pumuki 6.3.207 → 6.3.208

package/core/facts/detectors/text/ios.test.ts

@@ -55,6 +55,7 @@ import {
   hasSwiftJSONSerializationUsage,
   hasSwiftStringFormatUsage,
   hasSwiftStrongDelegateReferenceUsage,
+  hasSwiftStrongSelfEscapingClosureUsage,
   hasSwiftTabItemUsage,
   hasSwiftTaskDetachedUsage,
   hasSwiftWaitForExpectationsUsage,
@@ -209,6 +210,56 @@ final class CheckoutCoordinator {
   assert.equal(hasSwiftStrongDelegateReferenceUsage(source), false);
 });
 
+test('hasSwiftStrongSelfEscapingClosureUsage detecta self fuerte en closures escapables iOS', () => {
+  const source = `
+final class CartViewModel {
+  private var cancellables = Set<AnyCancellable>()
+
+  func bind() {
+    Task {
+      await self.reload()
+    }
+    DispatchQueue.main.async {
+      self.render()
+    }
+    Timer.scheduledTimer(withTimeInterval: 1, repeats: true) { timer in
+      self.tick(timer)
+    }
+    NotificationCenter.default.addObserver(forName: .cartChanged, object: nil, queue: .main) { notification in
+      self.handle(notification)
+    }
+    publisher.sink { value in
+      self.consume(value)
+    }
+  }
+}
+`;
+
+  assert.equal(hasSwiftStrongSelfEscapingClosureUsage(source), true);
+});
+
+test('hasSwiftStrongSelfEscapingClosureUsage preserva capture lists weak/unowned e ignora comentarios y strings', () => {
+  const source = `
+final class CartViewModel {
+  func bind() {
+    Task { [weak self] in
+      await self?.reload()
+    }
+    DispatchQueue.main.async { [unowned self] in
+      render()
+    }
+    publisher.sink(receiveValue: { [weak self] value in
+      self?.consume(value)
+    })
+    let text = "Task { self.reload() }"
+    // Timer.scheduledTimer(withTimeInterval: 1, repeats: true) { _ in self.tick() }
+  }
+}
+`;
+
+  assert.equal(hasSwiftStrongSelfEscapingClosureUsage(source), false);
+});
+
 test('detectores de logging iOS detectan logs ad-hoc y PII en produccion', () => {
   const adHoc = `
 print(user.id)

package/core/facts/detectors/text/ios.ts

@@ -450,6 +450,75 @@ export const hasSwiftStrongDelegateReferenceUsage = (source: string): boolean =>
   });
 };
 
+const swiftStrongSelfEscapingClosurePatterns = [
+  /\bTask\s*(?:\([^)]*\))?\s*\{/g,
+  /\bDispatchQueue\s*\.\s*[A-Za-z0-9_.]+\s*\.\s*async(?:After)?\s*(?:\([^)]*\))?\s*\{/g,
+  /\bTimer\s*\.\s*scheduledTimer\s*\([\s\S]{0,320}?\)\s*\{/g,
+  /\bNotificationCenter\s*\.\s*default\s*\.\s*addObserver\s*\([\s\S]{0,420}?\busing\s*:\s*\{/g,
+  /\.\s*sink\s*\([\s\S]{0,420}?\b(?:receiveValue|receiveCompletion)\s*:\s*\{/g,
+  /\.\s*sink\s*\{/g,
+  /\.\s*handleEvents\s*\([\s\S]{0,420}?\b(?:receiveOutput|receiveCompletion|receiveCancel)\s*:\s*\{/g,
+];
+
+const findMatchingSwiftBraceIndex = (source: string, openingBraceIndex: number): number => {
+  let depth = 0;
+  for (let index = openingBraceIndex; index < source.length; index += 1) {
+    const char = source[index];
+    if (char === '{') {
+      depth += 1;
+      continue;
+    }
+    if (char !== '}') {
+      continue;
+    }
+    depth -= 1;
+    if (depth === 0) {
+      return index;
+    }
+  }
+  return -1;
+};
+
+const hasWeakOrUnownedSelfCaptureList = (closureBody: string): boolean => {
+  const trimmedStart = closureBody.trimStart();
+  if (!trimmedStart.startsWith('[')) {
+    return false;
+  }
+  const captureListEndIndex = trimmedStart.indexOf(']');
+  if (captureListEndIndex < 0) {
+    return false;
+  }
+  const captureList = trimmedStart.slice(1, captureListEndIndex);
+  return /\b(?:weak|unowned)\s+self\b/.test(captureList);
+};
+
+export const hasSwiftStrongSelfEscapingClosureUsage = (source: string): boolean => {
+  const sanitized = sanitizeSwiftSourceForMultilineRegex(source);
+  for (const pattern of swiftStrongSelfEscapingClosurePatterns) {
+    pattern.lastIndex = 0;
+    for (const match of sanitized.matchAll(pattern)) {
+      const matchedSource = match[0] ?? '';
+      const openingBraceOffset = matchedSource.lastIndexOf('{');
+      if (openingBraceOffset < 0 || match.index === undefined) {
+        continue;
+      }
+      const openingBraceIndex = match.index + openingBraceOffset;
+      const closingBraceIndex = findMatchingSwiftBraceIndex(sanitized, openingBraceIndex);
+      if (closingBraceIndex < 0) {
+        continue;
+      }
+      const closureBody = sanitized.slice(openingBraceIndex + 1, closingBraceIndex);
+      if (hasWeakOrUnownedSelfCaptureList(closureBody)) {
+        continue;
+      }
+      if (/\bself\s*\./.test(closureBody)) {
+        return true;
+      }
+    }
+  }
+  return false;
+};
+
 export const hasSwiftAdHocLoggingUsage = (source: string): boolean => {
   return collectSwiftRegexLines(
     source,

package/core/facts/extractHeuristicFacts.ts

@@ -647,6 +647,7 @@ const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftOperationQueueUsage, ruleId: 'heuristics.ios.operation-queue.ast', code: 'HEURISTICS_IOS_OPERATION_QUEUE_AST', message: 'AST heuristic detected OperationQueue usage.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftTaskDetachedUsage, ruleId: 'heuristics.ios.task-detached.ast', code: 'HEURISTICS_IOS_TASK_DETACHED_AST', message: 'AST heuristic detected Task.detached usage.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftStrongDelegateReferenceUsage, ruleId: 'heuristics.ios.memory.strong-delegate.ast', code: 'HEURISTICS_IOS_MEMORY_STRONG_DELEGATE_AST', message: 'AST heuristic detected a strong delegate/dataSource reference; weak delegates remain the preferred baseline to avoid retain cycles.' },
+  { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftStrongSelfEscapingClosureUsage, ruleId: 'heuristics.ios.memory.strong-self-escaping-closure.ast', code: 'HEURISTICS_IOS_MEMORY_STRONG_SELF_ESCAPING_CLOSURE_AST', message: 'AST heuristic detected strong self capture in an escaping iOS closure; weak or unowned captures remain the preferred baseline when ownership is not explicit.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAdHocLoggingUsage, ruleId: 'heuristics.ios.logging.adhoc-print.ast', code: 'HEURISTICS_IOS_LOGGING_ADHOC_PRINT_AST', message: 'AST heuristic detected print/debugPrint/dump/NSLog/os_log usage in iOS production code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftSensitiveLoggingUsage, ruleId: 'heuristics.ios.logging.sensitive-data.ast', code: 'HEURISTICS_IOS_LOGGING_SENSITIVE_DATA_AST', message: 'AST heuristic detected sensitive data in an iOS logging call.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAlamofireUsage, ruleId: 'heuristics.ios.networking.alamofire.ast', code: 'HEURISTICS_IOS_NETWORKING_ALAMOFIRE_AST', message: 'AST heuristic detected Alamofire usage in iOS production code; URLSession remains the preferred baseline for new code.' },

package/core/rules/presets/heuristics/ios.ts

@@ -200,6 +200,25 @@ export const iosRules: RuleSet = [
       code: 'HEURISTICS_IOS_MEMORY_STRONG_DELEGATE_AST',
     },
   },
+  {
+    id: 'heuristics.ios.memory.strong-self-escaping-closure.ast',
+    description: 'Detects strong self captures in escaping iOS closures.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.memory.strong-self-escaping-closure.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected strong self capture in an escaping iOS closure; weak or unowned captures remain the preferred baseline when ownership is not explicit.',
+      code: 'HEURISTICS_IOS_MEMORY_STRONG_SELF_ESCAPING_CLOSURE_AST',
+    },
+  },
   {
     id: 'heuristics.ios.logging.adhoc-print.ast',
     description: 'Detects print/debugPrint/dump/NSLog/os_log usage in iOS production code.',

package/integrations/config/skillsDetectorRegistry.ts

@@ -52,8 +52,11 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     ['heuristics.ios.memory.strong-delegate.ast']
   ),
   'skills.ios.guideline.ios.evitar-retain-cycles-especialmente-en-closures-delegates': heuristicDetector(
-    'ios.memory.strong-delegate',
-    ['heuristics.ios.memory.strong-delegate.ast']
+    'ios.memory.retain-cycles',
+    [
+      'heuristics.ios.memory.strong-delegate.ast',
+      'heuristics.ios.memory.strong-self-escaping-closure.ast',
+    ]
   ),
   'skills.ios.guideline.ios.prohibido-print-y-logs-ad-hoc': heuristicDetector(
     'ios.logging.adhoc-print',

package/integrations/config/skillsMarkdownRules.ts

@@ -423,14 +423,17 @@ const normalizeKnownRuleTarget = (
     ) {
       return 'skills.ios.guideline.ios.accessibility-labels-accessibilitylabel';
     }
+    if (includes('weak delegates') || includes('delegation pattern')) {
+      return 'skills.ios.guideline.ios.delegation-pattern-weak-delegates-para-evitar-retain-cycles';
+    }
     if (
-      includes('weak delegates') ||
-      includes('delegation pattern') ||
       includes('closures delegates') ||
+      includes('weak self') ||
+      includes('capture list') ||
       includes('avoid retain cycles') ||
       includes('evitar retain cycles')
     ) {
-      return 'skills.ios.guideline.ios.delegation-pattern-weak-delegates-para-evitar-retain-cycles';
+      return 'skills.ios.guideline.ios.evitar-retain-cycles-especialmente-en-closures-delegates';
     }
     if (
       includes('mixing legacy xctest style') ||

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.207",
+  "version": "6.3.208",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/skills.lock.json

@@ -1,7 +1,7 @@
 {
   "version": "1.0",
   "compilerVersion": "1.0.0",
-  "generatedAt": "2026-05-13T12:26:53.436Z",
+  "generatedAt": "2026-05-13T12:37:42.811Z",
   "bundles": [
     {
       "name": "android-guidelines",
@@ -5764,7 +5764,7 @@
       "name": "ios-guidelines",
       "version": "1.0.0",
       "source": "file:vendor/skills/ios-enterprise-rules/SKILL.md",
-      "hash": "672f428af5b852cb406bda732533581a045a0cc7e40a1f5c32b4ba57a5b248f7",
+      "hash": "32c74edc740622834bf48fa060ebc04f8d5ee0c826e9a6dd48a068212dfc2552",
       "rules": [
         {
           "id": "skills.ios.guideline.ios.accessibility-identifiers-para-localizar-elementos",
@@ -6042,18 +6042,6 @@
           "evaluationMode": "DECLARATIVE",
           "origin": "core"
         },
-        {
-          "id": "skills.ios.guideline.ios.capture-lists-capturar-valores-no-referencias",
-          "description": "Capture lists - Capturar valores, no referencias",
-          "severity": "WARN",
-          "platform": "ios",
-          "sourceSkill": "ios-guidelines",
-          "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
-          "confidence": "MEDIUM",
-          "locked": true,
-          "evaluationMode": "DECLARATIVE",
-          "origin": "core"
-        },
         {
           "id": "skills.ios.guideline.ios.carthage-prohibido",
           "description": "Carthage - Prohibido",
@@ -6510,6 +6498,18 @@
           "evaluationMode": "DECLARATIVE",
           "origin": "core"
         },
+        {
+          "id": "skills.ios.guideline.ios.evitar-retain-cycles-especialmente-en-closures-delegates",
+          "description": "[weak self] - En closures que pueden outlive self",
+          "severity": "WARN",
+          "platform": "ios",
+          "sourceSkill": "ios-guidelines",
+          "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
+          "confidence": "MEDIUM",
+          "locked": true,
+          "evaluationMode": "AUTO",
+          "origin": "core"
+        },
         {
           "id": "skills.ios.guideline.ios.expect-y-require-assertions-de-swift-testing",
           "description": "#expect y #require - Assertions de Swift Testing",
@@ -8239,18 +8239,6 @@
           "evaluationMode": "DECLARATIVE",
           "origin": "core"
         },
-        {
-          "id": "skills.ios.guideline.ios.weak-self-en-closures-que-pueden-outlive-self",
-          "description": "[weak self] - En closures que pueden outlive self",
-          "severity": "WARN",
-          "platform": "ios",
-          "sourceSkill": "ios-guidelines",
-          "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
-          "confidence": "MEDIUM",
-          "locked": true,
-          "evaluationMode": "DECLARATIVE",
-          "origin": "core"
-        },
         {
           "id": "skills.ios.guideline.ios.xcode-usar-la-u-ltima-versio-n-estable-disponible",
           "description": "Xcode: usar la última versión estable disponible",