 'PRE_WRITE',
     locked: true,
     scope: {
       include: ['**/*.swift'],
@@ -122,7 +122,7 @@ export const iosEnterpriseRuleSet: RuleSet = [
       'Blocks iOS application or presentation types whose subtype narrows the contract preconditions and becomes unsafe to substitute for the base protocol or abstraction.',
     severity: 'CRITICAL',
     platform: 'ios',
-    stage: 'PRE_COMMIT',
+    stage: 'PRE_WRITE',
     locked: true,
     scope: {
       include: ['**/*.swift'],
@@ -148,7 +148,7 @@ export const iosEnterpriseRuleSet: RuleSet = [
       'Blocks iOS presentation types that mix session, networking, persistence and navigation responsibilities in the same semantic node.',
     severity: 'CRITICAL',
     platform: 'ios',
-    stage: 'PRE_COMMIT',
+    stage: 'PRE_WRITE',
     locked: true,
     scope: {
       include: ['**/*.swift'],

package/docs/operations/RELEASE_NOTES.md

@@ -4,6 +4,18 @@ This file tracks the active deterministic framework line used in this repository
 Canonical release chronology lives in `CHANGELOG.md`.
 This file keeps only the operational highlights and rollout notes that matter while running the framework.
 
+### 2026-05-05 (v6.3.142)
+
+- **RuralGo PUMUKI-INC-059:** PRE_WRITE vuelve a pedir hechos AST para iOS SOLID aunque el flag experimental de heurísticas esté apagado.
+- **OCP/SRP iOS bloqueante temprano:** `skills.ios.no-solid-violations` y el id real legacy del lock se vinculan a OCP/SRP/DIP/ISP/LSP; los findings se promueven a `ERROR` desde PRE_WRITE.
+- **Rollout:** publicar `pumuki@6.3.142`, repinear primero RuralGo y revalidar `status`, `doctor` y un canary OCP iOS en PRE_WRITE/PRE_COMMIT.
+
+### 2026-05-05 (v6.3.141)
+
+- **PRE_PUSH sin falso bloqueo por historial base:** ramas de rollout que integran `main`/`develop` dejan de fallar por commits merge heredados como `Merge pull request ...`.
+- **Flux/SAAS follow-up:** esta patch desbloquea el push de las resoluciones de conflicto de los PRs de repin abiertos tras `6.3.140`.
+- **Rollout:** publicar `pumuki@6.3.141`, repinear primero RuralGo y repetir Flux/SAAS sin bypass.
+
 ### 2026-05-05 (v6.3.140)
 
 - **PRE_PUSH compatible con ramas largas:** la atomicidad se valida por commit individual, no por diff agregado de rama.

package/integrations/config/skillsDetectorRegistry.ts

@@ -160,6 +160,21 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     'ios.core-data.nsmanagedobject-state-leak',
     ['heuristics.ios.core-data.nsmanagedobject-state-leak.ast']
   ),
+  'skills.ios.no-solid-violations': heuristicDetector('ios.solid', [
+    'heuristics.ios.solid.srp.presentation-mixed-responsibilities.ast',
+    'heuristics.ios.solid.dip.concrete-framework-dependency.ast',
+    'heuristics.ios.solid.ocp.discriminator-switch.ast',
+    'heuristics.ios.solid.isp.fat-protocol-dependency.ast',
+    'heuristics.ios.solid.lsp.narrowed-precondition.ast',
+  ]),
+  'skills.ios.guideline.ios.verificar-que-no-viole-solid-srp-ocp-lsp-isp-dip':
+    heuristicDetector('ios.solid', [
+      'heuristics.ios.solid.srp.presentation-mixed-responsibilities.ast',
+      'heuristics.ios.solid.dip.concrete-framework-dependency.ast',
+      'heuristics.ios.solid.ocp.discriminator-switch.ast',
+      'heuristics.ios.solid.isp.fat-protocol-dependency.ast',
+      'heuristics.ios.solid.lsp.narrowed-precondition.ast',
+    ]),
   'skills.android.no-solid-violations': heuristicDetector('android.solid', [
     'heuristics.android.solid.srp.presentation-mixed-responsibilities.ast',
     'heuristics.android.solid.dip.concrete-framework-dependency.ast',

package/integrations/config/skillsMarkdownRules.ts

@@ -90,6 +90,8 @@ const inferRuleStage = (raw: string): SkillsStage | undefined => {
 };
 
 const KNOWN_RULE_DEFAULT_STAGE: Readonly<Record<string, SkillsStage>> = {
+  'skills.ios.no-solid-violations': 'PRE_WRITE',
+  'skills.ios.guideline.ios.verificar-que-no-viole-solid-srp-ocp-lsp-isp-dip': 'PRE_WRITE',
   'skills.backend.no-solid-violations': 'PRE_PUSH',
   'skills.frontend.no-solid-violations': 'PRE_PUSH',
   'skills.backend.enforce-clean-architecture': 'PRE_PUSH',
@@ -275,8 +277,27 @@ const normalizeKnownRuleTarget = (
   normalizedDescription: string
 ): string | null => {
   const includes = (needle: string): boolean => normalizedDescription.includes(needle);
+  const hasWord = (needle: string): boolean =>
+    new RegExp(`(^|\\s)${needle.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}(\\s|$)`).test(
+      normalizedDescription
+    );
 
   if (platform === 'ios') {
+    if (
+      includes('solid') ||
+      includes('single responsibility') ||
+      hasWord('srp') ||
+      hasWord('ocp') ||
+      hasWord('lsp') ||
+      hasWord('isp') ||
+      hasWord('dip') ||
+      includes('open closed') ||
+      includes('open-closed') ||
+      includes('verificar que no viole solid') ||
+      includes('no viole solid')
+    ) {
+      return 'skills.ios.no-solid-violations';
+    }
     if (
       includes('force unwrap') ||
       includes('force unwrapping') ||

package/integrations/config/skillsRuleSet.ts

@@ -369,7 +369,10 @@ const resolveRuleSeverity = (params: {
   const promotedRuleIds = params.bundlePolicy?.promoteToErrorRuleIds ?? [];
   const shouldPromoteBySolidContract =
     params.rule.id.endsWith('.no-solid-violations') &&
-    (params.stage === 'PRE_PUSH' || params.stage === 'CI');
+    (params.stage === 'PRE_WRITE' ||
+      params.stage === 'PRE_COMMIT' ||
+      params.stage === 'PRE_PUSH' ||
+      params.stage === 'CI');
   const shouldPromote =
     shouldPromoteBySolidContract || promotedRuleIds.includes(params.rule.id);
 

package/integrations/git/gitAtomicity.ts

@@ -32,6 +32,14 @@ const ATOMICITY_CONFIG_FILE = '.pumuki/git-atomicity.json';
 const DEFAULT_COMMIT_PATTERN =
   '^(feat|fix|chore|refactor|docs|test|perf|build|ci|revert)(\\([^)]+\\))?:\\s.+$';
 const MANAGED_EVIDENCE_PATHS = new Set(['.ai_evidence.json', '.AI_EVIDENCE.json']);
+const BASELINE_BRANCH_REFS = [
+  'origin/main',
+  'origin/develop',
+  'upstream/main',
+  'upstream/develop',
+  'main',
+  'develop',
+];
 
 const defaultConfig: GitAtomicityConfig = {
   enabled: true,
@@ -252,33 +260,90 @@ const collectCommitSubjects = (params: {
   fromRef?: string;
   toRef?: string;
 }): ReadonlyArray<string> => {
-  if (!params.fromRef || !params.toRef) {
-    return [];
-  }
+  return collectCommitRecords(params)
+    .filter((record) => shouldEvaluateCommitRecord({ git: params.git, repoRoot: params.repoRoot, record }))
+    .map((record) => record.subject);
+};
+
+type CommitRecord = {
+  hash: string;
+  parents: ReadonlyArray<string>;
+  subject: string;
+};
+
+const parseCommitRecords = (value: string): ReadonlyArray<CommitRecord> =>
+  value
+    .split('\n')
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0)
+    .map((line) => {
+      const [hash = '', parents = '', subject = ''] = line.split('\u0001');
+      return {
+        hash: hash.trim(),
+        parents: parents.split(' ').map((parent) => parent.trim()).filter((parent) => parent.length > 0),
+        subject: subject.trim(),
+      };
+    })
+    .filter((record) => record.hash.length > 0);
+
+const isCommitReachableFromRef = (params: {
+  git: IGitService;
+  repoRoot: string;
+  commitHash: string;
+  ref: string;
+}): boolean => {
   try {
-    return parseLines(
-      params.git.runGit(['log', '--format=%s', `${params.fromRef}..${params.toRef}`], params.repoRoot)
-    );
-  } catch (error) {
-    if (isUnresolvableRevisionError(error)) {
-      return [];
-    }
-    throw error;
+    params.git.runGit(['merge-base', '--is-ancestor', params.commitHash, params.ref], params.repoRoot);
+    return true;
+  } catch {
+    return false;
   }
 };
 
-const collectCommitHashes = (params: {
+const isInheritedBaselineCommit = (params: {
+  git: IGitService;
+  repoRoot: string;
+  commitHash: string;
+}): boolean =>
+  BASELINE_BRANCH_REFS.some((ref) =>
+    isCommitReachableFromRef({
+      git: params.git,
+      repoRoot: params.repoRoot,
+      commitHash: params.commitHash,
+      ref,
+    })
+  );
+
+const shouldEvaluateCommitRecord = (params: {
+  git: IGitService;
+  repoRoot: string;
+  record: CommitRecord;
+}): boolean => {
+  if (params.record.parents.length > 1) {
+    return false;
+  }
+  return !isInheritedBaselineCommit({
+    git: params.git,
+    repoRoot: params.repoRoot,
+    commitHash: params.record.hash,
+  });
+};
+
+const collectCommitRecords = (params: {
   git: IGitService;
   repoRoot: string;
   fromRef?: string;
   toRef?: string;
-}): ReadonlyArray<string> => {
+}): ReadonlyArray<CommitRecord> => {
   if (!params.fromRef || !params.toRef) {
     return [];
   }
   try {
-    return parseLines(
-      params.git.runGit(['log', '--format=%H', '--reverse', `${params.fromRef}..${params.toRef}`], params.repoRoot)
+    return parseCommitRecords(
+      params.git.runGit(
+        ['log', '--format=%H%x01%P%x01%s', '--reverse', `${params.fromRef}..${params.toRef}`],
+        params.repoRoot
+      )
     );
   } catch (error) {
     if (isUnresolvableRevisionError(error)) {
@@ -367,29 +432,29 @@ const buildPrePushCommitPathLimitViolations = (params: {
   fromRef?: string;
   toRef?: string;
 }): GitAtomicityViolation[] | undefined => {
-  const commitHashes = collectCommitHashes({
+  const commitRecords = collectCommitRecords({
     git: params.git,
     repoRoot: params.repoRoot,
     fromRef: params.fromRef,
     toRef: params.toRef,
-  });
-  if (commitHashes.length === 0) {
+  }).filter((record) => shouldEvaluateCommitRecord({ git: params.git, repoRoot: params.repoRoot, record }));
+  if (commitRecords.length === 0) {
     return undefined;
   }
 
   const violations: GitAtomicityViolation[] = [];
-  for (const commitHash of commitHashes) {
+  for (const commitRecord of commitRecords) {
     const changedPaths = collectCommitChangedPaths({
       git: params.git,
       repoRoot: params.repoRoot,
-      commitHash,
+      commitHash: commitRecord.hash,
     }).filter((path) => !isManagedEvidencePath(path));
     violations.push(
       ...buildPathLimitViolations({
         changedPaths,
         config: params.config,
         stage: 'PRE_PUSH',
-        label: `commit=${commitHash.slice(0, 12)}`,
+        label: `commit=${commitRecord.hash.slice(0, 12)}`,
       })
     );
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.140",
+  "version": "6.3.142",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {