pumuki 6.3.208 → 6.3.209

package/core/facts/detectors/text/ios.test.ts

@@ -44,6 +44,7 @@ import {
   hasSwiftOnTapGestureUsage,
   hasSwiftOperationQueueUsage,
   hasSwiftContainsUserFilterUsage,
+  hasSwiftCustomSingletonUsage,
   hasSwiftPassedValueStateWrapperUsage,
   hasSwiftPhysicalTextAlignmentUsage,
   hasSwiftPreconcurrencyUsage,
@@ -260,6 +261,28 @@ final class CartViewModel {
   assert.equal(hasSwiftStrongSelfEscapingClosureUsage(source), false);
 });
 
+test('hasSwiftCustomSingletonUsage detecta singletons propios y excluye usos de singletons del sistema', () => {
+  const source = `
+final class SessionStore {
+  static let shared = SessionStore()
+}
+
+final class MutableStore {
+  public static var shared: MutableStore = MutableStore()
+}
+`;
+  const ignored = `
+final class APIClient {
+  let session = URLSession.shared
+  let text = "static let shared = SessionStore()"
+  // static let shared = SessionStore()
+}
+`;
+
+  assert.equal(hasSwiftCustomSingletonUsage(source), true);
+  assert.equal(hasSwiftCustomSingletonUsage(ignored), false);
+});
+
 test('detectores de logging iOS detectan logs ad-hoc y PII en produccion', () => {
   const adHoc = `
 print(user.id)

package/core/facts/detectors/text/ios.ts

@@ -519,6 +519,15 @@ export const hasSwiftStrongSelfEscapingClosureUsage = (source: string): boolean
   return false;
 };
 
+export const hasSwiftCustomSingletonUsage = (source: string): boolean => {
+  const singletonDeclarationPattern =
+    /^\s*(?:(?:private|fileprivate|internal|public|open)\s+)?static\s+(?:let|var)\s+shared\b(?:\s*:\s*[A-Za-z_][A-Za-z0-9_.<>]*)?\s*=/;
+  return source.split(/\r?\n/).some((line) => {
+    const sanitizedLine = stripSwiftLineForSemanticScan(line);
+    return singletonDeclarationPattern.test(sanitizedLine);
+  });
+};
+
 export const hasSwiftAdHocLoggingUsage = (source: string): boolean => {
   return collectSwiftRegexLines(
     source,

package/core/facts/extractHeuristicFacts.ts

@@ -648,6 +648,7 @@ const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftTaskDetachedUsage, ruleId: 'heuristics.ios.task-detached.ast', code: 'HEURISTICS_IOS_TASK_DETACHED_AST', message: 'AST heuristic detected Task.detached usage.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftStrongDelegateReferenceUsage, ruleId: 'heuristics.ios.memory.strong-delegate.ast', code: 'HEURISTICS_IOS_MEMORY_STRONG_DELEGATE_AST', message: 'AST heuristic detected a strong delegate/dataSource reference; weak delegates remain the preferred baseline to avoid retain cycles.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftStrongSelfEscapingClosureUsage, ruleId: 'heuristics.ios.memory.strong-self-escaping-closure.ast', code: 'HEURISTICS_IOS_MEMORY_STRONG_SELF_ESCAPING_CLOSURE_AST', message: 'AST heuristic detected strong self capture in an escaping iOS closure; weak or unowned captures remain the preferred baseline when ownership is not explicit.' },
+  { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftCustomSingletonUsage, ruleId: 'heuristics.ios.architecture.custom-singleton.ast', code: 'HEURISTICS_IOS_ARCHITECTURE_CUSTOM_SINGLETON_AST', message: 'AST heuristic detected a custom static shared singleton in iOS production code; dependency injection remains the preferred baseline for app-owned services.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAdHocLoggingUsage, ruleId: 'heuristics.ios.logging.adhoc-print.ast', code: 'HEURISTICS_IOS_LOGGING_ADHOC_PRINT_AST', message: 'AST heuristic detected print/debugPrint/dump/NSLog/os_log usage in iOS production code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftSensitiveLoggingUsage, ruleId: 'heuristics.ios.logging.sensitive-data.ast', code: 'HEURISTICS_IOS_LOGGING_SENSITIVE_DATA_AST', message: 'AST heuristic detected sensitive data in an iOS logging call.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAlamofireUsage, ruleId: 'heuristics.ios.networking.alamofire.ast', code: 'HEURISTICS_IOS_NETWORKING_ALAMOFIRE_AST', message: 'AST heuristic detected Alamofire usage in iOS production code; URLSession remains the preferred baseline for new code.' },

package/core/rules/presets/heuristics/ios.ts

@@ -219,6 +219,25 @@ export const iosRules: RuleSet = [
       code: 'HEURISTICS_IOS_MEMORY_STRONG_SELF_ESCAPING_CLOSURE_AST',
     },
   },
+  {
+    id: 'heuristics.ios.architecture.custom-singleton.ast',
+    description: 'Detects custom static shared singletons in iOS production code.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.architecture.custom-singleton.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected a custom static shared singleton in iOS production code; dependency injection remains the preferred baseline for app-owned services.',
+      code: 'HEURISTICS_IOS_ARCHITECTURE_CUSTOM_SINGLETON_AST',
+    },
+  },
   {
     id: 'heuristics.ios.logging.adhoc-print.ast',
     description: 'Detects print/debugPrint/dump/NSLog/os_log usage in iOS production code.',

package/integrations/config/skillsDetectorRegistry.ts

@@ -58,6 +58,14 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
       'heuristics.ios.memory.strong-self-escaping-closure.ast',
     ]
   ),
+  'skills.ios.guideline.ios.no-singleton-usar-inyeccio-n-de-dependencias-no-compartir-instancias-g': heuristicDetector(
+    'ios.architecture.custom-singleton',
+    ['heuristics.ios.architecture.custom-singleton.ast']
+  ),
+  'skills.ios.guideline.ios.no-singletons-excepto-sistema-urlsession-shared-esta-ok': heuristicDetector(
+    'ios.architecture.custom-singleton',
+    ['heuristics.ios.architecture.custom-singleton.ast']
+  ),
   'skills.ios.guideline.ios.prohibido-print-y-logs-ad-hoc': heuristicDetector(
     'ios.logging.adhoc-print',
     ['heuristics.ios.logging.adhoc-print.ast']

package/integrations/config/skillsMarkdownRules.ts

@@ -435,6 +435,15 @@ const normalizeKnownRuleTarget = (
     ) {
       return 'skills.ios.guideline.ios.evitar-retain-cycles-especialmente-en-closures-delegates';
     }
+    if (
+      includes('no singleton') ||
+      includes('no singletons') ||
+      includes('static shared') ||
+      includes('static let shared') ||
+      includes('static var shared')
+    ) {
+      return 'skills.ios.guideline.ios.no-singleton-usar-inyeccio-n-de-dependencias-no-compartir-instancias-g';
+    }
     if (
       includes('mixing legacy xctest style') ||
       includes('mixed xctest and swift testing') ||

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.208",
+  "version": "6.3.209",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/skills.lock.json

@@ -1,7 +1,7 @@
 {
   "version": "1.0",
   "compilerVersion": "1.0.0",
-  "generatedAt": "2026-05-13T12:37:42.811Z",
+  "generatedAt": "2026-05-13T12:45:06.608Z",
   "bundles": [
     {
       "name": "android-guidelines",
@@ -5764,7 +5764,7 @@
       "name": "ios-guidelines",
       "version": "1.0.0",
       "source": "file:vendor/skills/ios-enterprise-rules/SKILL.md",
-      "hash": "32c74edc740622834bf48fa060ebc04f8d5ee0c826e9a6dd48a068212dfc2552",
+      "hash": "5c20c168bf6f54010cfac75cce1311a03ed2345ac20eef7b2a4458ad8efd3fc4",
       "rules": [
         {
           "id": "skills.ios.guideline.ios.accessibility-identifiers-para-localizar-elementos",
@@ -6727,18 +6727,6 @@
           "evaluationMode": "DECLARATIVE",
           "origin": "core"
         },
-        {
-          "id": "skills.ios.guideline.ios.implementaciones-inyectadas-en-initializer-no-singleton",
-          "description": "Implementaciones inyectadas - En initializer, no Singleton",
-          "severity": "WARN",
-          "platform": "ios",
-          "sourceSkill": "ios-guidelines",
-          "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
-          "confidence": "MEDIUM",
-          "locked": true,
-          "evaluationMode": "DECLARATIVE",
-          "origin": "core"
-        },
         {
           "id": "skills.ios.guideline.ios.implicitly-unwrapped-solo-para-iboutlets-y-casos-muy-especi-ficos",
           "description": "Implicitly unwrapped (!) - Solo para IBOutlets y casos muy específicos",
@@ -7180,19 +7168,7 @@
           "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
           "confidence": "MEDIUM",
           "locked": true,
-          "evaluationMode": "DECLARATIVE",
-          "origin": "core"
-        },
-        {
-          "id": "skills.ios.guideline.ios.no-singletons-excepto-sistema-urlsession-shared-esta-ok",
-          "description": "No singletons - Excepto sistema (URLSession.shared está OK)",
-          "severity": "WARN",
-          "platform": "ios",
-          "sourceSkill": "ios-guidelines",
-          "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
-          "confidence": "MEDIUM",
-          "locked": true,
-          "evaluationMode": "DECLARATIVE",
+          "evaluationMode": "AUTO",
           "origin": "core"
         },
         {