npm - pumuki - Versions diffs - 6.3.56 → 6.3.57 - Mend

pumuki 6.3.56 → 6.3.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/VERSION +1 -1
package/core/facts/HeuristicFact.test.ts +28 -0
package/core/facts/HeuristicFact.ts +11 -0
package/core/facts/detectors/text/android.test.ts +207 -0
package/core/facts/detectors/text/android.ts +765 -0
package/core/facts/detectors/text/ios.test.ts +207 -0
package/core/facts/detectors/text/ios.ts +848 -0
package/core/facts/detectors/typescript/index.test.ts +447 -0
package/core/facts/detectors/typescript/index.ts +1214 -54
package/core/facts/extractHeuristicFacts.ts +285 -1
package/core/gate/Finding.test.ts +28 -0
package/core/gate/Finding.ts +12 -0
package/core/gate/evaluateRules.ts +22 -0
package/core/rules/presets/androidRuleSet.test.ts +52 -2
package/core/rules/presets/androidRuleSet.ts +130 -0
package/core/rules/presets/iosEnterpriseRuleSet.test.ts +276 -1
package/core/rules/presets/iosEnterpriseRuleSet.ts +156 -0
package/core/rules/presets/rulePackVersions.test.ts +2 -2
package/core/rules/presets/rulePackVersions.ts +2 -2
package/docs/codex-skills/{windsurf-rules-android.md → android-enterprise-rules.md} +1 -1
package/docs/codex-skills/{windsurf-rules-backend.md → backend-enterprise-rules.md} +1 -1
package/docs/codex-skills/{windsurf-rules-frontend.md → frontend-enterprise-rules.md} +1 -1
package/docs/codex-skills/{windsurf-rules-ios.md → ios-enterprise-rules.md} +1 -1
package/docs/operations/RELEASE_NOTES.md +19 -8
package/docs/rule-packs/engineering-baseline.md +1 -1
package/docs/rule-packs/ios.md +1 -1
package/integrations/config/skillsCustomRules.ts +5 -0
package/integrations/config/skillsRuleSet.ts +5 -1
package/integrations/evidence/buildEvidence.ts +55 -0
package/integrations/evidence/generateEvidence.test.ts +46 -0
package/integrations/evidence/schema.ts +18 -0
package/integrations/evidence/writeEvidence.ts +52 -0
package/integrations/gate/evaluateAiGate.ts +30 -3
package/integrations/git/findingTraceability.ts +15 -0
package/integrations/git/runPlatformGate.ts +56 -3
package/integrations/git/stageRunners.ts +4 -41
package/package.json +1 -1
package/scripts/package-manifest-lib.ts +4 -4
package/scripts/sync-codex-skills.sh +4 -4
package/skills.lock.json +758 -758
package/skills.sources.json +12 -12

package/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- v6.3.56
1	+ v6.3.57

package/core/facts/HeuristicFact.test.ts CHANGED Viewed

@@ -32,3 +32,31 @@ test('HeuristicFact permite omitir filePath', () => {
   assert.equal(factWithoutPath.filePath, undefined);
   assert.equal(factWithoutPath.severity, 'INFO');
 });
+test('HeuristicFact conserva metadata semantica opcional del canario iOS', () => {
+  const fact: HeuristicFact = {
+    kind: 'Heuristic',
+    ruleId: 'heuristics.ios.canary-001.presentation-mixed-responsibilities.ast',
+    severity: 'CRITICAL',
+    code: 'HEURISTICS_IOS_CANARY_001_PRESENTATION_MIXED_RESPONSIBILITIES_AST',
+    message: 'Semantic iOS canary triggered.',
+    filePath: 'apps/ios/Sources/AppShell/Application/AppShellViewModel.swift',
+    lines: [1, 2, 3, 4],
+    primary_node: {
+      kind: 'class',
+      name: 'AppShellViewModel',
+      lines: [1],
+    },
+    related_nodes: [
+      { kind: 'property', name: 'shared singleton', lines: [2] },
+      { kind: 'call', name: 'URLSession.shared', lines: [3] },
+    ],
+    why: 'Mezcla responsabilidades incompatibles.',
+    impact: 'Complica tests y cambios.',
+    expected_fix: 'Extraer collaborators.',
+  };
+  assert.equal(fact.primary_node?.name, 'AppShellViewModel');
+  assert.equal(fact.related_nodes?.length, 2);
+  assert.equal(fact.expected_fix, 'Extraer collaborators.');
+});

package/core/facts/HeuristicFact.ts CHANGED Viewed

@@ -1,5 +1,11 @@
 import type { Severity } from '../rules/Severity';
+export type HeuristicNode = {
+  kind: 'class' | 'property' | 'call' | 'member';
+  name: string;
+  lines?: readonly number[];
+};
 export interface HeuristicFact {
   kind: 'Heuristic';
   ruleId: string;
@@ -8,4 +14,9 @@ export interface HeuristicFact {
   message: string;
   filePath?: string;
   lines?: readonly number[];
+  primary_node?: HeuristicNode;
+  related_nodes?: readonly HeuristicNode[];
+  why?: string;
+  impact?: string;
+  expected_fix?: string;
 }

package/core/facts/detectors/text/android.test.ts CHANGED Viewed

@@ -1,6 +1,11 @@
 import assert from 'node:assert/strict';
 import test from 'node:test';
 import {
+  findKotlinConcreteDependencyDipMatch,
+  findKotlinInterfaceSegregationMatch,
+  findKotlinLiskovSubstitutionMatch,
+  findKotlinOpenClosedWhenMatch,
+  findKotlinPresentationSrpMatch,
   hasKotlinGlobalScopeUsage,
   hasKotlinRunBlockingUsage,
   hasKotlinThreadSleepCall,
@@ -85,3 +90,205 @@ fun main() {
   assert.equal(hasKotlinRunBlockingUsage(commentedSource), false);
   assert.equal(hasKotlinRunBlockingUsage(partialSource), false);
 });
+test('findKotlinPresentationSrpMatch devuelve payload semantico para SRP-Android en presentation', () => {
+  const source = `
+import android.content.SharedPreferences
+import androidx.lifecycle.ViewModel
+import androidx.navigation.NavController
+import okhttp3.OkHttpClient
+import okhttp3.Request
+class PumukiSrpAndroidCanaryViewModel(
+  private val navController: NavController,
+) : ViewModel() {
+  fun restoreSessionSnapshot() {}
+  suspend fun fetchRemoteCatalog() {
+    val client = OkHttpClient()
+    client.newCall(
+      Request.Builder()
+        .url("https://example.com/catalog.json")
+        .build()
+    )
+  }
+  fun cacheLastStore(preferences: SharedPreferences, storeId: String) {
+    preferences.edit().putString("last-store-id", storeId).apply()
+  }
+  fun openStoreMap() {
+    navController.navigate("store-map")
+  }
+}
+`;
+  const match = findKotlinPresentationSrpMatch(source);
+  assert.ok(match);
+  assert.deepEqual(match.primary_node, {
+    kind: 'class',
+    name: 'PumukiSrpAndroidCanaryViewModel',
+    lines: [8],
+  });
+  assert.deepEqual(match.related_nodes, [
+    { kind: 'member', name: 'session/auth flow', lines: [11] },
+    { kind: 'call', name: 'remote networking', lines: [14] },
+    { kind: 'call', name: 'local persistence', lines: [22] },
+    { kind: 'member', name: 'navigation flow', lines: [27] },
+  ]);
+  assert.match(match.why, /SRP/i);
+  assert.match(match.impact, /múltiples razones de cambio/i);
+  assert.match(match.expected_fix, /casos de uso|coordinadores/i);
+});
+test('findKotlinConcreteDependencyDipMatch devuelve payload semantico para DIP-Android en application', () => {
+  const source = `
+import android.content.SharedPreferences
+import okhttp3.OkHttpClient
+import okhttp3.Request
+class PumukiDipAndroidCanaryUseCase(
+  private val preferences: SharedPreferences,
+) {
+  private val client: OkHttpClient = OkHttpClient()
+  suspend fun execute() {
+    val request = Request.Builder()
+      .url("https://example.com/catalog.json")
+      .build()
+    client.newCall(request)
+    preferences.edit().putLong("last-sync", 1L).apply()
+  }
+}
+`;
+  const match = findKotlinConcreteDependencyDipMatch(source);
+  assert.ok(match);
+  assert.deepEqual(match.primary_node, {
+    kind: 'class',
+    name: 'PumukiDipAndroidCanaryUseCase',
+    lines: [6],
+  });
+  assert.deepEqual(match.related_nodes, [
+    { kind: 'property', name: 'concrete dependency: SharedPreferences', lines: [7] },
+    { kind: 'property', name: 'concrete dependency: OkHttpClient', lines: [9] },
+    { kind: 'call', name: 'OkHttpClient()', lines: [9] },
+  ]);
+  assert.match(match.why, /DIP/i);
+  assert.match(match.impact, /infraestructura|alto nivel|coste de sustituir/i);
+  assert.match(match.expected_fix, /puertos|abstracciones|gateways/i);
+});
+test('findKotlinOpenClosedWhenMatch devuelve payload semantico para OCP-Android en application', () => {
+  const source = `
+enum class PumukiOcpAndroidCanaryChannel {
+  GroceryPickup,
+  HomeDelivery,
+}
+class PumukiOcpAndroidCanaryUseCase {
+  fun resolve(channel: PumukiOcpAndroidCanaryChannel): String {
+    return when (channel) {
+      PumukiOcpAndroidCanaryChannel.GroceryPickup -> "pickup"
+      PumukiOcpAndroidCanaryChannel.HomeDelivery -> "delivery"
+    }
+  }
+}
+`;
+  const match = findKotlinOpenClosedWhenMatch(source);
+  assert.ok(match);
+  assert.deepEqual(match.primary_node, {
+    kind: 'class',
+    name: 'PumukiOcpAndroidCanaryUseCase',
+    lines: [7],
+  });
+  assert.deepEqual(match.related_nodes, [
+    { kind: 'member', name: 'discriminator switch: channel', lines: [9] },
+    { kind: 'member', name: 'branch GroceryPickup', lines: [10] },
+    { kind: 'member', name: 'branch HomeDelivery', lines: [11] },
+  ]);
+  assert.match(match.why, /OCP/i);
+  assert.match(match.impact, /nuevo caso|modificar/i);
+  assert.match(match.expected_fix, /estrategia|interfaz|registry/i);
+});
+test('findKotlinInterfaceSegregationMatch devuelve payload semantico para ISP-Android en application', () => {
+  const source = `
+interface PumukiIspAndroidCanarySessionPort {
+  suspend fun restoreSession()
+  suspend fun persistSessionID(id: String)
+  suspend fun clearSession()
+  suspend fun refreshToken(): String
+}
+class PumukiIspAndroidCanaryUseCase(
+  private val sessionPort: PumukiIspAndroidCanarySessionPort,
+) {
+  suspend fun execute() {
+    sessionPort.restoreSession()
+  }
+}
+`;
+  const match = findKotlinInterfaceSegregationMatch(source);
+  assert.ok(match);
+  assert.deepEqual(match.primary_node, {
+    kind: 'class',
+    name: 'PumukiIspAndroidCanaryUseCase',
+    lines: [9],
+  });
+  assert.deepEqual(match.related_nodes, [
+    { kind: 'member', name: 'fat interface: PumukiIspAndroidCanarySessionPort', lines: [2] },
+    { kind: 'call', name: 'used member: restoreSession', lines: [13] },
+    { kind: 'member', name: 'unused contract member: persistSessionID', lines: [4] },
+    { kind: 'member', name: 'unused contract member: clearSession', lines: [5] },
+  ]);
+  assert.match(match.why, /ISP/i);
+  assert.match(match.impact, /contrato demasiado ancho|cambios ajenos/i);
+  assert.match(match.expected_fix, /interfaces pequeñas|puerto mínimo/i);
+});
+test('findKotlinLiskovSubstitutionMatch devuelve payload semantico para LSP-Android en application', () => {
+  const source = `
+interface PumukiLspAndroidCanaryDiscountPolicy {
+  fun apply(amount: Double): Double
+}
+class PumukiLspAndroidCanaryStandardDiscountPolicy : PumukiLspAndroidCanaryDiscountPolicy {
+  override fun apply(amount: Double): Double {
+    return amount * 0.9
+  }
+}
+class PumukiLspAndroidCanaryPremiumDiscountPolicy : PumukiLspAndroidCanaryDiscountPolicy {
+  override fun apply(amount: Double): Double {
+    require(amount >= 100.0)
+    error("premium-only")
+  }
+}
+`;
+  const match = findKotlinLiskovSubstitutionMatch(source);
+  assert.ok(match);
+  assert.deepEqual(match.primary_node, {
+    kind: 'class',
+    name: 'PumukiLspAndroidCanaryPremiumDiscountPolicy',
+    lines: [12],
+  });
+  assert.deepEqual(match.related_nodes, [
+    { kind: 'member', name: 'base contract: PumukiLspAndroidCanaryDiscountPolicy', lines: [2] },
+    { kind: 'member', name: 'safe substitute: PumukiLspAndroidCanaryStandardDiscountPolicy', lines: [6] },
+    { kind: 'member', name: 'narrowed precondition: apply', lines: [14] },
+    { kind: 'call', name: 'error', lines: [15] },
+  ]);
+  assert.match(match.why, /LSP/i);
+  assert.match(match.impact, /sustituci|regresion|crash/i);
+  assert.match(match.expected_fix, /contrato base|estrategia|subtipo/i);
+});