pumuki 6.3.193 → 6.3.194

package/core/facts/extractHeuristicFacts.ts

@@ -76,6 +76,22 @@ const isIOSSwiftPath = (path: string): boolean => {
   return path.endsWith('.swift') && path.startsWith('apps/ios/');
 };
 
+const isIOSPodfilePath = (path: string): boolean => {
+  const normalized = path.replace(/\\/g, '/');
+  return (
+    normalized.startsWith('apps/ios/') &&
+    (normalized.endsWith('/Podfile') || normalized.endsWith('/Podfile.lock'))
+  );
+};
+
+const isIOSCartfilePath = (path: string): boolean => {
+  const normalized = path.replace(/\\/g, '/');
+  return (
+    normalized.startsWith('apps/ios/') &&
+    (normalized.endsWith('/Cartfile') || normalized.endsWith('/Cartfile.resolved'))
+  );
+};
+
 const isIOSApplicationOrPresentationPath = (path: string): boolean => {
   return (
     isIOSSwiftPath(path) &&
@@ -608,6 +624,8 @@ type TextDetectorRegistryEntry = {
 
 const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   // iOS
+  { platform: 'ios', pathCheck: isIOSPodfilePath, excludePaths: [], detect: detectsTrackedFilePresence, ruleId: 'heuristics.ios.dependencies.cocoapods.ast', code: 'HEURISTICS_IOS_DEPENDENCIES_COCOAPODS_AST', message: 'AST heuristic detected CocoaPods dependency files in an iOS project; Swift Package Manager remains the preferred baseline for new code.' },
+  { platform: 'ios', pathCheck: isIOSCartfilePath, excludePaths: [], detect: detectsTrackedFilePresence, ruleId: 'heuristics.ios.dependencies.carthage.ast', code: 'HEURISTICS_IOS_DEPENDENCIES_CARTHAGE_AST', message: 'AST heuristic detected Carthage dependency files in an iOS project; Swift Package Manager remains the preferred baseline for new code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftForceUnwrap, ruleId: 'heuristics.ios.force-unwrap.ast', code: 'HEURISTICS_IOS_FORCE_UNWRAP_AST', message: 'AST heuristic detected force unwrap usage.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAnyViewUsage, ruleId: 'heuristics.ios.anyview.ast', code: 'HEURISTICS_IOS_ANYVIEW_AST', message: 'AST heuristic detected AnyView usage.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftForceTryUsage, ruleId: 'heuristics.ios.force-try.ast', code: 'HEURISTICS_IOS_FORCE_TRY_AST', message: 'AST heuristic detected force try usage.' },

package/core/rules/presets/heuristics/ios.test.ts

@@ -3,7 +3,7 @@ import test from 'node:test';
 import { iosRules } from './ios';
 
 test('iosRules define reglas heurísticas locked para plataforma ios', () => {
-  assert.equal(iosRules.length, 47);
+  assert.equal(iosRules.length, 49);
 
   const ids = iosRules.map((rule) => rule.id);
   assert.deepEqual(ids, [
@@ -21,6 +21,8 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     'heuristics.ios.logging.sensitive-data.ast',
     'heuristics.ios.networking.alamofire.ast',
     'heuristics.ios.json.jsonserialization.ast',
+    'heuristics.ios.dependencies.cocoapods.ast',
+    'heuristics.ios.dependencies.carthage.ast',
     'heuristics.ios.unchecked-sendable.ast',
     'heuristics.ios.preconcurrency.ast',
     'heuristics.ios.nonisolated-unsafe.ast',
@@ -81,6 +83,14 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     byId.get('heuristics.ios.json.jsonserialization.ast')?.then.code,
     'HEURISTICS_IOS_JSON_JSONSERIALIZATION_AST'
   );
+  assert.equal(
+    byId.get('heuristics.ios.dependencies.cocoapods.ast')?.then.code,
+    'HEURISTICS_IOS_DEPENDENCIES_COCOAPODS_AST'
+  );
+  assert.equal(
+    byId.get('heuristics.ios.dependencies.carthage.ast')?.then.code,
+    'HEURISTICS_IOS_DEPENDENCIES_CARTHAGE_AST'
+  );
   assert.equal(
     byId.get('heuristics.ios.preconcurrency.ast')?.then.code,
     'HEURISTICS_IOS_PRECONCURRENCY_AST'

package/core/rules/presets/heuristics/ios.ts

@@ -253,6 +253,42 @@ export const iosRules: RuleSet = [
       code: 'HEURISTICS_IOS_JSON_JSONSERIALIZATION_AST',
     },
   },
+  {
+    id: 'heuristics.ios.dependencies.cocoapods.ast',
+    description: 'Detects CocoaPods dependency files in iOS projects; Swift Package Manager is the preferred baseline for new code.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.dependencies.cocoapods.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message: 'AST heuristic detected CocoaPods dependency files in an iOS project; Swift Package Manager remains the preferred baseline for new code.',
+      code: 'HEURISTICS_IOS_DEPENDENCIES_COCOAPODS_AST',
+    },
+  },
+  {
+    id: 'heuristics.ios.dependencies.carthage.ast',
+    description: 'Detects Carthage dependency files in iOS projects; Swift Package Manager is the preferred baseline for new code.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.dependencies.carthage.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message: 'AST heuristic detected Carthage dependency files in an iOS project; Swift Package Manager remains the preferred baseline for new code.',
+      code: 'HEURISTICS_IOS_DEPENDENCIES_CARTHAGE_AST',
+    },
+  },
   {
     id: 'heuristics.ios.unchecked-sendable.ast',
     description: 'Detects @unchecked Sendable usage in iOS production code.',

package/docs/codex-skills/ios-enterprise-rules.md

@@ -509,6 +509,12 @@ struct UseCaseFactory {
 - `skills.ios.guideline.ios.codable-para-serializacio-n-json-nunca-jsonserialization` se mapea a `heuristics.ios.json.jsonserialization.ast`.
 - En `PROJECT MODE: brownfield`, estos hallazgos son señal de baseline/adopción y deben evitar drift nuevo sin bloquear deuda histórica salvo promoción explícita de policy.
 
+### Enforcement AST inicial de dependencias iOS
+
+- `skills.ios.guideline.ios.cocoapods-prohibido` se mapea a `heuristics.ios.dependencies.cocoapods.ast`.
+- `skills.ios.guideline.ios.carthage-prohibido` se mapea a `heuristics.ios.dependencies.carthage.ast`.
+- En `PROJECT MODE: brownfield`, estos hallazgos son señal de baseline/adopción y deben evitar drift nuevo sin bloquear deuda histórica salvo promoción explícita de policy. Swift Package Manager permanece como baseline preferente para código nuevo.
+
 ```swift
 // ✅ Ejemplo: APIClient con URLSession y async/await
 protocol APIClientProtocol: Sendable {

package/integrations/config/skillsDetectorRegistry.ts

@@ -67,6 +67,14 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     'ios.json.jsonserialization',
     ['heuristics.ios.json.jsonserialization.ast']
   ),
+  'skills.ios.guideline.ios.cocoapods-prohibido': heuristicDetector(
+    'ios.dependencies.cocoapods',
+    ['heuristics.ios.dependencies.cocoapods.ast']
+  ),
+  'skills.ios.guideline.ios.carthage-prohibido': heuristicDetector(
+    'ios.dependencies.carthage',
+    ['heuristics.ios.dependencies.carthage.ast']
+  ),
   'skills.ios.no-unchecked-sendable': heuristicDetector('ios.unchecked-sendable', [
     'heuristics.ios.unchecked-sendable.ast',
   ]),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.193",
+  "version": "6.3.194",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {