pumuki 6.3.267 → 6.3.269

package/VERSION

@@ -1 +1 @@
-v6.3.238
+v6.3.269

package/core/gate/evaluateGate.test.ts

@@ -25,12 +25,14 @@ test('evaluateGate devuelve WARN cuando hay warnings sin bloqueantes', () => {
       severity: 'WARN',
       code: 'RULE_WARN',
       message: 'Warn finding',
+      blocking: false,
     },
     {
       ruleId: 'rule.info',
       severity: 'INFO',
       code: 'RULE_INFO',
       message: 'Info finding',
+      blocking: false,
     },
   ];
 
@@ -42,7 +44,7 @@ test('evaluateGate devuelve WARN cuando hay warnings sin bloqueantes', () => {
   assert.equal(result.warnings[0]?.ruleId, 'rule.warn');
 });
 
-test('evaluateGate devuelve BLOCK cuando existe al menos un finding bloqueante', () => {
+test('evaluateGate devuelve BLOCK para cualquier finding runtime salvo blocking=false', () => {
   const findings: Finding[] = [
     {
       ruleId: 'rule.error',
@@ -62,18 +64,24 @@ test('evaluateGate devuelve BLOCK cuando existe al menos un finding bloqueante',
       code: 'RULE_WARN',
       message: 'Warn finding',
     },
+    {
+      ruleId: 'rule.info.advisory',
+      severity: 'INFO',
+      code: 'RULE_INFO_ADVISORY',
+      message: 'Info advisory finding',
+      blocking: false,
+    },
   ];
 
   const result = evaluateGate(findings, defaultPolicy);
 
   assert.equal(result.outcome, 'BLOCK');
-  assert.equal(result.blocking.length, 2);
+  assert.equal(result.blocking.length, 3);
   assert.deepEqual(
     result.blocking.map((finding) => finding.ruleId),
-    ['rule.error', 'rule.critical']
+    ['rule.error', 'rule.critical', 'rule.warn']
   );
-  assert.equal(result.warnings.length, 1);
-  assert.equal(result.warnings[0]?.ruleId, 'rule.warn');
+  assert.deepEqual(result.warnings, []);
 });
 
 test('evaluateGate bloquea cualquier severidad cuando la policy zero-violations usa INFO', () => {

package/core/gate/evaluateGate.ts

@@ -3,16 +3,16 @@ import type { GateOutcome } from './GateOutcome';
 import type { GatePolicy } from './GatePolicy';
 import { isSeverityAtLeast } from '../rules/Severity';
 
+const isBlockingFinding = (finding: Finding): boolean => finding.blocking !== false;
+
 export function evaluateGate(
   findings: Finding[],
   policy: GatePolicy
 ): { outcome: GateOutcome; blocking: Finding[]; warnings: Finding[] } {
-  const blocking = findings.filter((finding) =>
-    isSeverityAtLeast(finding.severity, policy.blockOnOrAbove)
-  );
+  const blocking = findings.filter(isBlockingFinding);
   const warnings = findings.filter(
     (finding) =>
-      !isSeverityAtLeast(finding.severity, policy.blockOnOrAbove) &&
+      !isBlockingFinding(finding) &&
       isSeverityAtLeast(finding.severity, policy.warnOnOrAbove)
   );
 

package/docs/governance/CONTRIBUTING.md

@@ -89,4 +89,4 @@ npm run test:heuristics
 ## Notes for automation contributors
 
 This repository still contains legacy hooks/scripts for compatibility.
-For framework refactor commits, maintainers may use `--no-verify` to avoid unrelated legacy hook failures.
+Framework refactor commits must run through the managed hooks; bypassing verification is not an accepted maintainer workflow.

package/integrations/config/coreSkillsLock.ts

@@ -20,7 +20,8 @@ export const resolveCoreSkillsLockForPackageRoot = (
     if (compiledLock.bundles.length > 0) {
       return compiledLock;
     }
-  } catch {
+  } catch (error) {
+    void error;
   }
 
   return loadSkillsLock(packageRoot);

package/integrations/config/skillsDetectorRegistry.ts

@@ -427,6 +427,16 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
   'skills.frontend.no-god-classes': heuristicDetector('typescript.god-class', [
     'heuristics.ts.god-class-large-class.ast',
   ]),
+  'skills.ios.guideline.ios.verificar-que-no-viole-solid-srp-ocp-lsp-isp-dip': heuristicDetector(
+    'ios.solid',
+    [
+      'heuristics.ios.solid.srp.presentation-mixed-responsibilities.ast',
+      'heuristics.ios.solid.ocp.discriminator-switch.ast',
+      'heuristics.ios.solid.dip.concrete-framework-dependency.ast',
+      'heuristics.ios.solid.isp.fat-protocol-dependency.ast',
+      'heuristics.ios.solid.lsp.narrowed-precondition.ast',
+    ]
+  ),
   'skills.android.no-thread-sleep': heuristicDetector('android.thread-sleep', [
     'heuristics.android.thread-sleep.ast',
   ]),
@@ -505,6 +515,14 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     'heuristics.android.solid.isp.fat-interface-dependency.ast',
     'heuristics.android.solid.lsp.narrowed-precondition.ast',
   ]),
+  'skills.android.guideline.android.verificar-que-no-viole-solid-srp-ocp-lsp-isp-dip':
+    heuristicDetector('android.solid', [
+      'heuristics.android.solid.srp.presentation-mixed-responsibilities.ast',
+      'heuristics.android.solid.ocp.discriminator-branching.ast',
+      'heuristics.android.solid.dip.concrete-framework-dependency.ast',
+      'heuristics.android.solid.isp.fat-interface-dependency.ast',
+      'heuristics.android.solid.lsp.narrowed-precondition.ast',
+    ]),
 };
 
 export const listSkillsDetectorBindings = (): ReadonlyArray<{

package/integrations/config/skillsRuleClassification.ts

@@ -0,0 +1,147 @@
+import type { SkillsCompiledRule, SkillsLockV1 } from './skillsLock';
+import { resolveMappedHeuristicRuleIdsForCompiledRule } from './skillsDetectorRegistry';
+
+export type SkillsRuleClassificationStatus =
+  | 'AST_IMPLEMENTED'
+  | 'IMPLEMENTABLE_AHORA'
+  | 'REQUIERE_ESTUDIO'
+  | 'NO_ES_REGLA_DE_CODIGO';
+
+export type ClassifiedSkillsRule = {
+  ruleId: string;
+  platform: SkillsCompiledRule['platform'];
+  sourceSkill: string;
+  sourcePath: string;
+  evaluationMode: 'AUTO' | 'DECLARATIVE';
+  severity: SkillsCompiledRule['severity'];
+  status: SkillsRuleClassificationStatus;
+  reason: string;
+  astNodeIds: ReadonlyArray<string>;
+};
+
+export type SkillsRuleClassificationSummary = {
+  total: number;
+  byStatus: Record<SkillsRuleClassificationStatus, number>;
+  byPlatform: Record<string, number>;
+  rules: ReadonlyArray<ClassifiedSkillsRule>;
+};
+
+const emptyStatusCounts = (): Record<SkillsRuleClassificationStatus, number> => ({
+  AST_IMPLEMENTED: 0,
+  IMPLEMENTABLE_AHORA: 0,
+  REQUIERE_ESTUDIO: 0,
+  NO_ES_REGLA_DE_CODIGO: 0,
+});
+
+const normalizeText = (value: string): string =>
+  value
+    .normalize('NFD')
+    .replace(/\p{Diacritic}/gu, '')
+    .toLowerCase();
+
+const NON_CODE_RULE_PATTERNS: ReadonlyArray<RegExp> = [
+  /\bactua como\b/,
+  /\bsiempre responder\b/,
+  /\bflujo bdd\b/,
+  /\bfeature files\b/,
+  /\bspecs\b.*\bimplementacion\b/,
+  /\bcomprobar que compile\b/,
+  /\banalizar estructura existente\b/,
+  /\bandroid profiler\b/,
+  /\bxcode instruments\b/,
+  /\bdocumentation\b/,
+  /\bdocumentacion\b/,
+  /\breadme\b/,
+  /\bci\/cd\b/,
+];
+
+const isNonCodeRule = (rule: SkillsCompiledRule): boolean => {
+  const haystack = normalizeText(`${rule.id} ${rule.description} ${rule.sourceSkill}`);
+  return NON_CODE_RULE_PATTERNS.some((pattern) => pattern.test(haystack));
+};
+
+const classifyRule = (rule: SkillsCompiledRule): ClassifiedSkillsRule => {
+  const evaluationMode = rule.evaluationMode ?? 'AUTO';
+  const astNodeIds = resolveMappedHeuristicRuleIdsForCompiledRule(rule);
+
+  if (astNodeIds.length > 0) {
+    return {
+      ruleId: rule.id,
+      platform: rule.platform,
+      sourceSkill: rule.sourceSkill,
+      sourcePath: rule.sourcePath,
+      evaluationMode,
+      severity: rule.severity,
+      status: 'AST_IMPLEMENTED',
+      reason: `Mapped to AST/nodal detector(s): ${astNodeIds.join(', ')}`,
+      astNodeIds,
+    };
+  }
+
+  if (evaluationMode === 'AUTO') {
+    return {
+      ruleId: rule.id,
+      platform: rule.platform,
+      sourceSkill: rule.sourceSkill,
+      sourcePath: rule.sourcePath,
+      evaluationMode,
+      severity: rule.severity,
+      status: 'IMPLEMENTABLE_AHORA',
+      reason: 'AUTO rule without AST/nodal detector binding; implement detector mapping.',
+      astNodeIds,
+    };
+  }
+
+  if (isNonCodeRule(rule)) {
+    return {
+      ruleId: rule.id,
+      platform: rule.platform,
+      sourceSkill: rule.sourceSkill,
+      sourcePath: rule.sourcePath,
+      evaluationMode,
+      severity: rule.severity,
+      status: 'NO_ES_REGLA_DE_CODIGO',
+      reason: 'Process, documentation, validation workflow, or operating rule; keep outside code AST runtime.',
+      astNodeIds,
+    };
+  }
+
+  return {
+    ruleId: rule.id,
+    platform: rule.platform,
+    sourceSkill: rule.sourceSkill,
+    sourcePath: rule.sourcePath,
+    evaluationMode,
+    severity: rule.severity,
+    status: 'REQUIERE_ESTUDIO',
+    reason: 'Declarative skill rule without AST/nodal detector. Study exact code pattern, AST node, and closure criterion.',
+    astNodeIds,
+  };
+};
+
+export const classifySkillsRules = (
+  lock: SkillsLockV1
+): SkillsRuleClassificationSummary => {
+  const rules = lock.bundles
+    .flatMap((bundle) => bundle.rules)
+    .filter((rule) => rule.id.startsWith('skills.'))
+    .map(classifyRule)
+    .sort((left, right) => left.ruleId.localeCompare(right.ruleId));
+
+  const byStatus = emptyStatusCounts();
+  const byPlatform: Record<string, number> = {};
+
+  for (const rule of rules) {
+    byStatus[rule.status] += 1;
+    byPlatform[rule.platform] = (byPlatform[rule.platform] ?? 0) + 1;
+  }
+
+  return {
+    total: rules.length,
+    byStatus,
+    byPlatform: Object.fromEntries(
+      Object.entries(byPlatform).sort(([left], [right]) => left.localeCompare(right))
+    ),
+    rules,
+  };
+};

package/integrations/git/astIntelligenceDualValidation.ts

@@ -188,6 +188,7 @@ const toDualValidationFinding = (params: {
   return {
     ruleId: 'governance.ast-intelligence.dual-validation.shadow',
     severity: 'INFO',
+    blocking: false,
     code: 'AST_INTELLIGENCE_DUAL_VALIDATION_SHADOW',
     message:
       `AST Intelligence dual validation shadow at ${params.stage}: ` +

package/integrations/git/runPlatformGate.ts

@@ -39,6 +39,12 @@ import {
   filterFactsByPathPrefixes,
   resolveGateScopePathPrefixesFromEnv,
 } from './filterFactsByPathPrefixes';
+import {
+  readPreWriteLeaseStatus,
+  toPreWriteEnforcementGapFinding,
+} from '../lifecycle/preWriteLease';
+import { evaluateContextGate, type ContextGateResult } from '../context/contextGate';
+import { emitGateBlockedNotification } from '../notifications/emitAuditSummaryNotification';
 
 export type OperationalMemoryShadowRecommendation = {
   recommendedOutcome: 'ALLOW' | 'WARN' | 'BLOCK';
@@ -73,6 +79,8 @@ export type GateDependencies = {
     stage: 'PRE_COMMIT' | 'PRE_PUSH' | 'CI';
     branch: string | null;
   }) => GateWaiverResult;
+  evaluateContextGate: typeof evaluateContextGate;
+  notifyGateBlocked: typeof emitGateBlockedNotification;
 };
 
 const defaultServices: GateServices = {
@@ -105,20 +113,8 @@ const normalizeScopedRuleEngineFindings = (params: {
   findings: ReadonlyArray<Finding>;
   scope: GateScope;
 }): ReadonlyArray<Finding> => {
-  if (params.scope.kind !== 'staged' && params.scope.kind !== 'range') {
-    return params.findings;
-  }
-
-  return params.findings.filter((finding) => {
-    if (
-      !finding.filePath ||
-      hasActionableFindingLocation(finding) ||
-      (!finding.ruleId.startsWith('skills.') && !finding.ruleId.startsWith('heuristics.'))
-    ) {
-      return true;
-    }
-    return false;
-  });
+  void params.scope;
+  return params.findings;
 };
 
 const buildDefaultMemoryShadowRecommendation = (params: {
@@ -195,6 +191,8 @@ const defaultDependencies: GateDependencies = {
       stage,
       branch,
     }),
+  evaluateContextGate,
+  notifyGateBlocked: emitGateBlockedNotification,
 };
 
 const readSymbolicBranchRef = (git: IGitService, repoRoot: string): string | null => {
@@ -283,6 +281,34 @@ const toSkillsUnsupportedAutoRulesBlockingFinding = (params: {
   };
 };
 
+const toSkillsDeclarativeRulesClassificationFinding = (params: {
+  stage: 'PRE_COMMIT' | 'PRE_PUSH' | 'CI';
+  declarativeRuleIds: ReadonlyArray<string>;
+  facts: ReadonlyArray<Fact>;
+}): Finding | undefined => {
+  if (params.declarativeRuleIds.length === 0) {
+    return undefined;
+  }
+  if (collectObservedCodePathsFromFacts(params.facts).length === 0) {
+    return undefined;
+  }
+
+  const sampleRuleIds = [...params.declarativeRuleIds].sort().slice(0, 12).join(', ');
+
+  return {
+    ruleId: 'governance.skills.declarative-rules.classification-required',
+    severity: 'ERROR',
+    code: 'SKILLS_DECLARATIVE_RULES_CLASSIFICATION_REQUIRED',
+    message:
+      `Skills declarative rules require AST/nodal classification at ${params.stage}: ` +
+      `total=${params.declarativeRuleIds.length} sample_rule_ids=[${sampleRuleIds}]. ` +
+      'Classify every rule as IMPLEMENTABLE_AHORA, REQUIERE_ESTUDIO, or NO_ES_REGLA_DE_CODIGO; code skills cannot remain as hidden declarative/advisory rules.',
+    filePath: 'skills.lock.json',
+    matchedBy: 'SkillsDeclarativeRulesClassificationGuard',
+    source: 'skills-declarative-rules-classification',
+  };
+};
+
 const PLATFORM_SKILLS_RULE_PREFIXES: Record<
   'ios' | 'android' | 'backend' | 'frontend',
   string
@@ -801,9 +827,18 @@ const shouldBlockFromFinding = (finding: Finding | undefined): boolean => {
   if (!finding) {
     return false;
   }
-  return finding.severity === 'ERROR' || finding.severity === 'CRITICAL';
+  return finding.blocking !== false;
 };
 
+const resolvePrimaryBlockingFinding = (
+  findings: ReadonlyArray<Finding>
+): Finding | undefined => (
+  findings.find((finding) => shouldBlockFromFinding(finding) && finding.severity === 'CRITICAL') ??
+  findings.find((finding) => shouldBlockFromFinding(finding) && finding.severity === 'ERROR') ??
+  findings.find((finding) => shouldBlockFromFinding(finding)) ??
+  findings[0]
+);
+
 const applySkillsFindingEnforcement = (
   finding: Finding | undefined
 ): Finding | undefined => {
@@ -817,6 +852,7 @@ const applySkillsFindingEnforcement = (
   return {
     ...finding,
     severity: 'WARN',
+    blocking: false,
   };
 };
 
@@ -825,21 +861,9 @@ const toSoftPreCommitSkillsFinding = (params: {
   enabled: boolean;
   observedCodePaths: ReadonlyArray<string>;
 }): Finding | undefined => {
-  if (!params.finding) {
-    return undefined;
-  }
-  if (!params.enabled || !shouldBlockFromFinding(params.finding)) {
-    return params.finding;
-  }
-  return {
-    ...params.finding,
-    severity: 'WARN',
-    code: `${params.finding.code}_SOFT_PRECOMMIT`,
-    message:
-      `${params.finding.message} ` +
-      `Soft-enforced at PRE_COMMIT for low-risk scope (observed_code_paths=${params.observedCodePaths.length}). ` +
-      'Strict enforcement remains active at PRE_PUSH/CI.',
-  };
+  void params.enabled;
+  void params.observedCodePaths;
+  return params.finding;
 };
 
 export async function runPlatformGate(params: {
@@ -862,6 +886,11 @@ export async function runPlatformGate(params: {
   const repoRoot = git.resolveRepoRoot();
   const auditMode = params.auditMode ?? 'gate';
   const shouldShortCircuitSdd = params.sddShortCircuit ?? false;
+  const contextGate: ContextGateResult = dependencies.evaluateContextGate({
+    repoRoot,
+    stage: params.policy.stage,
+  });
+  const contextBlockingFinding = contextGate.finding;
   let sddDecision:
     | Pick<SddDecision, 'allowed' | 'code' | 'message'>
     | undefined;
@@ -939,6 +968,18 @@ export async function runPlatformGate(params: {
     : facts;
   const filesScanned = countScannedFilesFromFacts(factsForPlatformEvaluation);
   const observedCodePaths = collectObservedCodePathsFromFacts(facts);
+  const preWriteLeaseFinding =
+    params.policy.stage === 'PRE_COMMIT' ||
+    params.policy.stage === 'PRE_PUSH' ||
+    params.policy.stage === 'CI'
+      ? toPreWriteEnforcementGapFinding({
+          stage: params.policy.stage,
+          status: readPreWriteLeaseStatus({
+            repoRoot,
+            git,
+          }),
+        })
+      : undefined;
 
   const platformEvaluation = dependencies.evaluatePlatformGateFindings({
     facts: factsForPlatformEvaluation,
@@ -998,6 +1039,16 @@ export async function runPlatformGate(params: {
         unsupportedAutoRuleIds: skillsRuleSet.unsupportedAutoRuleIds ?? [],
       })
       : undefined;
+  const declarativeRulesClassificationFinding =
+    params.policy.stage === 'PRE_COMMIT' ||
+    params.policy.stage === 'PRE_PUSH' ||
+    params.policy.stage === 'CI'
+      ? toSkillsDeclarativeRulesClassificationFinding({
+          stage: params.policy.stage,
+          declarativeRuleIds: skillsRuleSet.registryCoverage?.declarativeRuleIds ?? [],
+          facts: factsForPlatformEvaluation,
+        })
+      : undefined;
   const effectiveUnsupportedSkillsMappingInput = applySkillsFindingEnforcement(
     unsupportedSkillsMappingFinding
   );
@@ -1184,12 +1235,12 @@ export async function runPlatformGate(params: {
     ? tddBddEvaluation.snapshot
     : undefined;
   const hasTddBddBlockingFinding = tddBddEvaluation.findings.some(
-    (finding) => finding.severity === 'ERROR' || finding.severity === 'CRITICAL'
+    (finding) => shouldBlockFromFinding(finding)
   );
   const hasNativeBlockingFinding = findings.some(
-    (finding) => finding.severity === 'ERROR' || finding.severity === 'CRITICAL'
+    (finding) => shouldBlockFromFinding(finding)
   );
-  const preCommitSoftSkillsEnabled = process.env.PUMUKI_PRE_COMMIT_SOFT_SKILLS !== '0';
+  const preCommitSoftSkillsEnabled = process.env.PUMUKI_PRE_COMMIT_SOFT_SKILLS === '1';
   const lowRiskPreCommitWindow = observedCodePaths.length > 0 && observedCodePaths.length <= 3;
   const shouldSoftEnforceSkillsFindings =
     params.policy.stage === 'PRE_COMMIT'
@@ -1199,6 +1250,7 @@ export async function runPlatformGate(params: {
     && !degradedModeBlocks
     && !shouldBlockFromFinding(policyAsCodeBlockingFinding)
     && !shouldBlockFromFinding(coverageBlockingFinding)
+    && !shouldBlockFromFinding(declarativeRulesClassificationFinding)
     && !shouldBlockFromFinding(activeRulesEmptyForCodeChangesFinding)
     && !shouldBlockFromFinding(effectiveIosTestsQualityFinding)
     && !shouldBlockFromFinding(astIntelligenceDualFinding)
@@ -1226,8 +1278,10 @@ export async function runPlatformGate(params: {
   });
   const effectiveFindings = sddBlockingFinding
     ? [
+      ...(contextBlockingFinding ? [contextBlockingFinding] : []),
       sddBlockingFinding,
       ...(degradedModeFinding ? [degradedModeFinding] : []),
+      ...(preWriteLeaseFinding ? [preWriteLeaseFinding] : []),
       ...(policyAsCodeBlockingFinding ? [policyAsCodeBlockingFinding] : []),
       ...(effectiveUnsupportedSkillsMappingFinding ? [effectiveUnsupportedSkillsMappingFinding] : []),
       ...(effectivePlatformSkillsCoverageFinding ? [effectivePlatformSkillsCoverageFinding] : []),
@@ -1237,6 +1291,7 @@ export async function runPlatformGate(params: {
       ...(effectiveIosTestsQualityFinding ? [effectiveIosTestsQualityFinding] : []),
       ...(astIntelligenceDualFinding ? [astIntelligenceDualFinding] : []),
       ...(coverageBlockingFinding ? [coverageBlockingFinding] : []),
+      ...(declarativeRulesClassificationFinding ? [declarativeRulesClassificationFinding] : []),
       ...brownfieldHotspotFindings,
       ...tddBddEvaluation.findings,
       ...findings,
@@ -1245,16 +1300,21 @@ export async function runPlatformGate(params: {
       || effectivePlatformSkillsCoverageFinding
       || effectiveCrossPlatformCriticalFinding
       || effectiveSkillsScopeComplianceFinding
+      || preWriteLeaseFinding
       || activeRulesEmptyForCodeChangesFinding
       || effectiveIosTestsQualityFinding
       || astIntelligenceDualFinding
       || coverageBlockingFinding
+      || declarativeRulesClassificationFinding
       || brownfieldHotspotFindings.length > 0
       || policyAsCodeBlockingFinding
+      || contextBlockingFinding
       || degradedModeFinding
       || tddBddEvaluation.findings.length > 0
       ? [
+        ...(contextBlockingFinding ? [contextBlockingFinding] : []),
         ...(degradedModeFinding ? [degradedModeFinding] : []),
+        ...(preWriteLeaseFinding ? [preWriteLeaseFinding] : []),
         ...(policyAsCodeBlockingFinding ? [policyAsCodeBlockingFinding] : []),
         ...(effectiveUnsupportedSkillsMappingFinding ? [effectiveUnsupportedSkillsMappingFinding] : []),
         ...(effectivePlatformSkillsCoverageFinding ? [effectivePlatformSkillsCoverageFinding] : []),
@@ -1264,6 +1324,7 @@ export async function runPlatformGate(params: {
         ...(effectiveIosTestsQualityFinding ? [effectiveIosTestsQualityFinding] : []),
         ...(astIntelligenceDualFinding ? [astIntelligenceDualFinding] : []),
         ...(coverageBlockingFinding ? [coverageBlockingFinding] : []),
+        ...(declarativeRulesClassificationFinding ? [declarativeRulesClassificationFinding] : []),
         ...brownfieldHotspotFindings,
         ...tddBddEvaluation.findings,
         ...findings,
@@ -1283,7 +1344,9 @@ export async function runPlatformGate(params: {
   );
   const baseGateOutcome =
     sddBlockingFinding ||
+    shouldBlockFromFinding(contextBlockingFinding) ||
     degradedModeBlocks ||
+    shouldBlockFromFinding(preWriteLeaseFinding) ||
     shouldBlockFromFinding(policyAsCodeBlockingFinding) ||
     shouldBlockFromFinding(effectiveUnsupportedSkillsMappingFinding) ||
     shouldBlockFromFinding(effectivePlatformSkillsCoverageFinding) ||
@@ -1293,6 +1356,7 @@ export async function runPlatformGate(params: {
     shouldBlockFromFinding(effectiveIosTestsQualityFinding) ||
     hasAstIntelligenceBlockingFinding ||
     shouldBlockFromFinding(coverageBlockingFinding) ||
+    shouldBlockFromFinding(declarativeRulesClassificationFinding) ||
     brownfieldHotspotFindings.some((finding) => shouldBlockFromFinding(finding)) ||
     hasTddBddBlockingFinding
       ? 'BLOCK'
@@ -1410,6 +1474,34 @@ export async function runPlatformGate(params: {
   });
 
   if (gateOutcome === 'BLOCK') {
+    const primaryBlockingFinding = resolvePrimaryBlockingFinding(findingsWithWaiver);
+    if (
+      primaryBlockingFinding &&
+      (
+        params.policy.stage === 'PRE_COMMIT' ||
+        params.policy.stage === 'PRE_PUSH' ||
+        params.policy.stage === 'CI'
+      )
+    ) {
+      const notificationResult = dependencies.notifyGateBlocked({
+        repoRoot,
+        stage: params.policy.stage,
+        totalViolations: findingsWithWaiver.length,
+        causeCode: primaryBlockingFinding.code ?? primaryBlockingFinding.ruleId,
+        causeMessage: primaryBlockingFinding.message,
+        remediation:
+          primaryBlockingFinding.expected_fix ??
+          'Corrige la causa bloqueante y reejecuta el gate.',
+      });
+      process.stderr.write(
+        `[pumuki][blocked] code=${primaryBlockingFinding.code ?? primaryBlockingFinding.ruleId} ` +
+        `stage=${params.policy.stage} reason=${primaryBlockingFinding.message}\n`
+      );
+      process.stderr.write(
+        `[pumuki][notification] delivered=${notificationResult.delivered ? 'yes' : 'no'} ` +
+        `reason=${notificationResult.reason}\n`
+      );
+    }
     if (params.silent !== true) {
     dependencies.printGateFindings(findingsWithWaiver);
     }

package/integrations/git/stageRunners.ts

@@ -818,7 +818,7 @@ export async function runPreCommitStage(
     repoRoot,
     stage: 'PRE_COMMIT',
     scope: {
-      kind: 'staged',
+      kind: 'workingTree',
     },
   });
   if (
@@ -898,9 +898,7 @@ export async function runPrePushStage(
         repoRoot,
         stage: 'PRE_PUSH',
         scope: {
-          kind: 'range',
-          fromRef: bootstrapBaseRef,
-          toRef: 'HEAD',
+          kind: 'repoAndStaged',
         },
       });
       if (
@@ -1006,9 +1004,7 @@ export async function runPrePushStage(
     repoRoot,
     stage: 'PRE_PUSH',
     scope: {
-      kind: 'range',
-      fromRef: prePushFromRef,
-      toRef: prePushToRef,
+      kind: 'repoAndStaged',
     },
     sddDecisionOverride: historicalPrePushSddOverride,
   });
@@ -1064,9 +1060,7 @@ export async function runCiStage(
     policy: resolved.policy,
     policyTrace: resolved.trace,
     scope: {
-      kind: 'range',
-      fromRef: ciBaseRef,
-      toRef: 'HEAD',
+      kind: 'repo',
     },
   });
   if (exitCode !== 0) {