pumuki 6.3.209 → 6.3.211

package/core/facts/detectors/text/ios.test.ts

@@ -29,6 +29,7 @@ import {
   hasSwiftLegacyExpectationDescriptionUsage,
   hasSwiftLegacySwiftUiObservableWrapperUsage,
   hasSwiftMainThreadBlockingSleepUsage,
+  hasSwiftMassiveViewControllerResponsibilityUsage,
   hasSwiftMixedTestingFrameworksUsage,
   hasSwiftLegacyXCTestImportUsage,
   hasSwiftModernizableXCTestSuiteUsage,
@@ -40,6 +41,7 @@ import {
   hasSwiftNSManagedObjectBoundaryUsage,
   hasSwiftNSManagedObjectStateLeakUsage,
   hasSwiftNavigationViewUsage,
+  hasSwiftNonIBOutletImplicitlyUnwrappedOptionalUsage,
   hasSwiftObservableObjectUsage,
   hasSwiftOnTapGestureUsage,
   hasSwiftOperationQueueUsage,
@@ -283,6 +285,60 @@ final class APIClient {
   assert.equal(hasSwiftCustomSingletonUsage(ignored), false);
 });
 
+test('hasSwiftMassiveViewControllerResponsibilityUsage detecta ViewControllers con acceso directo a infraestructura', () => {
+  const source = `
+final class CheckoutViewController: UIViewController {
+  override func viewDidLoad() {
+    super.viewDidLoad()
+    URLSession.shared.dataTask(with: URL(string: "https://example.com")!)
+    UserDefaults.standard.set(true, forKey: "seen")
+  }
+}
+`;
+  const ignored = `
+final class CheckoutViewController: UIViewController {
+  private let viewModel: CheckoutViewModel
+
+  init(viewModel: CheckoutViewModel) {
+    self.viewModel = viewModel
+    super.init(nibName: nil, bundle: nil)
+  }
+
+  override func viewDidLoad() {
+    super.viewDidLoad()
+    viewModel.load()
+  }
+}
+
+let text = "URLSession.shared.dataTask"
+// UserDefaults.standard.set(true, forKey: "seen")
+`;
+
+  assert.equal(hasSwiftMassiveViewControllerResponsibilityUsage(source), true);
+  assert.equal(hasSwiftMassiveViewControllerResponsibilityUsage(ignored), false);
+});
+
+test('hasSwiftNonIBOutletImplicitlyUnwrappedOptionalUsage detecta IUO fuera de IBOutlet', () => {
+  const source = `
+final class CheckoutViewModel {
+  var selectedOrder: Order!
+  private let formatter: DateFormatter!
+}
+`;
+  const ignored = `
+final class CheckoutViewController: UIViewController {
+  @IBOutlet weak var titleLabel: UILabel!
+  @IBOutlet
+  private weak var tableView: UITableView!
+  let text = "var selectedOrder: Order!"
+  // var selectedOrder: Order!
+}
+`;
+
+  assert.equal(hasSwiftNonIBOutletImplicitlyUnwrappedOptionalUsage(source), true);
+  assert.equal(hasSwiftNonIBOutletImplicitlyUnwrappedOptionalUsage(ignored), false);
+});
+
 test('detectores de logging iOS detectan logs ad-hoc y PII en produccion', () => {
   const adHoc = `
 print(user.id)

package/core/facts/detectors/text/ios.ts

@@ -528,6 +528,37 @@ export const hasSwiftCustomSingletonUsage = (source: string): boolean => {
   });
 };
 
+export const hasSwiftMassiveViewControllerResponsibilityUsage = (source: string): boolean => {
+  const sanitized = sanitizeSwiftSourceForMultilineRegex(source);
+  const viewControllerPattern =
+    /\bclass\s+[A-Za-z_][A-Za-z0-9_]*\s*:\s*(?:[A-Za-z_][A-Za-z0-9_]*\s*,\s*)*UIViewController\b[\s\S]{0,8000}?\n\}/g;
+  const infrastructurePattern =
+    /\b(?:URLSession\s*\.\s*shared|JSONSerialization|UserDefaults\s*\.\s*standard|NSManagedObjectContext|NSPersistentContainer|NSFetchRequest|FileManager\s*\.\s*default)\b/;
+
+  for (const match of sanitized.matchAll(viewControllerPattern)) {
+    const body = match[0] ?? '';
+    if (infrastructurePattern.test(body)) {
+      return true;
+    }
+  }
+  return false;
+};
+
+export const hasSwiftNonIBOutletImplicitlyUnwrappedOptionalUsage = (source: string): boolean => {
+  const lines = source.split(/\r?\n/);
+  const implicitlyUnwrappedPropertyPattern =
+    /\b(?:var|let)\s+[A-Za-z_][A-Za-z0-9_]*\s*:\s*(?:[A-Za-z_][A-Za-z0-9_.<>?]*\s*)!\s*(?:[=,{]|$)/;
+
+  return lines.some((line, index) => {
+    const sanitizedLine = stripSwiftLineForSemanticScan(line);
+    if (!implicitlyUnwrappedPropertyPattern.test(sanitizedLine)) {
+      return false;
+    }
+    const previousLine = index > 0 ? stripSwiftLineForSemanticScan(lines[index - 1] ?? '') : '';
+    return !/\B@IBOutlet\b/.test(`${previousLine} ${sanitizedLine}`);
+  });
+};
+
 export const hasSwiftAdHocLoggingUsage = (source: string): boolean => {
   return collectSwiftRegexLines(
     source,

package/core/facts/extractHeuristicFacts.ts

@@ -649,6 +649,8 @@ const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftStrongDelegateReferenceUsage, ruleId: 'heuristics.ios.memory.strong-delegate.ast', code: 'HEURISTICS_IOS_MEMORY_STRONG_DELEGATE_AST', message: 'AST heuristic detected a strong delegate/dataSource reference; weak delegates remain the preferred baseline to avoid retain cycles.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftStrongSelfEscapingClosureUsage, ruleId: 'heuristics.ios.memory.strong-self-escaping-closure.ast', code: 'HEURISTICS_IOS_MEMORY_STRONG_SELF_ESCAPING_CLOSURE_AST', message: 'AST heuristic detected strong self capture in an escaping iOS closure; weak or unowned captures remain the preferred baseline when ownership is not explicit.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftCustomSingletonUsage, ruleId: 'heuristics.ios.architecture.custom-singleton.ast', code: 'HEURISTICS_IOS_ARCHITECTURE_CUSTOM_SINGLETON_AST', message: 'AST heuristic detected a custom static shared singleton in iOS production code; dependency injection remains the preferred baseline for app-owned services.' },
+  { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftMassiveViewControllerResponsibilityUsage, ruleId: 'heuristics.ios.architecture.massive-view-controller.ast', code: 'HEURISTICS_IOS_ARCHITECTURE_MASSIVE_VIEW_CONTROLLER_AST', message: 'AST heuristic detected a UIViewController with direct infrastructure/data access; move data access behind application/domain boundaries.' },
+  { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftNonIBOutletImplicitlyUnwrappedOptionalUsage, ruleId: 'heuristics.ios.safety.non-iboutlet-iuo.ast', code: 'HEURISTICS_IOS_SAFETY_NON_IBOUTLET_IUO_AST', message: 'AST heuristic detected an implicitly unwrapped optional outside IBOutlet wiring; explicit optionals or initialization guarantees remain the preferred baseline.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAdHocLoggingUsage, ruleId: 'heuristics.ios.logging.adhoc-print.ast', code: 'HEURISTICS_IOS_LOGGING_ADHOC_PRINT_AST', message: 'AST heuristic detected print/debugPrint/dump/NSLog/os_log usage in iOS production code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftSensitiveLoggingUsage, ruleId: 'heuristics.ios.logging.sensitive-data.ast', code: 'HEURISTICS_IOS_LOGGING_SENSITIVE_DATA_AST', message: 'AST heuristic detected sensitive data in an iOS logging call.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAlamofireUsage, ruleId: 'heuristics.ios.networking.alamofire.ast', code: 'HEURISTICS_IOS_NETWORKING_ALAMOFIRE_AST', message: 'AST heuristic detected Alamofire usage in iOS production code; URLSession remains the preferred baseline for new code.' },

package/core/rules/presets/heuristics/ios.ts

@@ -238,6 +238,44 @@ export const iosRules: RuleSet = [
       code: 'HEURISTICS_IOS_ARCHITECTURE_CUSTOM_SINGLETON_AST',
     },
   },
+  {
+    id: 'heuristics.ios.architecture.massive-view-controller.ast',
+    description: 'Detects UIViewController classes with direct infrastructure/data access.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.architecture.massive-view-controller.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected a UIViewController with direct infrastructure/data access; move data access behind application/domain boundaries.',
+      code: 'HEURISTICS_IOS_ARCHITECTURE_MASSIVE_VIEW_CONTROLLER_AST',
+    },
+  },
+  {
+    id: 'heuristics.ios.safety.non-iboutlet-iuo.ast',
+    description: 'Detects implicitly unwrapped optionals outside IBOutlet wiring.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.safety.non-iboutlet-iuo.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected an implicitly unwrapped optional outside IBOutlet wiring; explicit optionals or initialization guarantees remain the preferred baseline.',
+      code: 'HEURISTICS_IOS_SAFETY_NON_IBOUTLET_IUO_AST',
+    },
+  },
   {
     id: 'heuristics.ios.logging.adhoc-print.ast',
     description: 'Detects print/debugPrint/dump/NSLog/os_log usage in iOS production code.',

package/integrations/config/skillsDetectorRegistry.ts

@@ -66,6 +66,22 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     'ios.architecture.custom-singleton',
     ['heuristics.ios.architecture.custom-singleton.ast']
   ),
+  'skills.ios.guideline.ios.massive-view-controllers-viewcontrollers-que-mezclan-presentacio-n-nav': heuristicDetector(
+    'ios.architecture.massive-view-controller',
+    ['heuristics.ios.architecture.massive-view-controller.ast']
+  ),
+  'skills.ios.guideline.ios.mvc-evitar-massive-view-controller-no-escalable': heuristicDetector(
+    'ios.architecture.massive-view-controller',
+    ['heuristics.ios.architecture.massive-view-controller.ast']
+  ),
+  'skills.ios.guideline.ios.implicitly-unwrapped-solo-para-iboutlets-y-casos-muy-especi-ficos': heuristicDetector(
+    'ios.safety.non-iboutlet-iuo',
+    ['heuristics.ios.safety.non-iboutlet-iuo.ast']
+  ),
+  'skills.ios.guideline.ios.singletons-dificultan-testing': heuristicDetector(
+    'ios.architecture.custom-singleton',
+    ['heuristics.ios.architecture.custom-singleton.ast']
+  ),
   'skills.ios.guideline.ios.prohibido-print-y-logs-ad-hoc': heuristicDetector(
     'ios.logging.adhoc-print',
     ['heuristics.ios.logging.adhoc-print.ast']

package/integrations/config/skillsMarkdownRules.ts

@@ -444,6 +444,23 @@ const normalizeKnownRuleTarget = (
     ) {
       return 'skills.ios.guideline.ios.no-singleton-usar-inyeccio-n-de-dependencias-no-compartir-instancias-g';
     }
+    if (
+      includes('massive view controller') ||
+      includes('massive view controllers') ||
+      includes('viewcontrollers que mezclan') ||
+      includes('viewcontroller que mezclan') ||
+      (includes('mvc') && includes('evitar'))
+    ) {
+      return 'skills.ios.guideline.ios.massive-view-controllers-viewcontrollers-que-mezclan-presentacio-n-nav';
+    }
+    if (
+      includes('implicitly unwrapped') ||
+      includes('implicit unwrapped') ||
+      includes('iboutlet') ||
+      includes('iboutlets')
+    ) {
+      return 'skills.ios.guideline.ios.implicitly-unwrapped-solo-para-iboutlets-y-casos-muy-especi-ficos';
+    }
     if (
       includes('mixing legacy xctest style') ||
       includes('mixed xctest and swift testing') ||

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.209",
+  "version": "6.3.211",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/skills.lock.json

@@ -1,7 +1,7 @@
 {
   "version": "1.0",
   "compilerVersion": "1.0.0",
-  "generatedAt": "2026-05-13T12:45:06.608Z",
+  "generatedAt": "2026-05-13T12:56:51.940Z",
   "bundles": [
     {
       "name": "android-guidelines",
@@ -5764,7 +5764,7 @@
       "name": "ios-guidelines",
       "version": "1.0.0",
       "source": "file:vendor/skills/ios-enterprise-rules/SKILL.md",
-      "hash": "5c20c168bf6f54010cfac75cce1311a03ed2345ac20eef7b2a4458ad8efd3fc4",
+      "hash": "1395678f8abd2b8eddb9d4270fd205517ed4ce4e3796def5f7846592990ec778",
       "rules": [
         {
           "id": "skills.ios.guideline.ios.accessibility-identifiers-para-localizar-elementos",
@@ -6736,7 +6736,7 @@
           "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
           "confidence": "MEDIUM",
           "locked": true,
-          "evaluationMode": "DECLARATIVE",
+          "evaluationMode": "AUTO",
           "origin": "core"
         },
         {
@@ -6957,14 +6957,14 @@
         },
         {
           "id": "skills.ios.guideline.ios.massive-view-controllers-viewcontrollers-que-mezclan-presentacio-n-nav",
-          "description": "Massive View Controllers - ViewControllers que mezclan presentación, navegación, estado, acceso a datos o coordinación de infraestructura",
+          "description": "MVC (evitar) - Massive View Controller, no escalable",
           "severity": "ERROR",
           "platform": "ios",
           "sourceSkill": "ios-guidelines",
           "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
-          "confidence": "HIGH",
+          "confidence": "MEDIUM",
           "locked": true,
-          "evaluationMode": "DECLARATIVE",
+          "evaluationMode": "AUTO",
           "origin": "core"
         },
         {
@@ -6991,18 +6991,6 @@
           "evaluationMode": "DECLARATIVE",
           "origin": "core"
         },
-        {
-          "id": "skills.ios.guideline.ios.mvc-evitar-massive-view-controller-no-escalable",
-          "description": "MVC (evitar) - Massive View Controller, no escalable",
-          "severity": "ERROR",
-          "platform": "ios",
-          "sourceSkill": "ios-guidelines",
-          "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
-          "confidence": "MEDIUM",
-          "locked": true,
-          "evaluationMode": "DECLARATIVE",
-          "origin": "core"
-        },
         {
           "id": "skills.ios.guideline.ios.mvvm-c-coordinator-para-navegacio-n",
           "description": "MVVM-C - + Coordinator para navegación",