pumuki 6.3.234 → 6.3.236

package/VERSION

@@ -1 +1 @@
-v6.3.190
+v6.3.236

package/core/facts/detectors/text/ios.test.ts

@@ -25,6 +25,7 @@ import {
   hasSwiftGeometryReaderUsage,
   hasSwiftHardcodedUiStringUsage,
   hasSwiftHardcodedSensitiveStringUsage,
+  hasSwiftUnlocalizedDateFormatterUsage,
   hasSwiftIconOnlyControlWithoutAccessibilityLabelUsage,
   hasSwiftLooseAssetResourceUsage,
   hasSwiftLegacyOnChangeUsage,
@@ -766,6 +767,40 @@ final class Credentials {
   assert.equal(hasSwiftHardcodedSensitiveStringUsage(safe), false);
 });
 
+test('hasSwiftUnlocalizedDateFormatterUsage detecta dateFormat fijo sin locale explicito', () => {
+  const source = `
+final class DatePresenter {
+  func render(date: Date) -> String {
+    let formatter = DateFormatter()
+    formatter.dateFormat = "yyyy-MM-dd"
+    return formatter.string(from: date)
+  }
+}
+`;
+  const safe = `
+final class DatePresenter {
+  func localized(date: Date) -> String {
+    let formatter = DateFormatter()
+    formatter.locale = .autoupdatingCurrent
+    formatter.dateFormat = "yyyy-MM-dd"
+    return formatter.string(from: date)
+  }
+
+  func styled(date: Date) -> String {
+    let formatter = DateFormatter()
+    formatter.dateStyle = .medium
+    return formatter.string(from: date)
+  }
+}
+let sample = "formatter.dateFormat = yyyy"
+// let formatter = DateFormatter()
+// formatter.dateFormat = "yyyy"
+`;
+
+  assert.equal(hasSwiftUnlocalizedDateFormatterUsage(source), true);
+  assert.equal(hasSwiftUnlocalizedDateFormatterUsage(safe), false);
+});
+
 test('detectores iOS de networking y JSON detectan Alamofire y JSONSerialization sin leer comentarios ni strings', () => {
   const source = `
 import Alamofire

package/core/facts/detectors/text/ios.ts

@@ -651,6 +651,37 @@ export const hasSwiftHardcodedSensitiveStringUsage = (source: string): boolean =
   ).length > 0;
 };
 
+export const hasSwiftUnlocalizedDateFormatterUsage = (source: string): boolean => {
+  const sanitizedSource = sanitizeSwiftSourceForMultilineRegex(source);
+  const formatterDeclarations = sanitizedSource.matchAll(
+    /\b(?:let|var)\s+([A-Za-z_][A-Za-z0-9_]*)\s*=\s*DateFormatter\s*\(\s*\)/g
+  );
+
+  for (const match of formatterDeclarations) {
+    const formatterName = match[1];
+    if (!formatterName) {
+      continue;
+    }
+
+    const formatterPattern = escapeRegex(formatterName);
+    const hasFixedDateFormat = new RegExp(`\\b${formatterPattern}\\s*\\.\\s*dateFormat\\s*=`).test(
+      sanitizedSource
+    );
+    if (!hasFixedDateFormat) {
+      continue;
+    }
+
+    const hasExplicitLocale = new RegExp(`\\b${formatterPattern}\\s*\\.\\s*locale\\s*=`).test(
+      sanitizedSource
+    );
+    if (!hasExplicitLocale) {
+      return true;
+    }
+  }
+
+  return false;
+};
+
 export const hasSwiftAlamofireUsage = (source: string): boolean => {
   return (
     collectSwiftRegexLines(source, /^\s*import\s+Alamofire\b/).length > 0 ||

package/core/facts/extractHeuristicFacts.ts

@@ -657,6 +657,7 @@ const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAdHocLoggingUsage, ruleId: 'heuristics.ios.logging.adhoc-print.ast', code: 'HEURISTICS_IOS_LOGGING_ADHOC_PRINT_AST', message: 'AST heuristic detected print/debugPrint/dump/NSLog/os_log usage in iOS production code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftSensitiveLoggingUsage, ruleId: 'heuristics.ios.logging.sensitive-data.ast', code: 'HEURISTICS_IOS_LOGGING_SENSITIVE_DATA_AST', message: 'AST heuristic detected sensitive data in an iOS logging call.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftHardcodedSensitiveStringUsage, ruleId: 'heuristics.ios.security.hardcoded-sensitive-string.ast', code: 'HEURISTICS_IOS_SECURITY_HARDCODED_SENSITIVE_STRING_AST', message: 'AST heuristic detected hardcoded sensitive Swift string; Keychain, secure config or environment-specific secrets remain the preferred baseline.' },
+  { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftUnlocalizedDateFormatterUsage, ruleId: 'heuristics.ios.localization.unlocalized-dateformatter.ast', code: 'HEURISTICS_IOS_LOCALIZATION_UNLOCALIZED_DATEFORMATTER_AST', message: 'AST heuristic detected DateFormatter dateFormat usage without an explicit locale.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAlamofireUsage, ruleId: 'heuristics.ios.networking.alamofire.ast', code: 'HEURISTICS_IOS_NETWORKING_ALAMOFIRE_AST', message: 'AST heuristic detected Alamofire usage in iOS production code; URLSession remains the preferred baseline for new code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftJSONSerializationUsage, ruleId: 'heuristics.ios.json.jsonserialization.ast', code: 'HEURISTICS_IOS_JSON_JSONSERIALIZATION_AST', message: 'AST heuristic detected JSONSerialization usage in iOS production code; Codable remains the preferred baseline for new code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftSensitiveUserDefaultsStorageUsage, ruleId: 'heuristics.ios.security.userdefaults-sensitive-data.ast', code: 'HEURISTICS_IOS_SECURITY_USERDEFAULTS_SENSITIVE_DATA_AST', message: 'AST heuristic detected sensitive data stored in UserDefaults/AppStorage; native Keychain remains the preferred baseline for secrets.' },

package/core/rules/presets/heuristics/ios.test.ts

@@ -3,7 +3,7 @@ import test from 'node:test';
 import { iosRules } from './ios';
 
 test('iosRules define reglas heurísticas locked para plataforma ios', () => {
-  assert.equal(iosRules.length, 58);
+  assert.equal(iosRules.length, 82);
 
   const ids = iosRules.map((rule) => rule.id);
   assert.deepEqual(ids, [
@@ -17,8 +17,18 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     'heuristics.ios.dispatchsemaphore.ast',
     'heuristics.ios.operation-queue.ast',
     'heuristics.ios.task-detached.ast',
+    'heuristics.ios.swiftui.onappear-task.ast',
+    'heuristics.ios.memory.strong-delegate.ast',
+    'heuristics.ios.memory.strong-self-escaping-closure.ast',
+    'heuristics.ios.architecture.custom-singleton.ast',
+    'heuristics.ios.architecture.swinject.ast',
+    'heuristics.ios.architecture.massive-view-controller.ast',
+    'heuristics.ios.maintainability.magic-number-layout.ast',
+    'heuristics.ios.safety.non-iboutlet-iuo.ast',
     'heuristics.ios.logging.adhoc-print.ast',
     'heuristics.ios.logging.sensitive-data.ast',
+    'heuristics.ios.security.hardcoded-sensitive-string.ast',
+    'heuristics.ios.localization.unlocalized-dateformatter.ast',
     'heuristics.ios.networking.alamofire.ast',
     'heuristics.ios.json.jsonserialization.ast',
     'heuristics.ios.dependencies.cocoapods.ast',
@@ -38,12 +48,25 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     'heuristics.ios.assume-isolated.ast',
     'heuristics.ios.observable-object.ast',
     'heuristics.ios.legacy-swiftui-observable-wrapper.ast',
+    'heuristics.ios.swiftui.non-private-state-ownership.ast',
     'heuristics.ios.passed-value-state-wrapper.ast',
     'heuristics.ios.foreach-indices.ast',
+    'heuristics.ios.swiftui.foreach-self-identity.ast',
+    'heuristics.ios.swiftui.inline-foreach-transform.ast',
+    'heuristics.ios.swiftui.self-print-changes.ast',
+    'heuristics.ios.swiftui.foreach-conditional-view-count.ast',
     'heuristics.ios.contains-user-filter.ast',
     'heuristics.ios.geometryreader.ast',
     'heuristics.ios.font-weight-bold.ast',
+    'heuristics.ios.swiftui.explicit-color-static-member.ast',
+    'heuristics.ios.swiftui.closure-based-viewbuilder-content.ast',
+    'heuristics.ios.swiftui.redundant-reactive-state-assignment.ast',
+    'heuristics.ios.swiftui.non-lazy-scroll-foreach.ast',
+    'heuristics.ios.swiftui.body-object-creation.ast',
+    'heuristics.ios.swiftui.image-data-decoding.ast',
+    'heuristics.ios.swiftui.inline-action-logic.ast',
     'heuristics.ios.navigation-view.ast',
+    'heuristics.ios.swiftui.untyped-navigation-link-destination.ast',
     'heuristics.ios.foreground-color.ast',
     'heuristics.ios.corner-radius.ast',
     'heuristics.ios.tab-item.ast',
@@ -60,6 +83,7 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     'heuristics.ios.testing.wait-for-expectations.ast',
     'heuristics.ios.testing.legacy-expectation-description.ast',
     'heuristics.ios.testing.mixed-frameworks.ast',
+    'heuristics.ios.testing.quick-nimble.ast',
     'heuristics.ios.core-data.nsmanagedobject-boundary.ast',
     'heuristics.ios.core-data.nsmanagedobject-async-boundary.ast',
     'heuristics.ios.core-data.layer-leak.ast',
@@ -116,6 +140,10 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     byId.get('heuristics.ios.localization.hardcoded-ui-string.ast')?.then.code,
     'HEURISTICS_IOS_LOCALIZATION_HARDCODED_UI_STRING_AST'
   );
+  assert.equal(
+    byId.get('heuristics.ios.localization.unlocalized-dateformatter.ast')?.then.code,
+    'HEURISTICS_IOS_LOCALIZATION_UNLOCALIZED_DATEFORMATTER_AST'
+  );
   assert.equal(
     byId.get('heuristics.ios.assets.loose-resource.ast')?.then.code,
     'HEURISTICS_IOS_ASSETS_LOOSE_RESOURCE_AST'

package/core/rules/presets/heuristics/ios.ts

@@ -388,6 +388,25 @@ export const iosRules: RuleSet = [
       code: 'HEURISTICS_IOS_SECURITY_HARDCODED_SENSITIVE_STRING_AST',
     },
   },
+  {
+    id: 'heuristics.ios.localization.unlocalized-dateformatter.ast',
+    description: 'Detects DateFormatter fixed date formats without an explicit locale in iOS production code.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.localization.unlocalized-dateformatter.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected DateFormatter dateFormat usage without an explicit locale; localized date formatting remains the preferred baseline.',
+      code: 'HEURISTICS_IOS_LOCALIZATION_UNLOCALIZED_DATEFORMATTER_AST',
+    },
+  },
   {
     id: 'heuristics.ios.networking.alamofire.ast',
     description: 'Detects Alamofire usage in iOS production code; URLSession is the preferred baseline for new code.',

package/integrations/config/skillsDetectorRegistry.ts

@@ -102,6 +102,10 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     'ios.security.hardcoded-sensitive-string',
     ['heuristics.ios.security.hardcoded-sensitive-string.ast']
   ),
+  'skills.ios.guideline.ios.dateformatter-fechas-localizadas': heuristicDetector(
+    'ios.localization.unlocalized-dateformatter',
+    ['heuristics.ios.localization.unlocalized-dateformatter.ast']
+  ),
   'skills.ios.guideline.ios.alamofire-prohibido-usar-urlsession-nativo': heuristicDetector(
     'ios.networking.alamofire',
     ['heuristics.ios.networking.alamofire.ast']

package/integrations/config/skillsMarkdownRules.ts

@@ -588,6 +588,9 @@ const normalizeKnownRuleTarget = (
     ) {
       return 'skills.ios.guideline.ios.obfuscation-strings-sensibles-en-co-digo';
     }
+    if (includes('dateformatter') && includes('localiz')) {
+      return 'skills.ios.guideline.ios.dateformatter-fechas-localizadas';
+    }
     if (
       includes('mixing legacy xctest style') ||
       includes('mixed xctest and swift testing') ||

package/integrations/git/runPlatformGate.ts

@@ -80,6 +80,61 @@ const defaultServices: GateServices = {
   evidence: new EvidenceService(),
 };
 
+const hasPositiveFindingLine = (lines: Finding['lines']): boolean => {
+  if (typeof lines === 'number') {
+    return Number.isFinite(lines) && lines > 0;
+  }
+  if (typeof lines === 'string') {
+    return lines.trim().length > 0;
+  }
+  if (Array.isArray(lines)) {
+    return lines.some((line) => Number.isFinite(line) && line > 0);
+  }
+  return false;
+};
+
+const hasActionableFindingLocation = (finding: Finding): boolean => {
+  return (
+    hasPositiveFindingLine(finding.lines) ||
+    finding.primary_node !== undefined ||
+    (finding.related_nodes?.length ?? 0) > 0
+  );
+};
+
+const toNonActionableScopedAdvisoryFinding = (finding: Finding): Finding => ({
+  ...finding,
+  blocking: false,
+  message:
+    `${finding.message} ` +
+    '(Advisory: Pumuki no pudo atribuir este hallazgo a una linea, rango o nodo accionable en el scope actual.)',
+  why:
+    finding.why ??
+    'El gate esta limitado a un scope acotado y este finding solo pudo atribuirse al archivo completo.',
+  expected_fix:
+    finding.expected_fix ??
+    'Reintentar cuando el detector aporte lineas, rango, simbolo o nodo; mientras tanto no bloquea el slice acotado.',
+});
+
+const normalizeScopedRuleEngineFindings = (params: {
+  findings: ReadonlyArray<Finding>;
+  scope: GateScope;
+}): ReadonlyArray<Finding> => {
+  if (params.scope.kind !== 'staged' && params.scope.kind !== 'range') {
+    return params.findings;
+  }
+
+  return params.findings.map((finding) => {
+    if (
+      !finding.filePath ||
+      hasActionableFindingLocation(finding) ||
+      (!finding.ruleId.startsWith('skills.') && !finding.ruleId.startsWith('heuristics.'))
+    ) {
+      return finding;
+    }
+    return toNonActionableScopedAdvisoryFinding(finding);
+  });
+};
+
 const buildDefaultMemoryShadowRecommendation = (params: {
   findings: ReadonlyArray<Finding>;
   tddBddSnapshot?: TddBddSnapshot;
@@ -960,7 +1015,11 @@ export async function runPlatformGate(params: {
     evaluationFacts = factsForPlatformEvaluation,
     findings: ruleEngineFindings,
   } = platformEvaluation;
-  const findings = [...aiGateRepoPolicyFindings, ...ruleEngineFindings];
+  const scopedRuleEngineFindings = normalizeScopedRuleEngineFindings({
+    findings: ruleEngineFindings,
+    scope: params.scope,
+  });
+  const findings = [...aiGateRepoPolicyFindings, ...scopedRuleEngineFindings];
   const evaluationMetrics: SnapshotEvaluationMetrics = coverage
     ? {
       facts_total: coverage.factsTotal,
@@ -1270,7 +1329,15 @@ export async function runPlatformGate(params: {
         ? [...brownfieldHotspotFindings, ...findings]
         : findings;
   const hasAstIntelligenceBlockingFinding = shouldBlockFromFinding(astIntelligenceDualFinding);
-  const decision = dependencies.evaluateGate([...effectiveFindings], params.policy);
+  const gateDecisionFindings = effectiveFindings.filter((finding) => finding.blocking !== false);
+  const decision = dependencies.evaluateGate([...gateDecisionFindings], params.policy);
+  const hasNonBlockingAdvisoryFinding = effectiveFindings.some(
+    (finding) =>
+      finding.blocking === false &&
+      (finding.severity === 'WARN' ||
+        finding.severity === 'ERROR' ||
+        finding.severity === 'CRITICAL')
+  );
   const baseGateOutcome =
     sddBlockingFinding ||
     degradedModeBlocks ||
@@ -1286,7 +1353,8 @@ export async function runPlatformGate(params: {
     brownfieldHotspotFindings.some((finding) => shouldBlockFromFinding(finding)) ||
     hasTddBddBlockingFinding
       ? 'BLOCK'
-      : (decision.outcome === 'PASS' && tddBddSnapshot?.status === 'advisory'
+      : (decision.outcome === 'PASS' &&
+          (tddBddSnapshot?.status === 'advisory' || hasNonBlockingAdvisoryFinding)
           ? 'WARN'
           : decision.outcome);
   const gateWaiverStage =

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.234",
+  "version": "6.3.236",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/skills.lock.json

@@ -1,7 +1,7 @@
 {
   "version": "1.0",
   "compilerVersion": "1.0.0",
-  "generatedAt": "2026-05-13T16:57:01.364Z",
+  "generatedAt": "2026-05-13T18:33:35.600Z",
   "bundles": [
     {
       "name": "android-guidelines",
@@ -5764,7 +5764,7 @@
       "name": "ios-guidelines",
       "version": "1.0.0",
       "source": "file:vendor/skills/ios-enterprise-rules/SKILL.md",
-      "hash": "a70065766533e822f2139da42d7933b6f240634c93939ee60969e3fd009409ce",
+      "hash": "d787ee4a7d258686f6053ba89c5eff680d6d991ff54e590dd49b7aaa9a7e39f9",
       "rules": [
         {
           "id": "skills.ios.guideline.ios-swiftui-expert.use-navigationdestination-for-for-type-safe-navigation",
@@ -6315,7 +6315,7 @@
           "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
           "confidence": "MEDIUM",
           "locked": true,
-          "evaluationMode": "DECLARATIVE",
+          "evaluationMode": "AUTO",
           "origin": "core"
         },
         {