pumuki 6.3.235 → 6.3.237

package/VERSION

@@ -1 +1 @@
-v6.3.190
+v6.3.237

package/core/facts/detectors/text/ios.test.ts

@@ -25,6 +25,7 @@ import {
   hasSwiftGeometryReaderUsage,
   hasSwiftHardcodedUiStringUsage,
   hasSwiftHardcodedSensitiveStringUsage,
+  hasSwiftUnlocalizedDateFormatterUsage,
   hasSwiftIconOnlyControlWithoutAccessibilityLabelUsage,
   hasSwiftLooseAssetResourceUsage,
   hasSwiftLegacyOnChangeUsage,
@@ -766,6 +767,40 @@ final class Credentials {
   assert.equal(hasSwiftHardcodedSensitiveStringUsage(safe), false);
 });
 
+test('hasSwiftUnlocalizedDateFormatterUsage detecta dateFormat fijo sin locale explicito', () => {
+  const source = `
+final class DatePresenter {
+  func render(date: Date) -> String {
+    let formatter = DateFormatter()
+    formatter.dateFormat = "yyyy-MM-dd"
+    return formatter.string(from: date)
+  }
+}
+`;
+  const safe = `
+final class DatePresenter {
+  func localized(date: Date) -> String {
+    let formatter = DateFormatter()
+    formatter.locale = .autoupdatingCurrent
+    formatter.dateFormat = "yyyy-MM-dd"
+    return formatter.string(from: date)
+  }
+
+  func styled(date: Date) -> String {
+    let formatter = DateFormatter()
+    formatter.dateStyle = .medium
+    return formatter.string(from: date)
+  }
+}
+let sample = "formatter.dateFormat = yyyy"
+// let formatter = DateFormatter()
+// formatter.dateFormat = "yyyy"
+`;
+
+  assert.equal(hasSwiftUnlocalizedDateFormatterUsage(source), true);
+  assert.equal(hasSwiftUnlocalizedDateFormatterUsage(safe), false);
+});
+
 test('detectores iOS de networking y JSON detectan Alamofire y JSONSerialization sin leer comentarios ni strings', () => {
   const source = `
 import Alamofire

package/core/facts/detectors/text/ios.ts

@@ -651,6 +651,37 @@ export const hasSwiftHardcodedSensitiveStringUsage = (source: string): boolean =
   ).length > 0;
 };
 
+export const hasSwiftUnlocalizedDateFormatterUsage = (source: string): boolean => {
+  const sanitizedSource = sanitizeSwiftSourceForMultilineRegex(source);
+  const formatterDeclarations = sanitizedSource.matchAll(
+    /\b(?:let|var)\s+([A-Za-z_][A-Za-z0-9_]*)\s*=\s*DateFormatter\s*\(\s*\)/g
+  );
+
+  for (const match of formatterDeclarations) {
+    const formatterName = match[1];
+    if (!formatterName) {
+      continue;
+    }
+
+    const formatterPattern = escapeRegex(formatterName);
+    const hasFixedDateFormat = new RegExp(`\\b${formatterPattern}\\s*\\.\\s*dateFormat\\s*=`).test(
+      sanitizedSource
+    );
+    if (!hasFixedDateFormat) {
+      continue;
+    }
+
+    const hasExplicitLocale = new RegExp(`\\b${formatterPattern}\\s*\\.\\s*locale\\s*=`).test(
+      sanitizedSource
+    );
+    if (!hasExplicitLocale) {
+      return true;
+    }
+  }
+
+  return false;
+};
+
 export const hasSwiftAlamofireUsage = (source: string): boolean => {
   return (
     collectSwiftRegexLines(source, /^\s*import\s+Alamofire\b/).length > 0 ||

package/core/facts/extractHeuristicFacts.ts

@@ -657,6 +657,7 @@ const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAdHocLoggingUsage, ruleId: 'heuristics.ios.logging.adhoc-print.ast', code: 'HEURISTICS_IOS_LOGGING_ADHOC_PRINT_AST', message: 'AST heuristic detected print/debugPrint/dump/NSLog/os_log usage in iOS production code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftSensitiveLoggingUsage, ruleId: 'heuristics.ios.logging.sensitive-data.ast', code: 'HEURISTICS_IOS_LOGGING_SENSITIVE_DATA_AST', message: 'AST heuristic detected sensitive data in an iOS logging call.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftHardcodedSensitiveStringUsage, ruleId: 'heuristics.ios.security.hardcoded-sensitive-string.ast', code: 'HEURISTICS_IOS_SECURITY_HARDCODED_SENSITIVE_STRING_AST', message: 'AST heuristic detected hardcoded sensitive Swift string; Keychain, secure config or environment-specific secrets remain the preferred baseline.' },
+  { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftUnlocalizedDateFormatterUsage, ruleId: 'heuristics.ios.localization.unlocalized-dateformatter.ast', code: 'HEURISTICS_IOS_LOCALIZATION_UNLOCALIZED_DATEFORMATTER_AST', message: 'AST heuristic detected DateFormatter dateFormat usage without an explicit locale.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftAlamofireUsage, ruleId: 'heuristics.ios.networking.alamofire.ast', code: 'HEURISTICS_IOS_NETWORKING_ALAMOFIRE_AST', message: 'AST heuristic detected Alamofire usage in iOS production code; URLSession remains the preferred baseline for new code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftJSONSerializationUsage, ruleId: 'heuristics.ios.json.jsonserialization.ast', code: 'HEURISTICS_IOS_JSON_JSONSERIALIZATION_AST', message: 'AST heuristic detected JSONSerialization usage in iOS production code; Codable remains the preferred baseline for new code.' },
   { platform: 'ios', pathCheck: isIOSSwiftPath, excludePaths: [isSwiftTestPath], detect: TextIOS.hasSwiftSensitiveUserDefaultsStorageUsage, ruleId: 'heuristics.ios.security.userdefaults-sensitive-data.ast', code: 'HEURISTICS_IOS_SECURITY_USERDEFAULTS_SENSITIVE_DATA_AST', message: 'AST heuristic detected sensitive data stored in UserDefaults/AppStorage; native Keychain remains the preferred baseline for secrets.' },

package/core/rules/presets/heuristics/ios.test.ts

@@ -3,7 +3,7 @@ import test from 'node:test';
 import { iosRules } from './ios';
 
 test('iosRules define reglas heurísticas locked para plataforma ios', () => {
-  assert.equal(iosRules.length, 58);
+  assert.equal(iosRules.length, 82);
 
   const ids = iosRules.map((rule) => rule.id);
   assert.deepEqual(ids, [
@@ -17,8 +17,18 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     'heuristics.ios.dispatchsemaphore.ast',
     'heuristics.ios.operation-queue.ast',
     'heuristics.ios.task-detached.ast',
+    'heuristics.ios.swiftui.onappear-task.ast',
+    'heuristics.ios.memory.strong-delegate.ast',
+    'heuristics.ios.memory.strong-self-escaping-closure.ast',
+    'heuristics.ios.architecture.custom-singleton.ast',
+    'heuristics.ios.architecture.swinject.ast',
+    'heuristics.ios.architecture.massive-view-controller.ast',
+    'heuristics.ios.maintainability.magic-number-layout.ast',
+    'heuristics.ios.safety.non-iboutlet-iuo.ast',
     'heuristics.ios.logging.adhoc-print.ast',
     'heuristics.ios.logging.sensitive-data.ast',
+    'heuristics.ios.security.hardcoded-sensitive-string.ast',
+    'heuristics.ios.localization.unlocalized-dateformatter.ast',
     'heuristics.ios.networking.alamofire.ast',
     'heuristics.ios.json.jsonserialization.ast',
     'heuristics.ios.dependencies.cocoapods.ast',
@@ -38,12 +48,25 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     'heuristics.ios.assume-isolated.ast',
     'heuristics.ios.observable-object.ast',
     'heuristics.ios.legacy-swiftui-observable-wrapper.ast',
+    'heuristics.ios.swiftui.non-private-state-ownership.ast',
     'heuristics.ios.passed-value-state-wrapper.ast',
     'heuristics.ios.foreach-indices.ast',
+    'heuristics.ios.swiftui.foreach-self-identity.ast',
+    'heuristics.ios.swiftui.inline-foreach-transform.ast',
+    'heuristics.ios.swiftui.self-print-changes.ast',
+    'heuristics.ios.swiftui.foreach-conditional-view-count.ast',
     'heuristics.ios.contains-user-filter.ast',
     'heuristics.ios.geometryreader.ast',
     'heuristics.ios.font-weight-bold.ast',
+    'heuristics.ios.swiftui.explicit-color-static-member.ast',
+    'heuristics.ios.swiftui.closure-based-viewbuilder-content.ast',
+    'heuristics.ios.swiftui.redundant-reactive-state-assignment.ast',
+    'heuristics.ios.swiftui.non-lazy-scroll-foreach.ast',
+    'heuristics.ios.swiftui.body-object-creation.ast',
+    'heuristics.ios.swiftui.image-data-decoding.ast',
+    'heuristics.ios.swiftui.inline-action-logic.ast',
     'heuristics.ios.navigation-view.ast',
+    'heuristics.ios.swiftui.untyped-navigation-link-destination.ast',
     'heuristics.ios.foreground-color.ast',
     'heuristics.ios.corner-radius.ast',
     'heuristics.ios.tab-item.ast',
@@ -60,6 +83,7 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     'heuristics.ios.testing.wait-for-expectations.ast',
     'heuristics.ios.testing.legacy-expectation-description.ast',
     'heuristics.ios.testing.mixed-frameworks.ast',
+    'heuristics.ios.testing.quick-nimble.ast',
     'heuristics.ios.core-data.nsmanagedobject-boundary.ast',
     'heuristics.ios.core-data.nsmanagedobject-async-boundary.ast',
     'heuristics.ios.core-data.layer-leak.ast',
@@ -116,6 +140,10 @@ test('iosRules define reglas heurísticas locked para plataforma ios', () => {
     byId.get('heuristics.ios.localization.hardcoded-ui-string.ast')?.then.code,
     'HEURISTICS_IOS_LOCALIZATION_HARDCODED_UI_STRING_AST'
   );
+  assert.equal(
+    byId.get('heuristics.ios.localization.unlocalized-dateformatter.ast')?.then.code,
+    'HEURISTICS_IOS_LOCALIZATION_UNLOCALIZED_DATEFORMATTER_AST'
+  );
   assert.equal(
     byId.get('heuristics.ios.assets.loose-resource.ast')?.then.code,
     'HEURISTICS_IOS_ASSETS_LOOSE_RESOURCE_AST'

package/core/rules/presets/heuristics/ios.ts

@@ -388,6 +388,25 @@ export const iosRules: RuleSet = [
       code: 'HEURISTICS_IOS_SECURITY_HARDCODED_SENSITIVE_STRING_AST',
     },
   },
+  {
+    id: 'heuristics.ios.localization.unlocalized-dateformatter.ast',
+    description: 'Detects DateFormatter fixed date formats without an explicit locale in iOS production code.',
+    severity: 'WARN',
+    platform: 'ios',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.ios.localization.unlocalized-dateformatter.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected DateFormatter dateFormat usage without an explicit locale; localized date formatting remains the preferred baseline.',
+      code: 'HEURISTICS_IOS_LOCALIZATION_UNLOCALIZED_DATEFORMATTER_AST',
+    },
+  },
   {
     id: 'heuristics.ios.networking.alamofire.ast',
     description: 'Detects Alamofire usage in iOS production code; URLSession is the preferred baseline for new code.',

package/integrations/config/skillsDetectorRegistry.ts

@@ -102,6 +102,10 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     'ios.security.hardcoded-sensitive-string',
     ['heuristics.ios.security.hardcoded-sensitive-string.ast']
   ),
+  'skills.ios.guideline.ios.dateformatter-fechas-localizadas': heuristicDetector(
+    'ios.localization.unlocalized-dateformatter',
+    ['heuristics.ios.localization.unlocalized-dateformatter.ast']
+  ),
   'skills.ios.guideline.ios.alamofire-prohibido-usar-urlsession-nativo': heuristicDetector(
     'ios.networking.alamofire',
     ['heuristics.ios.networking.alamofire.ast']

package/integrations/config/skillsMarkdownRules.ts

@@ -588,6 +588,9 @@ const normalizeKnownRuleTarget = (
     ) {
       return 'skills.ios.guideline.ios.obfuscation-strings-sensibles-en-co-digo';
     }
+    if (includes('dateformatter') && includes('localiz')) {
+      return 'skills.ios.guideline.ios.dateformatter-fechas-localizadas';
+    }
     if (
       includes('mixing legacy xctest style') ||
       includes('mixed xctest and swift testing') ||

package/integrations/lifecycle/cli.ts

@@ -1989,6 +1989,11 @@ export const buildPreWriteValidationPanel = (params: {
 }): string => {
   const git = params.aiGate.repo_state.git;
   const receipt = params.aiGate.mcp_receipt;
+  const blockingViolations = params.aiGate.violations.filter((violation) => violation.severity === 'ERROR');
+  const nonBlockingViolations = params.aiGate.violations.filter((violation) => violation.severity !== 'ERROR');
+  const rawSkillsContractStatus = params.aiGate.skills_contract?.status ?? 'n/a';
+  const visibleSkillsContractStatus =
+    rawSkillsContractStatus === 'FAIL' && params.aiGate.allowed ? 'ADVISORY' : rawSkillsContractStatus;
   const lines: string[] = [
     'PRE-FLIGHT CHECK',
     `Stage: ${params.sdd.stage} · SDD: ${params.sdd.decision.code} · AI Gate: ${params.aiGate.status}`,
@@ -1997,9 +2002,9 @@ export const buildPreWriteValidationPanel = (params: {
     `Evidence: kind=${params.aiGate.evidence.kind} age=${params.aiGate.evidence.age_seconds ?? 'n/a'}s max=${params.aiGate.evidence.max_age_seconds}s`,
     `Evidence source: source=${params.aiGate.evidence.source.source} path=${params.aiGate.evidence.source.path} digest=${params.aiGate.evidence.source.digest ?? 'null'} generated_at=${params.aiGate.evidence.source.generated_at ?? 'null'}`,
     `MCP receipt: required=${receipt.required ? 'yes' : 'no'} kind=${receipt.kind} age=${receipt.age_seconds ?? 'n/a'}s max=${receipt.max_age_seconds ?? 'n/a'}s`,
-    `Skills contract: enforced=${params.aiGate.skills_contract?.enforced ? 'yes' : 'no'} status=${params.aiGate.skills_contract?.status ?? 'n/a'} platforms=${params.aiGate.skills_contract?.detected_platforms.join(',') ?? 'none'}`,
+    `Skills contract: enforced=${params.aiGate.skills_contract?.enforced ? 'yes' : 'no'} status=${visibleSkillsContractStatus} platforms=${params.aiGate.skills_contract?.detected_platforms.join(',') ?? 'none'}`,
     `Auto-heal: attempted=${params.automation.attempted ? 'yes' : 'no'} actions=${params.automation.actions.length}`,
-    `Violations: ${params.aiGate.violations.length}`,
+    `Violations: blocking=${blockingViolations.length} advisory=${nonBlockingViolations.length}`,
   ];
 
   if (params.automation.actions.length > 0) {
@@ -2010,15 +2015,15 @@ export const buildPreWriteValidationPanel = (params: {
     }
   }
 
-  if (params.aiGate.violations.length > 0) {
+  if (blockingViolations.length > 0) {
     lines.push('');
     lines.push('Blocking causes:');
-    for (const violation of params.aiGate.violations) {
+    for (const violation of blockingViolations) {
       lines.push(`- ${violation.code}: ${violation.message}`);
     }
     lines.push('');
     lines.push('Operational hints:');
-    for (const violation of params.aiGate.violations) {
+    for (const violation of blockingViolations) {
       const hint = PRE_WRITE_HINTS_BY_CODE[violation.code];
       if (!hint) {
         continue;
@@ -2027,6 +2032,14 @@ export const buildPreWriteValidationPanel = (params: {
     }
   }
 
+  if (nonBlockingViolations.length > 0) {
+    lines.push('');
+    lines.push('Advisory findings:');
+    for (const violation of nonBlockingViolations) {
+      lines.push(`- ${violation.code}: ${violation.message}`);
+    }
+  }
+
   return renderPreWritePanel(lines);
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.235",
+  "version": "6.3.237",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/skills.lock.json

@@ -1,7 +1,7 @@
 {
   "version": "1.0",
   "compilerVersion": "1.0.0",
-  "generatedAt": "2026-05-13T16:57:01.364Z",
+  "generatedAt": "2026-05-13T18:33:35.600Z",
   "bundles": [
     {
       "name": "android-guidelines",
@@ -5764,7 +5764,7 @@
       "name": "ios-guidelines",
       "version": "1.0.0",
       "source": "file:vendor/skills/ios-enterprise-rules/SKILL.md",
-      "hash": "a70065766533e822f2139da42d7933b6f240634c93939ee60969e3fd009409ce",
+      "hash": "d787ee4a7d258686f6053ba89c5eff680d6d991ff54e590dd49b7aaa9a7e39f9",
       "rules": [
         {
           "id": "skills.ios.guideline.ios-swiftui-expert.use-navigationdestination-for-for-type-safe-navigation",
@@ -6315,7 +6315,7 @@
           "sourcePath": "vendor/skills/ios-enterprise-rules/SKILL.md",
           "confidence": "MEDIUM",
           "locked": true,
-          "evaluationMode": "DECLARATIVE",
+          "evaluationMode": "AUTO",
           "origin": "core"
         },
         {