pumuki 6.3.120 → 6.3.122

package/AGENTS.md

@@ -81,6 +81,17 @@ Antes de realizar cualquier accion:
   - explicar la regla exacta bloqueante, y
   - pedir decision explicita del usuario antes de continuar.
 
+## Protocolo condicionado de review paralela
+- MUST: Cuando el usuario pida revisar una rama, PR, diff amplio o cambio transversal, usar subagentes paralelos si el alcance lo justifica.
+- MUST: Separar la revision en tres focos independientes:
+  1. riesgos de seguridad
+  2. carencias de tests
+  3. mantenibilidad, deuda y complejidad
+- MUST: Integrar los hallazgos en una unica respuesta final priorizada por severidad, con referencias a archivo/linea y sin duplicar conclusiones.
+- MUST: Mantener el formato de review: hallazgos primero, preguntas/assumptions despues, resumen al final.
+- MUST: No activar este protocolo para implementaciones normales, fixes pequenos, tareas de tracking o cambios documentales simples salvo peticion explicita del usuario.
+- MUST: No sustituir los gates del repo por opiniones de subagentes; los subagentes aportan focos de revision, pero la respuesta final debe contrastar sus hallazgos con codigo, tests y evidencia local.
+
 ## Contrato hard de GitFlow y ramas (no negociable)
 - El ciclo GitFlow del proyecto es obligatorio.
 - Es obligatorio respetar ramas nombradas segun la convencion acordada del repositorio.

package/CHANGELOG.md

@@ -6,6 +6,21 @@ This project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [6.3.122] - 2026-04-28
+
+### Fixed
+
+- **Skills estructurales sin umbrales hardcodeados:** `skills.backend.no-god-classes` / `skills.frontend.no-god-classes` dejan de depender de `GOD_CLASS_MAX_LINES` y pasan a detectar mezcla semántica de responsabilidades por nodos AST.
+- **Auditoría transversal iOS/Android/backend/frontend:** las skills estructurales `God/Massive/SRP/Clean Architecture` ya no expresan límites implícitos de líneas; una regresión dedicada falla si vuelven a aparecer umbrales `> N líneas` en las skills de las cuatro plataformas.
+- **Cierre de `PUMUKI-INC-115`:** Pumuki mantiene hotspots por `max_lines` solo cuando el consumer los declara explícitamente, pero las skills hard vuelven a depender de nodos AST inteligentes o reglas declarativas.
+
+## [6.3.121] - 2026-04-28
+
+### Fixed
+
+- **Hotspots brownfield sin umbrales hardcodeados:** `BrownfieldHotspotGuard` deja de bloquear por tamaño implícito en carpetas `presentation`/`application`; el bloqueo por líneas solo se activa cuando el consumer declara explícitamente `max_lines` en `config/pumuki-hotspots.json`.
+- **Cierre de `PUMUKI-INC-114`:** el guard mantiene bloqueo declarativo para hotspots marcados, pero SRP/god class vuelve a depender de reglas/skills AST inteligentes en vez de números internos `800/1200`.
+
 ## [6.3.120] - 2026-04-28
 
 ### Fixed

package/VERSION

@@ -1 +1 @@
-v6.3.120
+v6.3.122

package/core/facts/detectors/typescript/index.test.ts

@@ -856,32 +856,86 @@ test('findConcreteDependencyInstantiationMatch devuelve payload semantico para D
   assert.match(match.expected_fix, /adapter|puerto|abstracci/i);
 });
 
-test('hasLargeClassDeclaration detecta clases con 300 lineas o mas', () => {
-  const oversizedClassAst = {
+test('hasLargeClassDeclaration detecta god class por mezcla semantica de responsabilidades', () => {
+  const godClassAst = {
     type: 'ClassDeclaration',
     loc: {
-      start: { line: 10 },
-      end: { line: 320 },
+      start: { line: 1 },
+      end: { line: 80 },
+    },
+    body: {
+      type: 'ClassBody',
+      body: [
+        {
+          type: 'ClassProperty',
+          key: { type: 'Identifier', name: 'client' },
+          value: {
+            type: 'NewExpression',
+            callee: { type: 'Identifier', name: 'PrismaClient' },
+            arguments: [],
+          },
+        },
+        {
+          type: 'ClassMethod',
+          key: { type: 'Identifier', name: 'getOrder' },
+          loc: { start: { line: 20 }, end: { line: 24 } },
+          body: { type: 'BlockStatement', body: [] },
+        },
+        {
+          type: 'ClassMethod',
+          key: { type: 'Identifier', name: 'saveOrder' },
+          loc: { start: { line: 30 }, end: { line: 40 } },
+          body: { type: 'BlockStatement', body: [] },
+        },
+      ],
     },
   };
-  const thresholdClassAst = {
+  const oversizedButSingleResponsibilityAst = {
     type: 'ClassDeclaration',
     loc: {
-      start: { line: 10 },
-      end: { line: 309 },
+      start: { line: 1 },
+      end: { line: 1_000 },
+    },
+    body: {
+      type: 'ClassBody',
+      body: [
+        {
+          type: 'ClassMethod',
+          key: { type: 'Identifier', name: 'getOrder' },
+          loc: { start: { line: 20 }, end: { line: 24 } },
+          body: { type: 'BlockStatement', body: [] },
+        },
+      ],
     },
   };
-  const compactClassAst = {
+  const srpOnlyAst = {
     type: 'ClassDeclaration',
     loc: {
-      start: { line: 10 },
+      start: { line: 1 },
       end: { line: 80 },
     },
+    body: {
+      type: 'ClassBody',
+      body: [
+        {
+          type: 'ClassMethod',
+          key: { type: 'Identifier', name: 'getOrder' },
+          loc: { start: { line: 20 }, end: { line: 24 } },
+          body: { type: 'BlockStatement', body: [] },
+        },
+        {
+          type: 'ClassMethod',
+          key: { type: 'Identifier', name: 'saveOrder' },
+          loc: { start: { line: 30 }, end: { line: 40 } },
+          body: { type: 'BlockStatement', body: [] },
+        },
+      ],
+    },
   };
 
-  assert.equal(hasLargeClassDeclaration(oversizedClassAst), true);
-  assert.equal(hasLargeClassDeclaration(thresholdClassAst), true);
-  assert.equal(hasLargeClassDeclaration(compactClassAst), false);
+  assert.equal(hasLargeClassDeclaration(godClassAst), true);
+  assert.equal(hasLargeClassDeclaration(oversizedButSingleResponsibilityAst), false);
+  assert.equal(hasLargeClassDeclaration(srpOnlyAst), false);
 });
 
 test('hasRecordStringUnknownType detecta Record<string, unknown>', () => {

package/core/facts/detectors/typescript/index.ts

@@ -19,7 +19,6 @@ const concreteDependencyNames = new Set<string>([
   'ApolloClient',
   'Axios',
 ]);
-const GOD_CLASS_MAX_LINES = 300;
 const networkCallCalleePattern = /^(fetch|axios|get|post|put|patch|delete|request)$/i;
 type AstNode = Record<string, string | number | boolean | bigint | symbol | null | Date | object>;
 type TypeScriptSemanticNode = {
@@ -1747,16 +1746,19 @@ export const findConcreteDependencyInstantiationMatch = (
   return buildSolidDipMatch(node, 'concrete-instantiation');
 };
 
-const nodeLineSpan = (node: unknown): number => {
-  if (!isObject(node) || !isObject(node.loc)) {
-    return 0;
-  }
-  const start = isObject(node.loc.start) ? node.loc.start.line : undefined;
-  const end = isObject(node.loc.end) ? node.loc.end.line : undefined;
-  if (typeof start !== 'number' || typeof end !== 'number') {
-    return 0;
-  }
-  return Math.max(0, end - start + 1);
+const hasSemanticGodClassResponsibilities = (classNode: AstNode): boolean => {
+  const mixesCommandsAndQueries = typeof buildMixedCommandQueryClassMatch(classNode) !== 'undefined';
+  const ownsConcreteInfrastructure = hasConcreteDependencyInstantiation(classNode);
+  const ownsTypeBranching = hasTypeDiscriminatorSwitch(classNode);
+  const weakensBaseContract = hasOverrideMethodThrowingNotImplemented(classNode);
+
+  return (
+    (mixesCommandsAndQueries && ownsConcreteInfrastructure) ||
+    (mixesCommandsAndQueries && ownsTypeBranching) ||
+    (mixesCommandsAndQueries && weakensBaseContract) ||
+    (ownsConcreteInfrastructure && ownsTypeBranching) ||
+    (ownsConcreteInfrastructure && weakensBaseContract)
+  );
 };
 
 export const hasLargeClassDeclaration = (node: unknown): boolean => {
@@ -1764,7 +1766,7 @@ export const hasLargeClassDeclaration = (node: unknown): boolean => {
     if (value.type !== 'ClassDeclaration' && value.type !== 'ClassExpression') {
       return false;
     }
-    return nodeLineSpan(value) >= GOD_CLASS_MAX_LINES;
+    return hasSemanticGodClassResponsibilities(value);
   });
 };
 

package/core/facts/extractHeuristicFacts.ts

@@ -410,7 +410,7 @@ const astDetectorRegistry: ReadonlyArray<ASTDetectorRegistryEntry> = [
   { detect: TS.hasOverrideMethodThrowingNotImplemented, ruleId: 'heuristics.ts.solid.lsp.override-not-implemented.ast', code: 'HEURISTICS_SOLID_LSP_OVERRIDE_NOT_IMPLEMENTED_AST', message: 'AST heuristic detected LSP risk: override throws not-implemented/unsupported.' },
   { detect: TS.hasFrameworkDependencyImport, ruleId: 'heuristics.ts.solid.dip.framework-import.ast', code: 'HEURISTICS_SOLID_DIP_FRAMEWORK_IMPORT_AST', message: 'AST heuristic detected DIP risk: framework dependency imported in domain/application code.', pathCheck: isTypeScriptDomainOrApplicationPath },
   { detect: TS.hasConcreteDependencyInstantiation, ruleId: 'heuristics.ts.solid.dip.concrete-instantiation.ast', code: 'HEURISTICS_SOLID_DIP_CONCRETE_INSTANTIATION_AST', message: 'AST heuristic detected DIP risk: direct instantiation of concrete framework dependency.', pathCheck: isTypeScriptDomainOrApplicationPath },
-  { detect: TS.hasLargeClassDeclaration, ruleId: 'heuristics.ts.god-class-large-class.ast', code: 'HEURISTICS_GOD_CLASS_LARGE_CLASS_AST', message: 'AST heuristic detected God Class candidate (>=300 lines in a single class declaration).' },
+  { detect: TS.hasLargeClassDeclaration, ruleId: 'heuristics.ts.god-class-large-class.ast', code: 'HEURISTICS_GOD_CLASS_LARGE_CLASS_AST', message: 'AST heuristic detected God Class candidate by mixed responsibility nodes in a single class declaration.' },
   { detect: TS.hasRecordStringUnknownType, locateLines: TS.findRecordStringUnknownTypeLines, ruleId: 'common.types.record_unknown_requires_type', code: 'COMMON_TYPES_RECORD_UNKNOWN_REQUIRES_TYPE_AST', message: 'AST heuristic detected Record<string, unknown> without explicit value union.' },
   { detect: TS.hasUnknownWithoutGuard, locateLines: TS.findUnknownWithoutGuardLines, ruleId: 'common.types.unknown_without_guard', code: 'COMMON_TYPES_UNKNOWN_WITHOUT_GUARD_AST', message: 'AST heuristic detected unknown usage without explicit guard evidence.', pathCheck: isTypeScriptDomainOrApplicationPath },
   { detect: TS.hasUndefinedInBaseTypeUnion, locateLines: TS.findUndefinedInBaseTypeUnionLines, ruleId: 'common.types.undefined_in_base_type', code: 'COMMON_TYPES_UNDEFINED_IN_BASE_TYPE_AST', message: 'AST heuristic detected undefined inside base-type unions.' },

package/core/rules/presets/heuristics/typescript.ts

@@ -332,7 +332,7 @@ export const typescriptRules: RuleSet = [
   },
   {
     id: 'heuristics.ts.god-class-large-class.ast',
-    description: 'Detects God Class candidates when a class declaration exceeds 500 lines.',
+    description: 'Detects God Class candidates when one class mixes multiple responsibility nodes.',
     severity: 'ERROR',
     platform: 'generic',
     locked: true,
@@ -344,7 +344,7 @@ export const typescriptRules: RuleSet = [
     },
     then: {
       kind: 'Finding',
-      message: 'AST heuristic detected God Class candidate (>500 lines in one class declaration).',
+      message: 'AST heuristic detected God Class candidate by mixed responsibility nodes in one class declaration.',
       code: 'HEURISTICS_GOD_CLASS_LARGE_CLASS_AST',
     },
   },

package/docs/codex-skills/backend-enterprise-rules.md

@@ -249,7 +249,7 @@ const { data } = await supabase
 ✅ **i18n en error messages** - Mensajes traducibles
 
 ### Anti-patterns a EVITAR:
-❌ **God classes** - Servicios con >500 líneas
+❌ **God classes** - Servicios que mezclan responsabilidades de dominio, aplicación, infraestructura, branching de tipos o contratos en una misma clase
 ❌ **Anemic domain models** - Entidades solo con getters/setters
 ❌ **Magic numbers** - Usar constantes con nombres descriptivos
 ❌ **Callback hell** - Usar async/await

package/docs/codex-skills/ios-enterprise-rules.md

@@ -806,7 +806,7 @@ final class APIClientSpy: @unchecked Sendable, APIClientProtocol {
 - Usar `@preconcurrency` solo como medida temporal de migración
 
 ### Anti-patterns a EVITAR:
-❌ **Massive View Controllers** - ViewControllers >300 líneas
+❌ **Massive View Controllers** - ViewControllers que mezclan presentación, navegación, estado, acceso a datos o coordinación de infraestructura
 ❌ **Force unwrapping (!)** - Salvo IBOutlets y casos justificados
 ❌ **Singletons** - Dificultan testing
 ❌ **Storyboards grandes** - Merge conflicts, lentitud

package/integrations/config/skillsMarkdownRules.ts

@@ -446,13 +446,7 @@ const normalizeKnownRuleTarget = (
     if (includes('clean architecture')) {
       return `${prefix}.enforce-clean-architecture`;
     }
-    if (
-      includes('god classes') ||
-      includes('god class') ||
-      includes('500 lineas') ||
-      includes('500 li neas') ||
-      includes('500 lines')
-    ) {
+    if (includes('god classes') || includes('god class')) {
       return `${prefix}.no-god-classes`;
     }
     if (includes('empty catch')) {

package/integrations/git/brownfieldHotspots.ts

@@ -24,9 +24,6 @@ type ObservedFile = {
 };
 
 const DEFAULT_HOTSPOTS_CONFIG_PATH = 'config/pumuki-hotspots.json';
-const PRESENTATION_OR_APPLICATION_SEGMENTS = ['/presentation/', '/application/'];
-const HIGH_LINE_THRESHOLD = 800;
-const CRITICAL_LINE_THRESHOLD = 1200;
 
 const isObject = (value: unknown): value is Record<string, unknown> =>
   typeof value === 'object' && value !== null;
@@ -102,11 +99,6 @@ const readBrownfieldHotspotConfig = (repoRoot: string): BrownfieldHotspotConfig
   }
 };
 
-const isSensitiveLayerPath = (path: string): boolean => {
-  const normalized = `/${toNormalizedPath(path).toLowerCase()}`;
-  return PRESENTATION_OR_APPLICATION_SEGMENTS.some((segment) => normalized.includes(segment));
-};
-
 const hasRequiredArtifacts = (
   repoRoot: string,
   candidates: ReadonlyArray<string> | undefined
@@ -245,28 +237,15 @@ export const evaluateBrownfieldHotspotFindings = (params: {
 
   for (const file of observedFiles) {
     const configEntry = configByPath.get(file.path);
-    const isSensitiveLayer = isSensitiveLayerPath(file.path);
-    if (typeof file.lineCount === 'number' && (isSensitiveLayer || configEntry?.max_lines)) {
-      const highThreshold = configEntry?.max_lines ?? HIGH_LINE_THRESHOLD;
-      const criticalThreshold = Math.max(highThreshold, CRITICAL_LINE_THRESHOLD);
-      if (file.lineCount > criticalThreshold) {
-        findings.push(
-          toHotspotSizeFinding({
-            stage: params.stage,
-            path: file.path,
-            lineCount: file.lineCount,
-            threshold: criticalThreshold,
-            severity: 'CRITICAL',
-            reason: configEntry?.reason,
-          })
-        );
-      } else if (file.lineCount > highThreshold) {
+    if (typeof file.lineCount === 'number' && configEntry?.max_lines) {
+      const threshold = configEntry.max_lines;
+      if (file.lineCount > threshold) {
         findings.push(
           toHotspotSizeFinding({
             stage: params.stage,
             path: file.path,
             lineCount: file.lineCount,
-            threshold: highThreshold,
+            threshold,
             severity: 'ERROR',
             reason: configEntry?.reason,
           })

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.120",
+  "version": "6.3.122",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/vendor/skills/backend-enterprise-rules/SKILL.md

@@ -249,7 +249,7 @@ const { data } = await supabase
 ✅ **i18n en error messages** - Mensajes traducibles
 
 ### Anti-patterns a EVITAR:
-❌ **God classes** - Servicios con >500 líneas
+❌ **God classes** - Servicios que mezclan responsabilidades de dominio, aplicación, infraestructura, branching de tipos o contratos en una misma clase
 ❌ **Anemic domain models** - Entidades solo con getters/setters
 ❌ **Magic numbers** - Usar constantes con nombres descriptivos
 ❌ **Callback hell** - Usar async/await

package/vendor/skills/ios-enterprise-rules/SKILL.md

@@ -806,7 +806,7 @@ final class APIClientSpy: @unchecked Sendable, APIClientProtocol {
 - Usar `@preconcurrency` solo como medida temporal de migración
 
 ### Anti-patterns a EVITAR:
-❌ **Massive View Controllers** - ViewControllers >300 líneas
+❌ **Massive View Controllers** - ViewControllers que mezclan presentación, navegación, estado, acceso a datos o coordinación de infraestructura
 ❌ **Force unwrapping (!)** - Salvo IBOutlets y casos justificados
 ❌ **Singletons** - Dificultan testing
 ❌ **Storyboards grandes** - Merge conflicts, lentitud