pumuki 6.3.72 → 6.3.75

package/integrations/mcp/aiGateCheck.ts

@@ -2,9 +2,17 @@ import { evaluateAiGate, type AiGateStage } from '../gate/evaluateAiGate';
 import { resolveRemediationHintForViolationCode } from '../gate/remediationCatalog';
 import { resolveLearningContextExperimentalFeature } from '../policy/experimentalFeatures';
 import { readSddLearningContext, type SddLearningContext } from '../sdd/learningInsights';
+import { runMcpAlignedPlatformGate } from './alignedPlatformGate';
 
 const PROTECTED_BRANCHES = new Set(['main', 'master', 'develop', 'dev']);
 
+type PlatformGateAlignment = {
+  mode: 'full' | 'policy';
+  exit_code: number;
+  aligned: boolean;
+  skip_reason: string | null;
+};
+
 export type EnterpriseAiGateCheckResult = {
   tool: 'ai_gate_check';
   dryRun: true;
@@ -31,6 +39,7 @@ export type EnterpriseAiGateCheckResult = {
       reason_code: 'HOOK_RUNNER_CAN_REFRESH_EVIDENCE' | null;
       message: string;
     };
+    platform_gate_alignment?: PlatformGateAlignment;
   };
 };
 
@@ -41,23 +50,18 @@ const isHookRefreshableEvidenceCode = (code: string): boolean =>
 
 type AiGateCheckDependencies = {
   evaluateAiGate: typeof evaluateAiGate;
+  runMcpAlignedPlatformGate: typeof runMcpAlignedPlatformGate;
 };
 
 const defaultDependencies: AiGateCheckDependencies = {
   evaluateAiGate,
+  runMcpAlignedPlatformGate,
 };
 
 const buildConsistencyHint = (
-  evaluation: ReturnType<typeof evaluateAiGate>
+  evaluation: ReturnType<typeof evaluateAiGate>,
+  platform?: { exitCode: number; aligned: boolean; skipReason: string | null }
 ): EnterpriseAiGateCheckResult['result']['consistency_hint'] => {
-  if (!HOOK_STAGE_SET.has(evaluation.stage)) {
-    return {
-      comparable_with_hook_runner: true,
-      reason_code: null,
-      message: 'Stage is directly comparable with ai_gate_check semantics.',
-    };
-  }
-
   const hasRefreshableEvidenceViolation = evaluation.violations.some((violation) =>
     isHookRefreshableEvidenceCode(violation.code)
   );
@@ -72,6 +76,24 @@ const buildConsistencyHint = (
     };
   }
 
+  if (platform?.aligned) {
+    return {
+      comparable_with_hook_runner: true,
+      reason_code: null,
+      message:
+        `ai_gate_check ejecutó runPlatformGate después de leer la evidencia actual (exit_code=${platform.exitCode}); ` +
+        'alineación hook-like habilitada explícitamente para este stage.',
+    };
+  }
+
+  if (!HOOK_STAGE_SET.has(evaluation.stage)) {
+    return {
+      comparable_with_hook_runner: true,
+      reason_code: null,
+      message: 'Stage is directly comparable with ai_gate_check semantics.',
+    };
+  }
+
   return {
     comparable_with_hook_runner: true,
     reason_code: null,
@@ -118,7 +140,14 @@ const buildAutoFixes = (
   return fixes;
 };
 
-const buildMessage = (evaluation: ReturnType<typeof evaluateAiGate>): string => {
+const buildMessage = (
+  evaluation: ReturnType<typeof evaluateAiGate>,
+  platform?: { exitCode: number; skipReason: string | null }
+): string => {
+  if (platform && platform.exitCode !== 0) {
+    const suffix = platform.skipReason ? ` (${platform.skipReason})` : '';
+    return `🔴 runPlatformGate exit_code=${platform.exitCode}${suffix}.`;
+  }
   if (evaluation.allowed) {
     return `✅ Gate ${evaluation.stage} ALLOWED.`;
   }
@@ -129,6 +158,26 @@ const buildMessage = (evaluation: ReturnType<typeof evaluateAiGate>): string =>
   return `🔴 ${firstViolation.code}: ${firstViolation.message}`;
 };
 
+const resolveAiGateCheckMode = (): PlatformGateAlignment['mode'] => {
+  const raw = process.env.PUMUKI_MCP_AI_GATE_CHECK_MODE?.trim().toLowerCase();
+  return raw === 'full' || raw === 'aligned' ? 'full' : 'policy';
+};
+
+const toPlatformGateAlignment = (
+  mode: PlatformGateAlignment['mode'],
+  platform?: { exitCode: number; aligned: boolean; skipReason: string | null }
+): PlatformGateAlignment | undefined => {
+  if (mode !== 'full' || !platform) {
+    return undefined;
+  }
+  return {
+    mode,
+    exit_code: platform.exitCode,
+    aligned: platform.aligned,
+    skip_reason: platform.skipReason,
+  };
+};
+
 export const runEnterpriseAiGateCheck = (params: {
   repoRoot: string;
   stage: AiGateStage;
@@ -180,3 +229,84 @@ export const runEnterpriseAiGateCheck = (params: {
     },
   };
 };
+
+export const runEnterpriseAiGateCheckAsync = async (params: {
+  repoRoot: string;
+  stage: AiGateStage;
+  requireMcpReceipt?: boolean;
+}, dependencies: Partial<AiGateCheckDependencies> = {}): Promise<EnterpriseAiGateCheckResult> => {
+  const mode = resolveAiGateCheckMode();
+  const activeDependencies: AiGateCheckDependencies = {
+    ...defaultDependencies,
+    ...dependencies,
+  };
+  const evaluation = activeDependencies.evaluateAiGate({
+    repoRoot: params.repoRoot,
+    stage: params.stage,
+    requireMcpReceipt: params.requireMcpReceipt ?? false,
+  });
+
+  let platform:
+    | { exitCode: number; aligned: boolean; skipReason: string | null }
+    | undefined;
+  if (mode === 'full') {
+    platform = await activeDependencies.runMcpAlignedPlatformGate({
+      repoRoot: params.repoRoot,
+      stage: params.stage,
+    });
+  }
+
+  const platformBlocks = Boolean(platform && platform.exitCode !== 0);
+  const allowed = evaluation.allowed && !platformBlocks;
+  const status: 'ALLOWED' | 'BLOCKED' = allowed ? 'ALLOWED' : 'BLOCKED';
+  const violations = platformBlocks && platform
+    ? [
+      ...evaluation.violations,
+      {
+        code: 'PLATFORM_GATE_EXIT_NON_ZERO',
+        message:
+          `runPlatformGate devolvió exit_code=${platform.exitCode}` +
+          (platform.skipReason ? ` (${platform.skipReason})` : ''),
+        severity: 'ERROR' as const,
+      },
+    ]
+    : evaluation.violations;
+  const branch = evaluation.repo_state.git.branch;
+  const timestamp = evaluation.evidence.source.generated_at;
+  const learningContextFeature = resolveLearningContextExperimentalFeature();
+  const learningContext = learningContextFeature.mode === 'off'
+    ? null
+    : readSddLearningContext({
+      repoRoot: params.repoRoot,
+    });
+  const evaluationForHints = { ...evaluation, allowed, status, violations };
+  const warnings = buildWarnings(evaluationForHints);
+  const autoFixes = buildAutoFixes(evaluationForHints, learningContext);
+  const message = buildMessage(evaluationForHints, platform);
+
+  return {
+    tool: 'ai_gate_check',
+    dryRun: true,
+    executed: true,
+    success: allowed,
+    result: {
+      allowed,
+      status,
+      timestamp,
+      branch,
+      message,
+      stage: evaluation.stage,
+      policy: evaluation.policy,
+      violations,
+      warnings,
+      auto_fixes: autoFixes,
+      learning_context: learningContext,
+      evidence: evaluation.evidence,
+      mcp_receipt: evaluation.mcp_receipt,
+      skills_contract: evaluation.skills_contract,
+      repo_state: evaluation.repo_state,
+      consistency_hint: buildConsistencyHint(evaluationForHints, platform),
+      platform_gate_alignment: toPlatformGateAlignment(mode, platform),
+    },
+  };
+};

package/integrations/mcp/alignedPlatformGate.ts

@@ -0,0 +1,232 @@
+import type { AiGateStage } from '../gate/evaluateAiGate';
+import { resolvePolicyForStage } from '../gate/stagePolicies';
+import type { SddDecision } from '../sdd';
+import { GitService } from '../git/GitService';
+import { runPlatformGate } from '../git/runPlatformGate';
+import type { GateScope } from '../git/runPlatformGateFacts';
+import { readMcpPrePushStdin } from './readMcpPrePushStdin';
+
+const ZERO_HASH = /^0+$/;
+
+const runGit = (repoRoot: string, args: ReadonlyArray<string>): string | null => {
+  try {
+    return new GitService().runGit(args, repoRoot).trim();
+  } catch {
+    return null;
+  }
+};
+
+const resolveUpstreamRefInRepo = (repoRoot: string): string | null =>
+  runGit(repoRoot, ['rev-parse', '@{u}']);
+
+const resolveHeadOidInRepo = (repoRoot: string): string | null =>
+  runGit(repoRoot, ['rev-parse', 'HEAD']);
+
+const resolveCiBaseRefInRepo = (repoRoot: string): string => {
+  const fromEnv = process.env.GITHUB_BASE_REF?.trim();
+  if (fromEnv) {
+    if (runGit(repoRoot, ['rev-parse', '--verify', fromEnv])) {
+      return fromEnv;
+    }
+    const remoteRef = `origin/${fromEnv}`;
+    if (runGit(repoRoot, ['rev-parse', '--verify', remoteRef])) {
+      return remoteRef;
+    }
+  }
+
+  for (const candidate of ['origin/main', 'main', 'HEAD']) {
+    if (runGit(repoRoot, ['rev-parse', '--verify', candidate])) {
+      return candidate;
+    }
+  }
+
+  return 'HEAD';
+};
+
+const resolvePrePushBootstrapBaseRefInRepo = (repoRoot: string): string => {
+  const candidates = ['origin/develop', 'develop', resolveCiBaseRefInRepo(repoRoot)];
+  for (const candidate of candidates) {
+    if (runGit(repoRoot, ['rev-parse', '--verify', candidate])) {
+      return candidate;
+    }
+  }
+
+  return 'HEAD';
+};
+
+const shouldAllowBootstrapPrePush = (rawInput: string): boolean => {
+  const lines = rawInput
+    .split('\n')
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0);
+
+  for (const line of lines) {
+    const [localRef, localOid, remoteRef, remoteOid] = line.split(/\s+/);
+    if (!localRef || !localOid || !remoteRef || !remoteOid) {
+      continue;
+    }
+    const localIsBranch = localRef.startsWith('refs/heads/');
+    const remoteIsBranch = remoteRef.startsWith('refs/heads/');
+    const localIsDeletion = ZERO_HASH.test(localOid);
+    const remoteIsNewBranch = ZERO_HASH.test(remoteOid);
+
+    if (localIsBranch && remoteIsBranch && !localIsDeletion && remoteIsNewBranch) {
+      return true;
+    }
+  }
+
+  return false;
+};
+
+const resolveExplicitPrePushRange = (
+  rawInput: string
+): { fromRef: string; toRef: string } | undefined => {
+  const lines = rawInput
+    .split('\n')
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0);
+
+  const eligibleRanges = lines
+    .map((line) => {
+      const [localRef, localOid, remoteRef, remoteOid] = line.split(/\s+/);
+      if (!localRef || !localOid || !remoteRef || !remoteOid) {
+        return undefined;
+      }
+      const localIsDeletion = ZERO_HASH.test(localOid);
+      const remoteIsNewBranch = ZERO_HASH.test(remoteOid);
+      if (localIsDeletion || remoteIsNewBranch) {
+        return undefined;
+      }
+      return {
+        fromRef: remoteOid,
+        toRef: localOid,
+      };
+    })
+    .filter((value): value is { fromRef: string; toRef: string } => Boolean(value));
+
+  if (eligibleRanges.length !== 1) {
+    return undefined;
+  }
+
+  return eligibleRanges[0];
+};
+
+type PrePushScopeResolution =
+  | { kind: 'scope'; scope: GateScope; sddDecisionOverride?: Pick<SddDecision, 'allowed' | 'code' | 'message'> }
+  | { kind: 'upstream_missing' };
+
+const resolvePrePushScopeForMcp = (params: { repoRoot: string }): PrePushScopeResolution => {
+  const prePushInput = readMcpPrePushStdin();
+  const upstreamRef = resolveUpstreamRefInRepo(params.repoRoot);
+  if (!upstreamRef) {
+    const bootstrapBaseRef = resolvePrePushBootstrapBaseRefInRepo(params.repoRoot);
+    const bootstrapByPrePushStdIn = shouldAllowBootstrapPrePush(prePushInput);
+    const bootstrapByFallbackBase = !bootstrapByPrePushStdIn && bootstrapBaseRef !== 'HEAD';
+    const manualInvocationFallback =
+      !bootstrapByPrePushStdIn &&
+      !bootstrapByFallbackBase &&
+      prePushInput.trim().length === 0;
+    if (bootstrapByPrePushStdIn || bootstrapByFallbackBase) {
+      return {
+        kind: 'scope',
+        scope: {
+          kind: 'range',
+          fromRef: bootstrapBaseRef,
+          toRef: 'HEAD',
+        },
+      };
+    }
+    if (manualInvocationFallback) {
+      return { kind: 'scope', scope: { kind: 'workingTree' } };
+    }
+    return { kind: 'upstream_missing' };
+  }
+  const explicitPrePushRange = resolveExplicitPrePushRange(prePushInput);
+  const prePushFromRef = explicitPrePushRange?.fromRef ?? upstreamRef;
+  const prePushToRef = explicitPrePushRange?.toRef ?? 'HEAD';
+  const headOid = resolveHeadOidInRepo(params.repoRoot);
+  const sddDecisionOverride =
+    explicitPrePushRange && headOid && explicitPrePushRange.toRef !== headOid
+      ? ({
+        allowed: true,
+        code: 'ALLOWED',
+        message:
+          `SDD enforcement suspended for PRE_PUSH historical publish targeting ${explicitPrePushRange.toRef.slice(0, 12)} ` +
+          `instead of current HEAD ${headOid.slice(0, 12)}.`,
+      } as Pick<SddDecision, 'allowed' | 'code' | 'message'>)
+      : undefined;
+  return {
+    kind: 'scope',
+    scope: {
+      kind: 'range',
+      fromRef: prePushFromRef,
+      toRef: prePushToRef,
+    },
+    sddDecisionOverride,
+  };
+};
+
+type RunAlignedParams = {
+  repoRoot: string;
+  stage: AiGateStage;
+};
+
+export const runMcpAlignedPlatformGate = async (
+  params: RunAlignedParams
+): Promise<{ exitCode: number; aligned: boolean; skipReason: string | null }> => {
+  const git = new GitService();
+  const resolved = resolvePolicyForStage(params.stage, params.repoRoot);
+  if (params.stage === 'PRE_WRITE') {
+    const exitCode = await runPlatformGate({
+      policy: resolved.policy,
+      policyTrace: resolved.trace,
+      scope: { kind: 'workingTree' },
+      silent: true,
+      services: { git },
+    });
+    return { exitCode, aligned: true, skipReason: null };
+  }
+  if (params.stage === 'PRE_COMMIT') {
+    const exitCode = await runPlatformGate({
+      policy: resolved.policy,
+      policyTrace: resolved.trace,
+      scope: { kind: 'staged' },
+      silent: true,
+      services: { git },
+    });
+    return { exitCode, aligned: true, skipReason: null };
+  }
+  if (params.stage === 'CI') {
+    const ciBaseRef = resolveCiBaseRefInRepo(params.repoRoot);
+    const exitCode = await runPlatformGate({
+      policy: resolved.policy,
+      policyTrace: resolved.trace,
+      scope: {
+        kind: 'range',
+        fromRef: ciBaseRef,
+        toRef: 'HEAD',
+      },
+      silent: true,
+      services: { git },
+    });
+    return { exitCode, aligned: true, skipReason: null };
+  }
+  if (params.stage === 'PRE_PUSH') {
+    const scopeResolution = resolvePrePushScopeForMcp({ repoRoot: params.repoRoot });
+    if (scopeResolution.kind === 'upstream_missing') {
+      return { exitCode: 1, aligned: false, skipReason: 'PRE_PUSH_UPSTREAM_MISSING' };
+    }
+    const exitCode = await runPlatformGate({
+      policy: resolved.policy,
+      policyTrace: resolved.trace,
+      scope: scopeResolution.scope,
+      silent: true,
+      services: { git },
+      ...(scopeResolution.sddDecisionOverride
+        ? { sddDecisionOverride: scopeResolution.sddDecisionOverride }
+        : {}),
+    });
+    return { exitCode, aligned: true, skipReason: null };
+  }
+  throw new Error(`Unsupported MCP aligned stage: ${String(params.stage)}`);
+};

package/integrations/mcp/autoExecuteAiStart.ts

@@ -1,3 +1,7 @@
+import {
+  buildGovernanceValidateCommand,
+  resolveGovernanceCatalogAction,
+} from '../gate/governanceActionCatalog';
 import { evaluateAiGate, type AiGateStage, type AiGateViolation } from '../gate/evaluateAiGate';
 import { collectWorktreeAtomicSlices } from '../git/worktreeAtomicSlices';
 import { resolveLearningContextExperimentalFeature } from '../policy/experimentalFeatures';
@@ -50,96 +54,98 @@ const confidenceFromViolation = (violationCode: string | null): number => {
   if (isEvidenceCode(violationCode)) {
     return 65;
   }
-  if (violationCode === 'GITFLOW_PROTECTED_BRANCH') {
+  if (
+    violationCode === 'GITFLOW_PROTECTED_BRANCH'
+    || violationCode === 'GITFLOW_BRANCH_NAMING_INVALID'
+  ) {
     return 40;
   }
   return 50;
 };
 
-const nextActionFromViolation = (
-  violation: AiGateViolation | undefined,
-  repoRoot: string
-): AutoExecuteNextAction => {
-  if (!violation) {
-    return {
-      kind: 'info',
-      message: 'Gate listo. Puedes continuar con implementación.',
-    };
-  }
-  switch (violation.code) {
-    case 'EVIDENCE_MISSING':
+const normalizeGovernanceCatalogCode = (code: string): string => {
+  switch (code) {
     case 'EVIDENCE_INVALID':
     case 'EVIDENCE_CHAIN_INVALID':
-    case 'EVIDENCE_STALE':
-      return {
-        kind: 'run_command',
-        message: 'Regenera o refresca evidencia y vuelve a evaluar PRE_WRITE.',
-        command: 'npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json',
-      };
-    case 'EVIDENCE_ACTIVE_RULE_IDS_EMPTY_FOR_CODE_CHANGES':
-      return {
-        kind: 'run_command',
-        message:
-          'No hay active_rule_ids para plataforma de código detectada. Reconciliación strict de policy/skills y revalidación PRE_WRITE.',
-        command:
-          'npx --yes --package pumuki@latest pumuki policy reconcile --strict --json && npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json',
-      };
-    case 'EVIDENCE_PLATFORM_SKILLS_SCOPE_INCOMPLETE':
-    case 'EVIDENCE_PLATFORM_SKILLS_BUNDLES_MISSING':
-    case 'EVIDENCE_SKILLS_CONTRACT_INCOMPLETE':
-      return {
-        kind: 'run_command',
-        message:
-          'Completa cobertura de skills por plataforma (prefijos + bundles) y revalida PRE_WRITE.',
-        command: 'npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json',
-      };
-    case 'EVIDENCE_PLATFORM_CRITICAL_SKILLS_RULES_MISSING':
-    case 'EVIDENCE_CROSS_PLATFORM_CRITICAL_ENFORCEMENT_INCOMPLETE':
-      return {
-        kind: 'run_command',
-        message:
-          'Reconcilia policy/skills en modo estricto (incluida skills.ios.critical-test-quality cuando aplique) y revalida PRE_WRITE.',
-        command:
-          'npx --yes --package pumuki@latest pumuki policy reconcile --strict --json && npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json',
-      };
-    case 'EVIDENCE_PREWRITE_WORKTREE_OVER_LIMIT':
-    case 'EVIDENCE_PREWRITE_WORKTREE_WARN':
-      {
-        const plan = collectWorktreeAtomicSlices({
-          repoRoot,
-          maxSlices: 3,
-          maxFilesPerSlice: 4,
-        });
-        if (plan.slices.length > 0) {
-          const firstSlice = plan.slices[0];
-          return {
-            kind: 'run_command',
-            message:
-              `Particiona el worktree en slices atómicos por scope. Primer lote sugerido: ${firstSlice?.scope ?? 'scope-desconocido'}.`,
-            command:
-              `${firstSlice?.staged_command ?? 'git add -p'} && npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json`,
-          };
-        }
-      }
-      return {
-        kind: 'run_command',
-        message:
-          'Particiona el worktree en slices atómicos y revalida PRE_WRITE para continuar sin fricción.',
-        command:
-          'git status --short && git add -p && npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json',
-      };
+      return 'EVIDENCE_INVALID_OR_CHAIN';
     case 'GITFLOW_PROTECTED_BRANCH':
-      return {
-        kind: 'run_command',
-        message: 'Cambia a una rama feature/* antes de continuar.',
-        command: 'git checkout -b feature/<descripcion-kebab-case>',
-      };
+      return 'GITFLOW_PROTECTED_BRANCH_CONTEXT';
+    case 'GITFLOW_BRANCH_NAMING_INVALID':
+      return 'GITFLOW_BRANCH_NAMING_INVALID_CONTEXT';
     default:
+      return code;
+  }
+};
+
+const resolveAutoExecuteRemediation = (params: {
+  violation: AiGateViolation | undefined;
+  repoRoot: string;
+  stage: AiGateStage;
+  allowed: boolean;
+}): {
+  instruction: string;
+  nextAction: AutoExecuteNextAction;
+} => {
+  if (!params.violation) {
+    const readyAction = resolveGovernanceCatalogAction({
+      code: 'READY',
+      stage: params.stage,
+    });
+    return {
+      instruction: readyAction.instruction,
+      nextAction: readyAction.next_action,
+    };
+  }
+
+  if (
+    params.violation.code === 'EVIDENCE_PREWRITE_WORKTREE_OVER_LIMIT'
+    || params.violation.code === 'EVIDENCE_PREWRITE_WORKTREE_WARN'
+  ) {
+    const validateCommand = buildGovernanceValidateCommand(params.stage);
+    const plan = collectWorktreeAtomicSlices({
+      repoRoot: params.repoRoot,
+      maxSlices: 3,
+      maxFilesPerSlice: 4,
+    });
+    if (plan.slices.length > 0) {
+      const firstSlice = plan.slices[0];
       return {
-        kind: 'info',
-        message: 'Corrige la violación bloqueante y vuelve a ejecutar auto_execute_ai_start.',
+        instruction: 'Particiona el worktree en slices atómicos antes de continuar.',
+        nextAction: {
+          kind: params.allowed ? 'info' : 'run_command',
+          message:
+            `Particiona el worktree en slices atómicos por scope. Primer lote sugerido: ${firstSlice?.scope ?? 'scope-desconocido'}.`,
+          command: params.allowed
+            ? undefined
+            : `${firstSlice?.staged_command ?? 'git add -p'} && ${validateCommand}`,
+        },
       };
+    }
+    return {
+      instruction: 'Particiona el worktree en slices atómicos antes de continuar.',
+      nextAction: {
+        kind: params.allowed ? 'info' : 'run_command',
+        message: 'Particiona el worktree en slices atómicos y revalida PRE_WRITE para continuar sin fricción.',
+        command: params.allowed
+          ? undefined
+          : `git status --short && git add -p && ${validateCommand}`,
+      },
+    };
   }
+
+  const governanceAction = resolveGovernanceCatalogAction({
+    code: normalizeGovernanceCatalogCode(params.violation.code),
+    stage: params.stage,
+  });
+  return {
+    instruction: governanceAction.instruction,
+    nextAction: params.allowed
+      ? {
+        kind: 'info',
+        message: governanceAction.next_action.message,
+      }
+      : governanceAction.next_action,
+  };
 };
 
 export type EnterpriseAutoExecuteAiStartResult = {
@@ -190,19 +196,20 @@ export const runEnterpriseAutoExecuteAiStart = (params: {
   const action: AutoExecuteAction = evaluation.allowed ? 'proceed' : 'ask';
   const phase = toAutoExecutePhase(action);
   const confidencePct = confidenceFromViolation(firstViolation?.code ?? null);
-  const nextAction = evaluation.allowed
-    ? {
-      kind: 'info' as const,
-      message: 'Gate en verde. Continúa con la implementación.',
-    }
-    : nextActionFromViolation(firstViolation, params.repoRoot);
+  const remediation = resolveAutoExecuteRemediation({
+    violation: firstViolation,
+    repoRoot: params.repoRoot,
+    stage,
+    allowed: evaluation.allowed,
+  });
+  const nextAction = remediation.nextAction;
 
   let message = toHumanMessage({
     action,
     confidencePct,
     reasonCode,
   });
-  let instruction = nextAction.message;
+  let instruction = remediation.instruction;
   if (learningContext?.recommended_actions[0]) {
     message = `${message} Learning: ${learningContext.recommended_actions[0]}`;
     instruction = `${instruction} Learning: ${learningContext.recommended_actions[0]}`;

package/integrations/mcp/enterpriseServer.ts

@@ -9,7 +9,7 @@ import { resolveMcpEnterpriseExperimentalFeature } from '../policy/experimentalF
 import { evaluateSddPolicy, readSddStatus } from '../sdd';
 import type { SddStage } from '../sdd';
 import { toStatusPayload } from './evidencePayloads';
-import { runEnterpriseAiGateCheck } from './aiGateCheck';
+import { runEnterpriseAiGateCheckAsync } from './aiGateCheck';
 import { runEnterprisePreFlightCheck } from './preFlightCheck';
 import { runEnterpriseAutoExecuteAiStart } from './autoExecuteAiStart';
 import { writeMcpAiGateReceipt } from './aiGateReceipt';
@@ -382,16 +382,16 @@ const evaluateCriticalToolGuard = (
   }
 };
 
-const executeEnterpriseTool = (
+const executeEnterpriseTool = async (
   repoRoot: string,
   toolName: EnterpriseToolName,
   args: Record<string, string | number | boolean | bigint | symbol | null | Date | object>,
   dryRun: boolean
-): EnterpriseToolExecution => {
+): Promise<EnterpriseToolExecution> => {
   switch (toolName) {
     case 'ai_gate_check': {
       const stage = toSddStage(args.stage, 'PRE_COMMIT');
-      const execution = runEnterpriseAiGateCheck({
+      const execution = await runEnterpriseAiGateCheckAsync({
         repoRoot,
         stage,
       });
@@ -741,7 +741,7 @@ export const startEnterpriseMcpServer = (
         return;
       }
       void readJsonBody(req)
-        .then((body) => {
+        .then(async (body) => {
           if (typeof body !== 'object' || body === null) {
             sendJson(res, 400, {
               error: 'Invalid request body.',
@@ -814,7 +814,7 @@ export const startEnterpriseMcpServer = (
           }
           let result: EnterpriseToolExecution;
           try {
-            result = executeEnterpriseTool(
+            result = await executeEnterpriseTool(
               repoRoot,
               toolName,
               args,