npm - pumuki - Versions diffs - 6.3.199 → 6.3.200 - Mend

pumuki 6.3.199 → 6.3.200

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/core/facts/detectors/text/ios.test.ts +18 -0
package/core/facts/detectors/text/ios.ts +17 -0
package/core/facts/extractHeuristicFacts.ts +1 -0
package/core/rules/presets/heuristics/ios.test.ts +6 -1
package/core/rules/presets/heuristics/ios.ts +18 -0
package/docs/codex-skills/ios-enterprise-rules.md +5 -0
package/integrations/config/skillsDetectorRegistry.ts +4 -0
package/integrations/config/skillsMarkdownRules.ts +3 -0
package/package.json +1 -1
package/skills.lock.json +3 -3

package/core/facts/detectors/text/ios.test.ts CHANGED Viewed

@@ -22,6 +22,7 @@ import {
   hasSwiftForceUnwrap,
   hasSwiftGeometryReaderUsage,
   hasSwiftHardcodedUiStringUsage,
+  hasSwiftLooseAssetResourceUsage,
   hasSwiftLegacyOnChangeUsage,
   hasSwiftLegacyExpectationDescriptionUsage,
   hasSwiftLegacySwiftUiObservableWrapperUsage,
@@ -299,6 +300,23 @@ struct OrdersView: View {
   assert.equal(hasSwiftHardcodedUiStringUsage(ignored), false);
 });
+test('detector iOS de assets detecta recursos sueltos sin confundir asset catalogs', () => {
+  const source = `
+let path = Bundle.main.path(forResource: "hero", withExtension: "png")
+let url = Bundle.main.url(forResource: "logo", withExtension: "pdf")
+let image = UIImage(contentsOfFile: path)
+`;
+  const ignored = `
+Image("hero")
+UIImage(named: "hero")
+let text = "UIImage(contentsOfFile: path)"
+// Bundle.main.path(forResource: "hero", withExtension: "png")
+`;
+  assert.equal(hasSwiftLooseAssetResourceUsage(source), true);
+  assert.equal(hasSwiftLooseAssetResourceUsage(ignored), false);
+});
 test('hasSwiftUncheckedSendableUsage detecta @unchecked Sendable', () => {
   const source = `
 final class LegacyBox: @unchecked Sendable {}

package/core/facts/detectors/text/ios.ts CHANGED Viewed

@@ -543,6 +543,23 @@ export const hasSwiftHardcodedUiStringUsage = (source: string): boolean => {
   });
 };
+export const hasSwiftLooseAssetResourceUsage = (source: string): boolean => {
+  const withoutBlockComments = source.replace(/\/\*[\s\S]*?\*\//g, '\n');
+  return withoutBlockComments.split(/\r?\n/).some((line) => {
+    if (/^\s*\/\//.test(line)) {
+      return false;
+    }
+    const sanitized = stripSwiftLineForSemanticScan(line);
+    return (
+      /\bUIImage\s*\(\s*contentsOfFile\s*:/.test(sanitized) ||
+      /\bNSImage\s*\(\s*contentsOfFile\s*:/.test(sanitized) ||
+      /\bBundle\s*\.\s*main\s*\.\s*(?:path|url)\s*\(\s*forResource\s*:\s*""\s*,\s*withExtension\s*:\s*""/.test(
+        sanitized
+      )
+    );
+  });
+};
 export const hasSwiftUncheckedSendableUsage = (source: string): boolean => {
   return scanCodeLikeSource(source, ({ source: swiftSource, index, current }) => {
     if (current !== '@' || !swiftSource.startsWith('@unchecked', index)) {

package/core/facts/extractHeuristicFacts.ts CHANGED Viewed

@@ -655,6 +655,7 @@ const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   { platform: 'ios', pathCheck: isIOSInfoPlistPath, excludePaths: [], detect: TextIOS.hasSwiftInsecureTransportUsage, ruleId: 'heuristics.ios.security.insecure-transport.ast', code: 'HEURISTICS_IOS_SECURITY_INSECURE_TRANSPORT_AST', message: 'AST heuristic detected permissive App Transport Security configuration; HTTPS and ATS remain the preferred baseline.' },
   { platform: 'ios', pathCheck: isIOSLocalizableStringsPath, excludePaths: [], detect: detectsTrackedFilePresence, ruleId: 'heuristics.ios.localization.localizable-strings.ast', code: 'HEURISTICS_IOS_LOCALIZATION_LOCALIZABLE_STRINGS_AST', message: 'AST heuristic detected Localizable.strings usage; String Catalogs (.xcstrings) remain the preferred baseline for new localization work.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftHardcodedUiStringUsage, ruleId: 'heuristics.ios.localization.hardcoded-ui-string.ast', code: 'HEURISTICS_IOS_LOCALIZATION_HARDCODED_UI_STRING_AST', message: 'AST heuristic detected hardcoded user-facing SwiftUI text; String(localized:) and String Catalogs remain the preferred baseline.' },
+  { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftLooseAssetResourceUsage, ruleId: 'heuristics.ios.assets.loose-resource.ast', code: 'HEURISTICS_IOS_ASSETS_LOOSE_RESOURCE_AST', message: 'AST heuristic detected loose image resource loading in iOS production code; Asset Catalogs remain the preferred baseline.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftUncheckedSendableUsage, ruleId: 'heuristics.ios.unchecked-sendable.ast', code: 'HEURISTICS_IOS_UNCHECKED_SENDABLE_AST', message: 'AST heuristic detected @unchecked Sendable usage.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftPreconcurrencyUsage, ruleId: 'heuristics.ios.preconcurrency.ast', code: 'HEURISTICS_IOS_PRECONCURRENCY_AST', message: 'AST heuristic detected @preconcurrency usage.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftNonisolatedUnsafeUsage, ruleId: 'heuristics.ios.nonisolated-unsafe.ast', code: 'HEURISTICS_IOS_NONISOLATED_UNSAFE_AST', message: 'AST heuristic detected nonisolated(unsafe) usage.' },

package/core/rules/presets/heuristics/ios.test.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import test from 'node:test';
 import { iosRules } from './ios';
 test('iosRules define reglas heurísticas locked para plataforma ios', () => {
-  assert.equal(iosRules.length, 53);
+  assert.equal(iosRules.length, 54);
   const ids = iosRules.map((rule) => rule.id);
   assert.deepEqual(ids, [
@@ -27,6 +27,7 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     'heuristics.ios.security.insecure-transport.ast',
     'heuristics.ios.localization.localizable-strings.ast',
     'heuristics.ios.localization.hardcoded-ui-string.ast',
+    'heuristics.ios.assets.loose-resource.ast',
     'heuristics.ios.unchecked-sendable.ast',
     'heuristics.ios.preconcurrency.ast',
     'heuristics.ios.nonisolated-unsafe.ast',
@@ -111,6 +112,10 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     byId.get('heuristics.ios.localization.hardcoded-ui-string.ast')?.then.code,
     'HEURISTICS_IOS_LOCALIZATION_HARDCODED_UI_STRING_AST'
   );
+  assert.equal(
+    byId.get('heuristics.ios.assets.loose-resource.ast')?.then.code,
+    'HEURISTICS_IOS_ASSETS_LOOSE_RESOURCE_AST'
+  );
   assert.equal(
     byId.get('heuristics.ios.preconcurrency.ast')?.then.code,
     'HEURISTICS_IOS_PRECONCURRENCY_AST'

package/core/rules/presets/heuristics/ios.ts CHANGED Viewed

@@ -361,6 +361,24 @@ export const iosRules: RuleSet = [
       code: 'HEURISTICS_IOS_LOCALIZATION_HARDCODED_UI_STRING_AST',
     },
   },
+  {
+    id: 'heuristics.ios.assets.loose-resource.ast',
+    description: 'Detects loose image resource loading where Asset Catalogs are the preferred iOS baseline.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.assets.loose-resource.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message: 'AST heuristic detected loose image resource loading in iOS production code; Asset Catalogs remain the preferred baseline.',
+      code: 'HEURISTICS_IOS_ASSETS_LOOSE_RESOURCE_AST',
+    },
+  },
   {
     id: 'heuristics.ios.unchecked-sendable.ast',
     description: 'Detects @unchecked Sendable usage in iOS production code.',

package/docs/codex-skills/ios-enterprise-rules.md CHANGED Viewed

@@ -617,6 +617,11 @@ struct APIEndpoint: Sendable {
 - En `PROJECT MODE: brownfield`, este hallazgo detecta `Localizable.strings` bajo `apps/ios/**` como señal de baseline/adopción sin bloquear deuda histórica salvo promoción explícita de policy. String Catalogs (`.xcstrings`) permanece como baseline preferente.
 - También detecta literales de texto visibles en SwiftUI (`Text`, `Button`, `Label`, `TextField`, `SecureField`, `navigationTitle`, `accessibilityLabel`) como señal de adopción hacia `String(localized:)` y String Catalogs, ignorando keys como `orders.title`.
+### Enforcement AST inicial de assets iOS
+- `skills.ios.guideline.ios.assets-en-asset-catalogs-con-soporte-para-todos-los-taman-os` se mapea a `heuristics.ios.assets.loose-resource.ast`.
+- En `PROJECT MODE: brownfield`, este hallazgo detecta carga de imágenes sueltas desde bundle/filesystem (`UIImage(contentsOfFile:)`, `NSImage(contentsOfFile:)`, `Bundle.main.path/url(...png|jpg|jpeg|pdf|svg|webp)`) como señal de adopción hacia Asset Catalogs. No marca `Image("asset")` ni `UIImage(named:)`.
 ### Combine (Reactive):
 ✅ **Publishers** - AsyncSequence para async, Combine para streams complejos
 ✅ **@Published** - En ViewModels para binding con Views

package/integrations/config/skillsDetectorRegistry.ts CHANGED Viewed

@@ -111,6 +111,10 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     'ios.localization.hardcoded-ui-string',
     ['heuristics.ios.localization.hardcoded-ui-string.ast']
   ),
+  'skills.ios.guideline.ios.assets-en-asset-catalogs-con-soporte-para-todos-los-taman-os': heuristicDetector(
+    'ios.assets.loose-resource',
+    ['heuristics.ios.assets.loose-resource.ast']
+  ),
   'skills.ios.no-unchecked-sendable': heuristicDetector('ios.unchecked-sendable', [
     'heuristics.ios.unchecked-sendable.ast',
   ]),

package/integrations/config/skillsMarkdownRules.ts CHANGED Viewed

@@ -398,6 +398,9 @@ const normalizeKnownRuleTarget = (
     if (includes('strings hardcodeadas') || includes('string localized')) {
       return 'skills.ios.guideline.ios.cero-strings-hardcodeadas-en-ui';
     }
+    if (includes('assets en asset catalogs') || includes('asset catalogs')) {
+      return 'skills.ios.guideline.ios.assets-en-asset-catalogs-con-soporte-para-todos-los-taman-os';
+    }
     if (
       includes('mixing legacy xctest style') ||
       includes('mixed xctest and swift testing') ||

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.199",
+  "version": "6.3.200",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/skills.lock.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": "1.0",
   "compilerVersion": "1.0.0",
-  "generatedAt": "2026-05-13T11:29:26.365Z",
+  "generatedAt": "2026-05-13T11:35:11.674Z",
   "bundles": [
     {
       "name": "android-guidelines",
@@ -5764,7 +5764,7 @@
       "name": "ios-guidelines",
       "version": "1.0.0",
       "source": "file:vendor/skills/ios-enterprise-rules/SKILL.md",
-      "hash": "6b68665f29f3894ce007abafdd6a766e63ec02f576fc7299e9d7cf17430786d4",
+      "hash": "b364080b578fc2de919d0d7d16c4075167415c3449f2d42a1cd2c6fabec18233",
       "rules": [
         {
           "id": "skills.ios.guideline.ios.accessibility-identifiers-para-localizar-elementos",
@@ -5895,7 +5895,7 @@
           "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
           "confidence": "MEDIUM",
           "locked": true,
-          "evaluationMode": "DECLARATIVE",
+          "evaluationMode": "AUTO",
           "origin": "core"
         },
         {