pumuki 6.3.184 → 6.3.186

package/VERSION

@@ -1 +1 @@
-v6.3.184
+v6.3.186

package/core/facts/detectors/text/android.test.ts

@@ -11,6 +11,8 @@ import {
   hasKotlinGlobalScopeUsage,
   hasKotlinHardcodedBackgroundDispatcherUsage,
   hasKotlinLiveDataStateExposureUsage,
+  hasKotlinLifecycleScopeUsage,
+  hasKotlinWithContextUsage,
   hasKotlinManualCoroutineScopeInViewModelUsage,
   hasKotlinRunBlockingUsage,
   hasKotlinSupervisorScopeUsage,
@@ -193,6 +195,58 @@ class SyncOrdersUseCase {
   assert.equal(hasKotlinHardcodedBackgroundDispatcherUsage(source), false);
 });
 
+test('hasKotlinWithContextUsage detecta withContext con dispatcher y con generics', () => {
+  const dispatcherSource = `
+class SyncOrdersUseCase {
+  suspend fun execute() = withContext(Dispatchers.IO) { syncRemote() }
+}
+`;
+  const genericSource = `
+class SyncOrdersUseCase {
+  suspend fun execute() = withContext<Unit>(dispatcher) { syncRemote() }
+}
+`;
+  assert.equal(hasKotlinWithContextUsage(dispatcherSource), true);
+  assert.equal(hasKotlinWithContextUsage(genericSource), true);
+});
+
+test('hasKotlinWithContextUsage ignora imports, comentarios, strings y nombres parciales', () => {
+  const source = `
+import kotlinx.coroutines.withContext
+// withContext(Dispatchers.IO) { }
+val sample = "withContext(Dispatchers.Default)"
+class SyncOrdersUseCase {
+  suspend fun execute() = customWithContext(dispatcher) { syncRemote() }
+}
+`;
+  assert.equal(hasKotlinWithContextUsage(source), false);
+});
+
+test('hasKotlinLifecycleScopeUsage detecta lifecycleScope con llamadas encadenadas', () => {
+  const source = `
+class SyncOrdersUseCase {
+  fun execute() {
+    lifecycleScope.launch { syncRemote() }
+  }
+}
+`;
+  assert.equal(hasKotlinLifecycleScopeUsage(source), true);
+});
+
+test('hasKotlinLifecycleScopeUsage ignora imports, comentarios, strings y nombres parciales', () => {
+  const source = `
+import androidx.lifecycle.lifecycleScope
+// lifecycleScope.launch { syncRemote() }
+val sample = "lifecycleScope.launch { syncRemote() }"
+class SyncOrdersUseCase {
+  fun execute() {
+    customLifecycleScope.launch { syncRemote() }
+  }
+}
+`;
+  assert.equal(hasKotlinLifecycleScopeUsage(source), false);
+});
+
 test('hasKotlinSupervisorScopeUsage detecta supervisorScope con parentesis y llaves', () => {
   const parenthesesSource = `
 class SyncOrdersUseCase {

package/core/facts/detectors/text/android.ts

@@ -259,6 +259,14 @@ export const hasKotlinHardcodedBackgroundDispatcherUsage = (source: string): boo
   return collectKotlinRegexLines(source, /\bDispatchers\s*\.\s*(?:IO|Default)\b/).length > 0;
 };
 
+export const hasKotlinWithContextUsage = (source: string): boolean => {
+  return collectKotlinRegexLines(source, /\bwithContext\s*(?:<[^>\n]+>\s*)?\(/).length > 0;
+};
+
+export const hasKotlinLifecycleScopeUsage = (source: string): boolean => {
+  return collectKotlinRegexLines(source, /\blifecycleScope\s*\./).length > 0;
+};
+
 export const hasKotlinSupervisorScopeUsage = (source: string): boolean => {
   return collectKotlinRegexLines(source, /\bsupervisorScope\s*(?:<[^>\n]+>\s*)?(?:\(|\{)/).length > 0;
 };

package/core/facts/extractHeuristicFacts.ts

@@ -649,6 +649,8 @@ const textDetectorRegistry: ReadonlyArray<TextDetectorRegistryEntry> = [
   { platform: 'android', pathCheck: isAndroidPresentationPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinManualCoroutineScopeInViewModelUsage, ruleId: 'heuristics.android.coroutines.manual-scope-in-viewmodel.ast', code: 'HEURISTICS_ANDROID_COROUTINES_MANUAL_SCOPE_IN_VIEWMODEL_AST', message: 'AST heuristic detected manual CoroutineScope inside an Android ViewModel where viewModelScope should be preferred.' },
   { platform: 'android', pathCheck: isAndroidNonPresentationKotlinPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinDispatcherMainBoundaryLeakUsage, ruleId: 'heuristics.android.coroutines.dispatchers-main-boundary-leak.ast', code: 'HEURISTICS_ANDROID_COROUTINES_DISPATCHERS_MAIN_BOUNDARY_LEAK_AST', message: 'AST heuristic detected Dispatchers.Main outside Android presentation code.' },
   { platform: 'android', pathCheck: isAndroidDomainOrApplicationPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinHardcodedBackgroundDispatcherUsage, ruleId: 'heuristics.android.coroutines.hardcoded-background-dispatcher.ast', code: 'HEURISTICS_ANDROID_COROUTINES_HARDCODED_BACKGROUND_DISPATCHER_AST', message: 'AST heuristic detected hard-coded Dispatchers.IO or Dispatchers.Default in Android domain/application code.' },
+  { platform: 'android', pathCheck: isAndroidDomainOrApplicationPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinWithContextUsage, ruleId: 'heuristics.android.coroutines.with-context.ast', code: 'HEURISTICS_ANDROID_COROUTINES_WITH_CONTEXT_AST', message: 'AST heuristic detected withContext usage in Android domain/application code.' },
+  { platform: 'android', pathCheck: isAndroidDomainOrApplicationPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinLifecycleScopeUsage, ruleId: 'heuristics.android.coroutines.lifecycle-scope-boundary-leak.ast', code: 'HEURISTICS_ANDROID_COROUTINES_LIFECYCLE_SCOPE_BOUNDARY_LEAK_AST', message: 'AST heuristic detected lifecycleScope usage in Android domain/application code.' },
   { platform: 'android', pathCheck: isAndroidDomainOrApplicationPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinSupervisorScopeUsage, ruleId: 'heuristics.android.coroutines.supervisor-scope.ast', code: 'HEURISTICS_ANDROID_COROUTINES_SUPERVISOR_SCOPE_AST', message: 'AST heuristic detected supervisorScope usage in Android domain/application code.' },
   { platform: 'android', pathCheck: isAndroidDomainOrApplicationPath, excludePaths: [isKotlinTestPath], detect: TextAndroid.hasKotlinCoroutineTryCatchUsage, ruleId: 'heuristics.android.coroutines.try-catch.ast', code: 'HEURISTICS_ANDROID_COROUTINES_TRY_CATCH_AST', message: 'AST heuristic detected try-catch handling in Android coroutine code.' },
 ];

package/core/rules/presets/heuristics/android.test.ts

@@ -3,7 +3,7 @@ import test from 'node:test';
 import { androidRules } from './android';
 
 test('androidRules define reglas heurísticas locked para plataforma android', () => {
-  assert.equal(androidRules.length, 14);
+  assert.equal(androidRules.length, 16);
 
   const ids = androidRules.map((rule) => rule.id);
   assert.deepEqual(ids, [
@@ -14,6 +14,8 @@ test('androidRules define reglas heurísticas locked para plataforma android', (
     'heuristics.android.coroutines.manual-scope-in-viewmodel.ast',
     'heuristics.android.coroutines.dispatchers-main-boundary-leak.ast',
     'heuristics.android.coroutines.hardcoded-background-dispatcher.ast',
+    'heuristics.android.coroutines.with-context.ast',
+    'heuristics.android.coroutines.lifecycle-scope-boundary-leak.ast',
     'heuristics.android.coroutines.supervisor-scope.ast',
     'heuristics.android.coroutines.try-catch.ast',
     'heuristics.android.solid.srp.presentation-mixed-responsibilities.ast',
@@ -62,6 +64,14 @@ test('androidRules define reglas heurísticas locked para plataforma android', (
     byId.get('heuristics.android.coroutines.hardcoded-background-dispatcher.ast')?.then.code,
     'HEURISTICS_ANDROID_COROUTINES_HARDCODED_BACKGROUND_DISPATCHER_AST'
   );
+  assert.equal(
+    byId.get('heuristics.android.coroutines.with-context.ast')?.then.code,
+    'HEURISTICS_ANDROID_COROUTINES_WITH_CONTEXT_AST'
+  );
+  assert.equal(
+    byId.get('heuristics.android.coroutines.lifecycle-scope-boundary-leak.ast')?.then.code,
+    'HEURISTICS_ANDROID_COROUTINES_LIFECYCLE_SCOPE_BOUNDARY_LEAK_AST'
+  );
   assert.equal(
     byId.get('heuristics.android.coroutines.supervisor-scope.ast')?.then.code,
     'HEURISTICS_ANDROID_COROUTINES_SUPERVISOR_SCOPE_AST'

package/core/rules/presets/heuristics/android.ts

@@ -135,6 +135,46 @@ export const androidRules: RuleSet = [
       code: 'HEURISTICS_ANDROID_COROUTINES_HARDCODED_BACKGROUND_DISPATCHER_AST',
     },
   },
+  {
+    id: 'heuristics.android.coroutines.with-context.ast',
+    description:
+      'Detects withContext usage in Android domain/application code.',
+    severity: 'WARN',
+    platform: 'android',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.android.coroutines.with-context.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected withContext usage in Android domain/application code.',
+      code: 'HEURISTICS_ANDROID_COROUTINES_WITH_CONTEXT_AST',
+    },
+  },
+  {
+    id: 'heuristics.android.coroutines.lifecycle-scope-boundary-leak.ast',
+    description:
+      'Detects lifecycleScope usage in Android domain/application code where lifecycle ownership belongs to UI lifecycle owners.',
+    severity: 'WARN',
+    platform: 'android',
+    locked: true,
+    when: {
+      kind: 'Heuristic',
+      where: {
+        ruleId: 'heuristics.android.coroutines.lifecycle-scope-boundary-leak.ast',
+      },
+    },
+    then: {
+      kind: 'Finding',
+      message:
+        'AST heuristic detected lifecycleScope usage in Android domain/application code.',
+      code: 'HEURISTICS_ANDROID_COROUTINES_LIFECYCLE_SCOPE_BOUNDARY_LEAK_AST',
+    },
+  },
   {
     id: 'heuristics.android.coroutines.supervisor-scope.ast',
     description:

package/docs/codex-skills/android-enterprise-rules.md

@@ -126,9 +126,11 @@ app/
 ✅ `skills.android.guideline.android.coroutines-async-await-no-callbacks` debe mapear a señales ejecutables existentes de uso inseguro de coroutines, empezando por `GlobalScope` y `runBlocking`.
 ✅ `skills.android.guideline.android.viewmodelscope-scope-de-viewmodel-cancelado-automa-ticamente` debe mapear a señales ejecutables de scopes manuales dentro de `ViewModel`, empezando por `CoroutineScope(...)` construido en presentation.
 ✅ `skills.android.guideline.android.dispatchers-main-ui-io-network-disk-default-cpu` debe mapear a señales ejecutables de dispatchers mal ubicados: `Dispatchers.Main` fuera de `presentation` y `Dispatchers.IO` / `Dispatchers.Default` hardcodeados en `domain` o `application` en lugar de entrar por frontera inyectable.
+✅ `skills.android.guideline.android.withcontext-cambiar-dispatcher` debe mapear a señal ejecutable de `withContext` en `domain` o `application`.
+✅ `skills.android.guideline.android.lifecyclescope-scope-de-activity-fragment` debe mapear a señal ejecutable de `lifecycleScope` fuera de la capa UI, empezando por `domain` o `application`.
 ✅ `skills.android.guideline.android.supervisorscope-errores-no-cancelan-otros-jobs` debe mapear a señal ejecutable de `supervisorScope` en `domain` o `application`.
 ✅ `skills.android.guideline.android.try-catch-manejo-de-errores-en-coroutines` debe mapear a señal ejecutable de `try/catch` dentro de código coroutine en `domain` o `application`.
-✅ El baseline inicial de coroutines es parcial: cubre APIs bloqueantes, scopes no estructurados, scopes manuales en `ViewModel`, filtraciones de `Dispatchers.Main`, hardcode de dispatchers de background en dominio/aplicación, `supervisorScope` y `try/catch` en coroutines, pero no declara todavía cobertura completa de `Flow`, dispatchers ni cancelación cooperativa.
+✅ El baseline inicial de coroutines es parcial: cubre APIs bloqueantes, scopes no estructurados, scopes manuales en `ViewModel`, filtraciones de `Dispatchers.Main`, hardcode de dispatchers de background en dominio/aplicación, `withContext`, fuga de `lifecycleScope`, `supervisorScope` y `try/catch` en coroutines, pero no declara todavía cobertura completa de `Flow`, dispatchers ni cancelación cooperativa.
 ✅ Si se amplía esta cobertura, cada nueva regla debe aterrizar como detector AST/textual semántico con test dirigido antes de declararse cubierta en el registry.
 
 ### Enforcement AST inicial de Flow/StateFlow Android

package/integrations/config/skillsDetectorRegistry.ts

@@ -231,6 +231,14 @@ const registryByRuleId: Record<string, SkillsDetectorBinding> = {
       'heuristics.android.coroutines.hardcoded-background-dispatcher.ast',
     ]
   ),
+  'skills.android.guideline.android.withcontext-cambiar-dispatcher': heuristicDetector(
+    'android.coroutines.with-context',
+    ['heuristics.android.coroutines.with-context.ast']
+  ),
+  'skills.android.guideline.android.lifecyclescope-scope-de-activity-fragment': heuristicDetector(
+    'android.coroutines.lifecycle-scope',
+    ['heuristics.android.coroutines.lifecycle-scope-boundary-leak.ast']
+  ),
   'skills.android.guideline.android.supervisorscope-errores-no-cancelan-otros-jobs': heuristicDetector(
     'android.coroutines.supervisor-scope',
     ['heuristics.android.coroutines.supervisor-scope.ast']

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pumuki",
-  "version": "6.3.184",
+  "version": "6.3.186",
   "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
   "main": "index.js",
   "bin": {

package/skills.lock.json

@@ -1,7 +1,7 @@
 {
   "version": "1.0",
   "compilerVersion": "1.0.0",
-  "generatedAt": "2026-05-12T20:47:37.241Z",
+  "generatedAt": "2026-05-12T21:00:49.435Z",
   "bundles": [
     {
       "name": "android-guidelines",