pumuki 6.3.203 → 6.3.205

package/core/facts/detectors/text/ios.test.ts

@@ -23,6 +23,7 @@ import {
   hasSwiftForceUnwrap,
   hasSwiftGeometryReaderUsage,
   hasSwiftHardcodedUiStringUsage,
+  hasSwiftIconOnlyControlWithoutAccessibilityLabelUsage,
   hasSwiftLooseAssetResourceUsage,
   hasSwiftLegacyOnChangeUsage,
   hasSwiftLegacyExpectationDescriptionUsage,
@@ -377,6 +378,38 @@ func wait() async throws {
   assert.equal(hasSwiftMainThreadBlockingSleepUsage(ignored), false);
 });
 
+test('detector iOS de accesibilidad detecta botones icon-only sin label explicita', () => {
+  const source = `
+struct ToolbarView: View {
+  var body: some View {
+    Button {
+      delete()
+    } label: {
+      Image(systemName: "trash")
+    }
+  }
+}
+`;
+  const ignored = `
+struct ToolbarView: View {
+  var body: some View {
+    Button {
+      delete()
+    } label: {
+      Image(systemName: "trash")
+    }
+    .accessibilityLabel(Text("Delete item"))
+    Button("Delete") { delete() }
+    let text = "Button { Image(systemName: \\"trash\\") }"
+    // Button { Image(systemName: "trash") }
+  }
+}
+`;
+
+  assert.equal(hasSwiftIconOnlyControlWithoutAccessibilityLabelUsage(source), true);
+  assert.equal(hasSwiftIconOnlyControlWithoutAccessibilityLabelUsage(ignored), false);
+});
+
 test('hasSwiftUncheckedSendableUsage detecta @unchecked Sendable', () => {
   const source = `
 final class LegacyBox: @unchecked Sendable {}

package/core/facts/detectors/text/ios.ts

@@ -608,6 +608,20 @@ export const hasSwiftMainThreadBlockingSleepUsage = (source: string): boolean =>
   });
 };
 
+export const hasSwiftIconOnlyControlWithoutAccessibilityLabelUsage = (source: string): boolean => {
+  const sanitized = sanitizeSwiftSourceForMultilineRegex(source);
+  const iconOnlyButtonPattern =
+    /\bButton\s*(?:\([^)]*\))?\s*\{[\s\S]{0,240}?\bImage\s*\(\s*systemName\s*:\s*""\s*\)[\s\S]{0,240}?\}/g;
+  for (const match of sanitized.matchAll(iconOnlyButtonPattern)) {
+    const segment = match[0] ?? '';
+    const following = sanitized.slice(match.index ?? 0, (match.index ?? 0) + segment.length + 160);
+    if (!/\.\s*accessibilityLabel\s*\(/.test(following)) {
+      return true;
+    }
+  }
+  return false;
+};
+
 export const hasSwiftUncheckedSendableUsage = (source: string): boolean => {
   return scanCodeLikeSource(source, ({ source: swiftSource, index, current }) => {
     if (current !== '@' || !swiftSource.startsWith('@unchecked', index)) {

package/core/facts/extractHeuristicFacts.ts

@@ -659,6 +659,7 @@ const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftFixedFontSizeUsage, ruleId: 'heuristics.ios.accessibility.fixed-font-size.ast', code: 'HEURISTICS_IOS_ACCESSIBILITY_FIXED_FONT_SIZE_AST', message: 'AST heuristic detected fixed font sizing in iOS production code; Dynamic Type semantic text styles remain the preferred baseline.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftPhysicalTextAlignmentUsage, ruleId: 'heuristics.ios.localization.physical-text-alignment.ast', code: 'HEURISTICS_IOS_LOCALIZATION_PHYSICAL_TEXT_ALIGNMENT_AST', message: 'AST heuristic detected physical left/right text alignment in iOS production code; leading/trailing remain the preferred RTL-safe baseline.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftMainThreadBlockingSleepUsage, ruleId: 'heuristics.ios.performance.blocking-sleep.ast', code: 'HEURISTICS_IOS_PERFORMANCE_BLOCKING_SLEEP_AST', message: 'AST heuristic detected blocking sleep usage in iOS production code; async clocks, suspension or cancellable scheduling remain the preferred baseline.' },
+  { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftIconOnlyControlWithoutAccessibilityLabelUsage, ruleId: 'heuristics.ios.accessibility.icon-only-control-label.ast', code: 'HEURISTICS_IOS_ACCESSIBILITY_ICON_ONLY_CONTROL_LABEL_AST', message: 'AST heuristic detected an icon-only SwiftUI control without accessibilityLabel; explicit accessible labels remain the preferred baseline.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftUncheckedSendableUsage, ruleId: 'heuristics.ios.unchecked-sendable.ast', code: 'HEURISTICS_IOS_UNCHECKED_SENDABLE_AST', message: 'AST heuristic detected @unchecked Sendable usage.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftPreconcurrencyUsage, ruleId: 'heuristics.ios.preconcurrency.ast', code: 'HEURISTICS_IOS_PRECONCURRENCY_AST', message: 'AST heuristic detected @preconcurrency usage.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftNonisolatedUnsafeUsage, ruleId: 'heuristics.ios.nonisolated-unsafe.ast', code: 'HEURISTICS_IOS_NONISOLATED_UNSAFE_AST', message: 'AST heuristic detected nonisolated(unsafe) usage.' },

package/core/rules/presets/heuristics/ios.test.ts

@@ -3,7 +3,7 @@ import test from 'node:test';
 import { iosRules } from './ios';
 
 test('iosRules define reglas heurísticas locked para plataforma ios', () => {
-  assert.equal(iosRules.length, 57);
+  assert.equal(iosRules.length, 58);
 
   const ids = iosRules.map((rule) => rule.id);
   assert.deepEqual(ids, [
@@ -31,6 +31,7 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     'heuristics.ios.accessibility.fixed-font-size.ast',
     'heuristics.ios.localization.physical-text-alignment.ast',
     'heuristics.ios.performance.blocking-sleep.ast',
+    'heuristics.ios.accessibility.icon-only-control-label.ast',
     'heuristics.ios.unchecked-sendable.ast',
     'heuristics.ios.preconcurrency.ast',
     'heuristics.ios.nonisolated-unsafe.ast',
@@ -131,6 +132,10 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     byId.get('heuristics.ios.performance.blocking-sleep.ast')?.then.code,
     'HEURISTICS_IOS_PERFORMANCE_BLOCKING_SLEEP_AST'
   );
+  assert.equal(
+    byId.get('heuristics.ios.accessibility.icon-only-control-label.ast')?.then.code,
+    'HEURISTICS_IOS_ACCESSIBILITY_ICON_ONLY_CONTROL_LABEL_AST'
+  );
   assert.equal(
     byId.get('heuristics.ios.preconcurrency.ast')?.then.code,
     'HEURISTICS_IOS_PRECONCURRENCY_AST'

package/core/rules/presets/heuristics/ios.ts

@@ -433,6 +433,24 @@ export const iosRules: RuleSet = [
       code: 'HEURISTICS_IOS_PERFORMANCE_BLOCKING_SLEEP_AST',
     },
   },
+  {
+    id: 'heuristics.ios.accessibility.icon-only-control-label.ast',
+    description: 'Detects icon-only SwiftUI controls without explicit accessibility labels.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.accessibility.icon-only-control-label.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message: 'AST heuristic detected an icon-only SwiftUI control without accessibilityLabel; explicit accessible labels remain the preferred baseline.',
+      code: 'HEURISTICS_IOS_ACCESSIBILITY_ICON_ONLY_CONTROL_LABEL_AST',
+    },
+  },
   {
     id: 'heuristics.ios.unchecked-sendable.ast',
     description: 'Detects @unchecked Sendable usage in iOS production code.',

package/docs/codex-skills/ios-enterprise-rules.md

@@ -626,7 +626,9 @@ struct APIEndpoint: Sendable {
 
 - `skills.ios.guideline.ios.dynamic-type-font-scaling-automa-tico` se mapea a `heuristics.ios.accessibility.fixed-font-size.ast`.
 - `skills.ios.guideline.ios.dynamic-type-fuentes-escalables-y-layouts-adaptativos` se mapea a `heuristics.ios.accessibility.fixed-font-size.ast`.
+- `skills.ios.guideline.ios.accessibility-labels-accessibilitylabel` se mapea a `heuristics.ios.accessibility.icon-only-control-label.ast`.
 - En `PROJECT MODE: brownfield`, este hallazgo detecta tamaños de fuente fijos (`.font(.system(size:))`, `Font.system(size:)`, `UIFont.systemFont(ofSize:)`) como señal de adopción hacia Dynamic Type y estilos semánticos. No marca `.font(.headline)`, `.font(.body)` ni otros estilos semánticos.
+- En `PROJECT MODE: brownfield`, este hallazgo detecta controles SwiftUI icon-only con `Button` + `Image(systemName:)` sin `.accessibilityLabel` cercano como señal de adopción hacia labels accesibles explícitas. No intenta inferir todos los casos de accesibilidad ni marca botones con texto visible.
 
 ### Enforcement AST inicial de RTL iOS
 

package/integrations/config/skillsDetectorRegistry.ts

@@ -131,6 +131,10 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     'ios.performance.blocking-sleep',
     ['heuristics.ios.performance.blocking-sleep.ast']
   ),
+  'skills.ios.guideline.ios.accessibility-labels-accessibilitylabel': heuristicDetector(
+    'ios.accessibility.icon-only-control-label',
+    ['heuristics.ios.accessibility.icon-only-control-label.ast']
+  ),
   'skills.ios.no-unchecked-sendable': heuristicDetector('ios.unchecked-sendable', [
     'heuristics.ios.unchecked-sendable.ast',
   ]),

package/integrations/config/skillsMarkdownRules.ts

@@ -416,6 +416,13 @@ const normalizeKnownRuleTarget = (
     ) {
       return 'skills.ios.guideline.ios.background-threads-no-bloquear-main-thread';
     }
+    if (
+      includes('accessibility labels') ||
+      includes('accessibilitylabel') ||
+      includes('accessibility label')
+    ) {
+      return 'skills.ios.guideline.ios.accessibility-labels-accessibilitylabel';
+    }
     if (
       includes('mixing legacy xctest style') ||
       includes('mixed xctest and swift testing') ||

package/integrations/lifecycle/audit.ts

@@ -23,7 +23,14 @@ export type LifecycleAuditResult = {
   command: 'pumuki audit';
   repo_root: string;
   stage: LifecycleAuditStage;
-  scope: { kind: 'repo' | 'staged'; staged_matching_extensions_count: number };
+  scope: {
+    kind: 'repo' | 'staged' | 'range';
+    staged_matching_extensions_count: number;
+    range_matching_extensions_count?: number;
+    base_ref?: string;
+    from_ref?: string;
+    to_ref?: string;
+  };
   audit_mode: 'gate' | 'engine';
   gate_exit_code: number;
   files_scanned: number | null;
@@ -54,7 +61,16 @@ type LifecycleAuditDependencies = {
   runPlatformGate: typeof runPlatformGate;
 };
 
-type LifecycleAuditScope = { kind: 'repo' } | { kind: 'staged' };
+type LifecycleAuditScope =
+  | { kind: 'repo' }
+  | { kind: 'staged' }
+  | {
+      kind: 'range';
+      baseRef: string;
+      fromRef: string;
+      toRef: string;
+      matchingExtensions: ReadonlyArray<string>;
+    };
 
 const POLICY_RECONCILE_HINT =
   'If .pumuki/policy-as-code.json signatures drift after a pumuki upgrade, run: pumuki policy reconcile --apply';
@@ -84,16 +100,161 @@ const collectStagedMatchingExtensions = (
     .filter((path) => hasAllowedExtension(path, extensions));
 };
 
+const runGitOrNull = (
+  git: Pick<IGitService, 'runGit'>,
+  args: ReadonlyArray<string>,
+  cwd: string
+): string | null => {
+  try {
+    const output = git.runGit([...args], cwd).trim();
+    return output.length > 0 ? output : null;
+  } catch {
+    return null;
+  }
+};
+
+const isResolvableRef = (
+  git: Pick<IGitService, 'runGit'>,
+  repoRoot: string,
+  ref: string
+): boolean => runGitOrNull(git, ['rev-parse', '--verify', ref], repoRoot) !== null;
+
+const branchPrefersDevelopBase = (branch: string): boolean =>
+  /^(feature|bugfix|chore|refactor|docs)\//.test(branch);
+
+const branchPrefersMainBase = (branch: string): boolean => /^hotfix\//.test(branch);
+
+const collectRangeMatchingExtensions = (params: {
+  git: Pick<IGitService, 'runGit'>;
+  repoRoot: string;
+  fromRef: string;
+  toRef: string;
+  extensions: ReadonlyArray<string>;
+}): string[] => {
+  const raw = runGitOrNull(
+    params.git,
+    ['diff', '--name-only', `${params.fromRef}..${params.toRef}`],
+    params.repoRoot
+  );
+  return (raw ?? '')
+    .split('\n')
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0)
+    .filter((path) => hasAllowedExtension(path, params.extensions));
+};
+
+const resolvePrePushRangeScope = (params: {
+  git: Pick<IGitService, 'runGit'>;
+  repoRoot: string;
+  extensions: ReadonlyArray<string>;
+}): LifecycleAuditScope | null => {
+  const branch =
+    runGitOrNull(params.git, ['rev-parse', '--abbrev-ref', 'HEAD'], params.repoRoot) ?? '';
+  if (branch === 'HEAD' || branch.length === 0) {
+    return null;
+  }
+
+  const explicitBase =
+    process.env.PUMUKI_AUDIT_PRE_PUSH_BASE_REF?.trim() ??
+    process.env.PUMUKI_PRE_PUSH_BASE_REF?.trim() ??
+    '';
+  const upstreamTracking = runGitOrNull(
+    params.git,
+    ['rev-parse', '--abbrev-ref', '--symbolic-full-name', '@{upstream}'],
+    params.repoRoot
+  );
+  const preferredBaseRefs = [
+    explicitBase,
+    ...(branchPrefersDevelopBase(branch) ? ['origin/develop'] : []),
+    ...(branchPrefersMainBase(branch) ? ['origin/main', 'origin/master'] : []),
+    upstreamTracking ?? '',
+    'origin/develop',
+    'origin/main',
+    'origin/master',
+  ].filter((ref, index, refs) => ref.length > 0 && refs.indexOf(ref) === index);
+
+  const baseRef = preferredBaseRefs.find((ref) =>
+    isResolvableRef(params.git, params.repoRoot, ref)
+  );
+  if (typeof baseRef === 'undefined') {
+    return null;
+  }
+
+  const mergeBase = runGitOrNull(params.git, ['merge-base', baseRef, 'HEAD'], params.repoRoot);
+  if (mergeBase === null) {
+    return null;
+  }
+
+  return {
+    kind: 'range',
+    baseRef,
+    fromRef: mergeBase,
+    toRef: 'HEAD',
+    matchingExtensions: collectRangeMatchingExtensions({
+      git: params.git,
+      repoRoot: params.repoRoot,
+      fromRef: mergeBase,
+      toRef: 'HEAD',
+      extensions: params.extensions,
+    }),
+  };
+};
+
 const resolveLifecycleAuditScope = (params: {
   stage: LifecycleAuditStage;
+  git: Pick<IGitService, 'runGit'>;
+  repoRoot: string;
+  extensions: ReadonlyArray<string>;
   stagedMatchingExtensions: ReadonlyArray<string>;
 }): LifecycleAuditScope => {
   if (params.stage === 'PRE_WRITE' && params.stagedMatchingExtensions.length > 0) {
     return { kind: 'staged' };
   }
+  if (params.stage === 'PRE_PUSH') {
+    const rangeScope = resolvePrePushRangeScope({
+      git: params.git,
+      repoRoot: params.repoRoot,
+      extensions: params.extensions,
+    });
+    if (rangeScope !== null) {
+      return rangeScope;
+    }
+  }
   return { kind: 'repo' };
 };
 
+const toGateScope = (scope: LifecycleAuditScope) => {
+  if (scope.kind === 'range') {
+    return {
+      kind: 'range' as const,
+      fromRef: scope.fromRef,
+      toRef: scope.toRef,
+      extensions: [...DEFAULT_FACT_FILE_EXTENSIONS],
+    };
+  }
+  return { kind: scope.kind };
+};
+
+const toResultScope = (params: {
+  scope: LifecycleAuditScope;
+  stagedMatchingExtensions: ReadonlyArray<string>;
+}): LifecycleAuditResult['scope'] => {
+  const base = {
+    kind: params.scope.kind,
+    staged_matching_extensions_count: params.stagedMatchingExtensions.length,
+  };
+  if (params.scope.kind !== 'range') {
+    return base;
+  }
+  return {
+    ...base,
+    range_matching_extensions_count: params.scope.matchingExtensions.length,
+    base_ref: params.scope.baseRef,
+    from_ref: params.scope.fromRef,
+    to_ref: params.scope.toRef,
+  };
+};
+
 const isFindingBlocking = (finding: SnapshotFinding): boolean => {
   if (typeof finding.blocking === 'boolean') {
     return finding.blocking;
@@ -246,15 +407,19 @@ export const runLifecycleAudit = async (params: {
   const stagedMatchingExtensions = collectStagedMatchingExtensions(git, extensions);
   const scope = resolveLifecycleAuditScope({
     stage: params.stage,
+    git,
+    repoRoot,
+    extensions,
     stagedMatchingExtensions,
   });
+  const gateScope = toGateScope(scope);
 
   const gateParams =
     params.auditMode === 'engine'
       ? {
           policy: resolved.policy,
           policyTrace: resolved.trace,
-          scope,
+          scope: gateScope,
           silent: true,
           auditMode: 'engine' as const,
           dependencies: {
@@ -273,7 +438,7 @@ export const runLifecycleAudit = async (params: {
       : {
           policy: resolved.policy,
           policyTrace: resolved.trace,
-          scope,
+          scope: gateScope,
           silent: true,
           auditMode: 'gate' as const,
         };
@@ -312,10 +477,7 @@ export const runLifecycleAudit = async (params: {
     command: 'pumuki audit',
     repo_root: repoRoot,
     stage: params.stage,
-    scope: {
-      kind: scope.kind,
-      staged_matching_extensions_count: stagedMatchingExtensions.length,
-    },
+    scope: toResultScope({ scope, stagedMatchingExtensions }),
     audit_mode: params.auditMode,
     gate_exit_code: gateExitCode,
     files_scanned: filesScanned,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.203",
+  "version": "6.3.205",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/skills.lock.json

@@ -1,7 +1,7 @@
 {
   "version": "1.0",
   "compilerVersion": "1.0.0",
-  "generatedAt": "2026-05-13T11:57:22.186Z",
+  "generatedAt": "2026-05-13T12:03:23.736Z",
   "bundles": [
     {
       "name": "android-guidelines",
@@ -5764,7 +5764,7 @@
       "name": "ios-guidelines",
       "version": "1.0.0",
       "source": "file:vendor/skills/ios-enterprise-rules/SKILL.md",
-      "hash": "54d70e010210d043da474f55a1031af4f0d897b30082dd522be5d85c44ba27ab",
+      "hash": "41ef368c744a0b772fa408e83fe7edf4621fe2766ba3ea47d6753339690dbbd2",
       "rules": [
         {
           "id": "skills.ios.guideline.ios.accessibility-identifiers-para-localizar-elementos",
@@ -5787,7 +5787,7 @@
           "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
           "confidence": "MEDIUM",
           "locked": true,
-          "evaluationMode": "DECLARATIVE",
+          "evaluationMode": "AUTO",
           "origin": "core"
         },
         {