npm - pumuki - Versions diffs - 6.3.180 → 6.3.182 - Mend

pumuki 6.3.180 → 6.3.182

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/VERSION +1 -1
package/core/facts/detectors/text/android.test.ts +50 -0
package/core/facts/detectors/text/android.ts +8 -0
package/core/facts/extractHeuristicFacts.ts +10 -0
package/core/rules/presets/heuristics/android.test.ts +11 -1
package/core/rules/presets/heuristics/android.ts +40 -0
package/docs/codex-skills/android-enterprise-rules.md +2 -1
package/integrations/config/skillsDetectorRegistry.ts +7 -0
package/package.json +1 -1
package/skills.lock.json +1 -1

package/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- v6.3.~~180~~
1	+ v6.3.182

package/core/facts/detectors/text/android.test.ts CHANGED Viewed

@@ -6,7 +6,9 @@ import {
   findKotlinLiskovSubstitutionMatch,
   findKotlinOpenClosedWhenMatch,
   findKotlinPresentationSrpMatch,
+  hasKotlinDispatcherMainBoundaryLeakUsage,
   hasKotlinGlobalScopeUsage,
+  hasKotlinHardcodedBackgroundDispatcherUsage,
   hasKotlinLiveDataStateExposureUsage,
   hasKotlinManualCoroutineScopeInViewModelUsage,
   hasKotlinRunBlockingUsage,
@@ -141,6 +143,54 @@ class OrdersViewModel : ViewModel() {
   assert.equal(hasKotlinManualCoroutineScopeInViewModelUsage(source), false);
 });
+test('hasKotlinDispatcherMainBoundaryLeakUsage detecta Dispatchers.Main como dispatcher UI explícito', () => {
+  const source = `
+class SyncOrdersUseCase {
+  suspend fun execute() = withContext(Dispatchers.Main) { }
+}
+`;
+  assert.equal(hasKotlinDispatcherMainBoundaryLeakUsage(source), true);
+});
+test('hasKotlinDispatcherMainBoundaryLeakUsage ignora imports, comentarios y strings', () => {
+  const source = `
+import kotlinx.coroutines.Dispatchers
+// withContext(Dispatchers.Main) { }
+val sample = "Dispatchers.Main"
+class SyncOrdersUseCase {
+  suspend fun execute() = withContext(Dispatchers.IO) { }
+}
+`;
+  assert.equal(hasKotlinDispatcherMainBoundaryLeakUsage(source), false);
+});
+test('hasKotlinHardcodedBackgroundDispatcherUsage detecta Dispatchers.IO y Dispatchers.Default', () => {
+  const ioSource = `
+class SyncOrdersUseCase {
+  suspend fun execute() = withContext(Dispatchers.IO) { }
+}
+`;
+  const defaultSource = `
+class BuildCatalogIndexUseCase {
+  suspend fun execute() = withContext(Dispatchers.Default) { }
+}
+`;
+  assert.equal(hasKotlinHardcodedBackgroundDispatcherUsage(ioSource), true);
+  assert.equal(hasKotlinHardcodedBackgroundDispatcherUsage(defaultSource), true);
+});
+test('hasKotlinHardcodedBackgroundDispatcherUsage ignora imports, comentarios, strings y Main', () => {
+  const source = `
+import kotlinx.coroutines.Dispatchers
+// withContext(Dispatchers.IO) { }
+val sample = "Dispatchers.Default"
+class SyncOrdersUseCase {
+  suspend fun execute() = withContext(Dispatchers.Main) { }
+}
+`;
+  assert.equal(hasKotlinHardcodedBackgroundDispatcherUsage(source), false);
+});
 test('findKotlinPresentationSrpMatch devuelve payload semantico para SRP-Android en presentation', () => {
   const source = `
 import android.content.SharedPreferences

package/core/facts/detectors/text/android.ts CHANGED Viewed

@@ -255,6 +255,10 @@ const parseKotlinTypeDeclarations = (source: string): readonly KotlinTypeDeclara
   return declarations;
 };
+export const hasKotlinHardcodedBackgroundDispatcherUsage = (source: string): boolean => {
+  return collectKotlinRegexLines(source, /\bDispatchers\s*\.\s*(?:IO|Default)\b/).length > 0;
+};
 export const hasKotlinThreadSleepCall = (source: string): boolean => {
   return scanCodeLikeSource(source, ({ source: kotlinSource, index, current }) => {
     if (current !== 'T') {
@@ -331,6 +335,10 @@ export const hasKotlinManualCoroutineScopeInViewModelUsage = (source: string): b
   return false;
 };
+export const hasKotlinDispatcherMainBoundaryLeakUsage = (source: string): boolean => {
+  return collectKotlinRegexLines(source, /\bDispatchers\s*\.\s*Main\b/).length > 0;
+};
 export const findKotlinPresentationSrpMatch = (
   source: string
 ): KotlinPresentationSrpMatch | undefined => {

package/core/facts/extractHeuristicFacts.ts CHANGED Viewed

@@ -99,6 +99,14 @@ const isAndroidApplicationOrPresentationPath = (path: string): boolean => {
   return isAndroidKotlinPath(path) && (path.includes('/application/') || path.includes('/presentation/'));
 };
+const isAndroidDomainOrApplicationPath = (path: string): boolean => {
+  return isAndroidKotlinPath(path) && (path.includes('/domain/') || path.includes('/application/'));
+};
+const isAndroidNonPresentationKotlinPath = (path: string): boolean => {
+  return isAndroidKotlinPath(path) && !path.includes('/presentation/');
+};
 const isApprovedIOSBridgePath = (path: string): boolean => {
   const normalized = path.toLowerCase();
   return (
@@ -639,6 +647,8 @@ const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   { platform: 'android', pathCheck: isAndroidKotlinPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinRunBlockingUsage, ruleId: 'heuristics.android.run-blocking.ast', code: 'HEURISTICS_ANDROID_RUN_BLOCKING_AST', message: 'AST heuristic detected runBlocking usage in production Kotlin code.' },
   { platform: 'android', pathCheck: isAndroidPresentationPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinLiveDataStateExposureUsage, ruleId: 'heuristics.android.flow.livedata-state-exposure.ast', code: 'HEURISTICS_ANDROID_FLOW_LIVEDATA_STATE_EXPOSURE_AST', message: 'AST heuristic detected LiveData state exposure in Android presentation code where StateFlow or SharedFlow should be preferred.' },
   { platform: 'android', pathCheck: isAndroidPresentationPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinManualCoroutineScopeInViewModelUsage, ruleId: 'heuristics.android.coroutines.manual-scope-in-viewmodel.ast', code: 'HEURISTICS_ANDROID_COROUTINES_MANUAL_SCOPE_IN_VIEWMODEL_AST', message: 'AST heuristic detected manual CoroutineScope inside an Android ViewModel where viewModelScope should be preferred.' },
+  { platform: 'android', pathCheck: isAndroidNonPresentationKotlinPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinDispatcherMainBoundaryLeakUsage, ruleId: 'heuristics.android.coroutines.dispatchers-main-boundary-leak.ast', code: 'HEURISTICS_ANDROID_COROUTINES_DISPATCHERS_MAIN_BOUNDARY_LEAK_AST', message: 'AST heuristic detected Dispatchers.Main outside Android presentation code.' },
+  { platform: 'android', pathCheck: isAndroidDomainOrApplicationPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinHardcodedBackgroundDispatcherUsage, ruleId: 'heuristics.android.coroutines.hardcoded-background-dispatcher.ast', code: 'HEURISTICS_ANDROID_COROUTINES_HARDCODED_BACKGROUND_DISPATCHER_AST', message: 'AST heuristic detected hard-coded Dispatchers.IO or Dispatchers.Default in Android domain/application code.' },
 ];
 const extractWorkflowHeuristicFacts = (

package/core/rules/presets/heuristics/android.test.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import test from 'node:test';
 import { androidRules } from './android';
 test('androidRules define reglas heurísticas locked para plataforma android', () => {
-  assert.equal(androidRules.length, 10);
+  assert.equal(androidRules.length, 12);
   const ids = androidRules.map((rule) => rule.id);
   assert.deepEqual(ids, [
@@ -12,6 +12,8 @@ test('androidRules define reglas heurísticas locked para plataforma android', (
     'heuristics.android.run-blocking.ast',
     'heuristics.android.flow.livedata-state-exposure.ast',
     'heuristics.android.coroutines.manual-scope-in-viewmodel.ast',
+    'heuristics.android.coroutines.dispatchers-main-boundary-leak.ast',
+    'heuristics.android.coroutines.hardcoded-background-dispatcher.ast',
     'heuristics.android.solid.srp.presentation-mixed-responsibilities.ast',
     'heuristics.android.solid.ocp.discriminator-branching.ast',
     'heuristics.android.solid.dip.concrete-framework-dependency.ast',
@@ -50,6 +52,14 @@ test('androidRules define reglas heurísticas locked para plataforma android', (
     byId.get('heuristics.android.coroutines.manual-scope-in-viewmodel.ast')?.then.code,
     'HEURISTICS_ANDROID_COROUTINES_MANUAL_SCOPE_IN_VIEWMODEL_AST'
   );
+  assert.equal(
+    byId.get('heuristics.android.coroutines.dispatchers-main-boundary-leak.ast')?.then.code,
+    'HEURISTICS_ANDROID_COROUTINES_DISPATCHERS_MAIN_BOUNDARY_LEAK_AST'
+  );
+  assert.equal(
+    byId.get('heuristics.android.coroutines.hardcoded-background-dispatcher.ast')?.then.code,
+    'HEURISTICS_ANDROID_COROUTINES_HARDCODED_BACKGROUND_DISPATCHER_AST'
+  );
   assert.equal(
     byId.get('heuristics.android.solid.srp.presentation-mixed-responsibilities.ast')?.then.code,
     'HEURISTICS_ANDROID_SOLID_SRP_PRESENTATION_MIXED_RESPONSIBILITIES_AST'

package/core/rules/presets/heuristics/android.ts CHANGED Viewed

@@ -95,6 +95,46 @@ export const androidRules: RuleSet = [
       code: 'HEURISTICS_ANDROID_COROUTINES_MANUAL_SCOPE_IN_VIEWMODEL_AST',
     },
   },
+  {
+    id: 'heuristics.android.coroutines.dispatchers-main-boundary-leak.ast',
+    description:
+      'Detects Dispatchers.Main usage outside Android presentation code.',
+    severity: 'WARN',
+    platform: 'android',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.android.coroutines.dispatchers-main-boundary-leak.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected Dispatchers.Main outside Android presentation code.',
+      code: 'HEURISTICS_ANDROID_COROUTINES_DISPATCHERS_MAIN_BOUNDARY_LEAK_AST',
+    },
+  },
+  {
+    id: 'heuristics.android.coroutines.hardcoded-background-dispatcher.ast',
+    description:
+      'Detects hard-coded Dispatchers.IO or Dispatchers.Default usage in Android domain/application code.',
+    severity: 'WARN',
+    platform: 'android',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.android.coroutines.hardcoded-background-dispatcher.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected hard-coded background dispatcher in Android domain/application code.',
+      code: 'HEURISTICS_ANDROID_COROUTINES_HARDCODED_BACKGROUND_DISPATCHER_AST',
+    },
+  },
   {
     id: 'heuristics.android.solid.srp.presentation-mixed-responsibilities.ast',
     description:

package/docs/codex-skills/android-enterprise-rules.md CHANGED Viewed

@@ -125,7 +125,8 @@ app/
 ### Enforcement AST inicial de coroutines Android
 ✅ `skills.android.guideline.android.coroutines-async-await-no-callbacks` debe mapear a señales ejecutables existentes de uso inseguro de coroutines, empezando por `GlobalScope` y `runBlocking`.
 ✅ `skills.android.guideline.android.viewmodelscope-scope-de-viewmodel-cancelado-automa-ticamente` debe mapear a señales ejecutables de scopes manuales dentro de `ViewModel`, empezando por `CoroutineScope(...)` construido en presentation.
-✅ El baseline inicial de coroutines es parcial: cubre APIs bloqueantes, scopes no estructurados y scopes manuales en `ViewModel`, pero no declara todavía cobertura completa de `Flow`, `supervisorScope`, dispatchers ni cancelación cooperativa.
+✅ `skills.android.guideline.android.dispatchers-main-ui-io-network-disk-default-cpu` debe mapear a señales ejecutables de dispatchers mal ubicados: `Dispatchers.Main` fuera de `presentation` y `Dispatchers.IO` / `Dispatchers.Default` hardcodeados en `domain` o `application` en lugar de entrar por frontera inyectable.
+✅ El baseline inicial de coroutines es parcial: cubre APIs bloqueantes, scopes no estructurados, scopes manuales en `ViewModel`, filtraciones de `Dispatchers.Main` y hardcode de dispatchers de background en dominio/aplicación, pero no declara todavía cobertura completa de `Flow`, `supervisorScope`, dispatchers ni cancelación cooperativa.
 ✅ Si se amplía esta cobertura, cada nueva regla debe aterrizar como detector AST/textual semántico con test dirigido antes de declararse cubierta en el registry.
 ### Enforcement AST inicial de Flow/StateFlow Android

package/integrations/config/skillsDetectorRegistry.ts CHANGED Viewed

@@ -224,6 +224,13 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
     'android.coroutines.viewmodel-scope',
     ['heuristics.android.coroutines.manual-scope-in-viewmodel.ast']
   ),
+  'skills.android.guideline.android.dispatchers-main-ui-io-network-disk-default-cpu': heuristicDetector(
+    'android.coroutines.dispatchers',
+    [
+      'heuristics.android.coroutines.dispatchers-main-boundary-leak.ast',
+      'heuristics.android.coroutines.hardcoded-background-dispatcher.ast',
+    ]
+  ),
   'skills.android.guideline.android.stateflow-estado-mutable-observable': heuristicDetector(
     'android.flow.state-exposure',
     ['heuristics.android.flow.livedata-state-exposure.ast']

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.180",
+  "version": "6.3.182",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/skills.lock.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": "1.0",
   "compilerVersion": "1.0.0",
-  "generatedAt": "2026-05-12T19:46:23.268Z",
+  "generatedAt": "2026-05-12T20:34:49.636Z",
   "bundles": [
     {
       "name": "android-guidelines",