npm - @aiready/contract-enforcement - Versions diffs - 0.2.4 → 0.2.6 - Mend

@aiready/contract-enforcement 0.2.4 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,5 +1,5 @@
-> @aiready/contract-enforcement@0.2.4 build /Users/pengcao/projects/aiready/packages/contract-enforcement
+> @aiready/contract-enforcement@0.2.6 build /Users/pengcao/projects/aiready/packages/contract-enforcement
 > tsup src/index.ts --format cjs,esm --dts
 CLI Building entry: src/index.ts
@@ -8,11 +8,11 @@ CLI tsup v8.5.1
 CLI Target: es2020
 CJS Build start
 ESM Build start
-ESM dist/index.mjs 16.58 KB
-ESM ⚡️ Build success in 72ms
-CJS dist/index.js 18.01 KB
-CJS ⚡️ Build success in 72ms
+ESM dist/index.mjs 17.28 KB
+ESM ⚡️ Build success in 37ms
+CJS dist/index.js 18.72 KB
+CJS ⚡️ Build success in 39ms
 DTS Build start
-DTS ⚡️ Build success in 1722ms
+DTS ⚡️ Build success in 4782ms
 DTS dist/index.d.ts  2.45 KB
 DTS dist/index.d.mts 2.45 KB

package/.turbo/turbo-test.log CHANGED Viewed

@@ -1,16 +1,16 @@
-> @aiready/contract-enforcement@0.2.3 test /Users/pengcao/projects/aiready/packages/contract-enforcement
+> @aiready/contract-enforcement@0.2.5 test /Users/pengcao/projects/aiready/packages/contract-enforcement
 > vitest run
 [1m[46m RUN [49m[22m [36mv4.1.1 [39m[90m/Users/pengcao/projects/aiready/packages/contract-enforcement[39m
- [32m✓[39m src/__tests__/scoring.test.ts [2m([22m[2m7 tests[22m[2m)[22m[32m 6[2mms[22m[39m
- [32m✓[39m src/__tests__/detector.test.ts [2m([22m[2m14 tests[22m[2m)[22m[32m 63[2mms[22m[39m
- [32m✓[39m src/__tests__/provider.test.ts [2m([22m[2m5 tests[22m[2m)[22m[32m 2[2mms[22m[39m
+ [32m✓[39m src/__tests__/scoring.test.ts [2m([22m[2m7 tests[22m[2m)[22m[32m 3[2mms[22m[39m
+ [32m✓[39m src/__tests__/detector.test.ts [2m([22m[2m14 tests[22m[2m)[22m[32m 105[2mms[22m[39m
+ [32m✓[39m src/__tests__/provider.test.ts [2m([22m[2m5 tests[22m[2m)[22m[32m 3[2mms[22m[39m
 [2m Test Files [22m [1m[32m3 passed[39m[22m[90m (3)[39m
 [2m      Tests [22m [1m[32m26 passed[39m[22m[90m (26)[39m
-[2m   Start at [22m 18:34:10
-[2m   Duration [22m 3.24s[2m (transform 1.43s, setup 0ms, import 5.20s, tests 72ms, environment 0ms)[22m
+[2m   Start at [22m 20:27:25
+[2m   Duration [22m 4.35s[2m (transform 1.54s, setup 0ms, import 6.86s, tests 111ms, environment 0ms)[22m

package/dist/index.js CHANGED Viewed

@@ -109,7 +109,6 @@ function countOptionalChainDepth(node) {
   return depth;
 }
 function isLiteral(node) {
-  if (!node) return false;
   if (node.type === "Literal") return true;
   if (node.type === "TemplateLiteral" && node.expressions.length === 0)
     return true;
@@ -119,10 +118,9 @@ function isLiteral(node) {
   return false;
 }
 function isProcessEnvAccess(node) {
-  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.name === "process" && node.object.property?.name === "env";
+  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.type === "Identifier" && node.object.object.name === "process" && node.object.property?.type === "Identifier" && node.object.property.name === "env";
 }
 function isSstResourceAccess(node) {
-  if (!node) return false;
   let current = node;
   if (current.type === "ChainExpression") {
     current = current.expression;
@@ -145,9 +143,13 @@ function isSwallowedCatch(body, filePath) {
     const stmt = body[0];
     if (stmt.type === "ExpressionStatement" && stmt.expression?.type === "CallExpression") {
       const callee = stmt.expression.callee;
-      if (callee?.object?.name === "console") return true;
+      if (callee?.type === "MemberExpression" && callee.object?.type === "Identifier" && callee.object.name === "console")
+        return true;
       if (isUiComponent) {
-        const calleeName = callee?.name || callee?.property?.name || "";
+        let calleeName = "";
+        if (callee?.type === "Identifier") calleeName = callee.name;
+        else if (callee?.type === "MemberExpression" && callee.property.type === "Identifier")
+          calleeName = callee.property.name;
         if (/telemetry|analytics|track|logEvent/i.test(calleeName)) {
           return false;
         }
@@ -193,9 +195,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Major,
             "`as any` type assertion bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -209,9 +211,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Major,
             "`as unknown` double-cast bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -226,9 +228,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Minor,
             `Optional chain depth of ${depth} indicates missing structural guarantees`,
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -242,9 +244,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Minor,
             "Nullish coalescing with literal default suggests missing upstream type guarantee",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -259,9 +261,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Major,
             "Error is swallowed in catch block \u2014 failures will be silent",
             filePath,
-            node.handler.loc?.start.line ?? 0,
-            node.handler.loc?.start.column ?? 0,
-            getLineContent(code, node.handler.loc?.start.line ?? 0)
+            node.handler.loc.start.line,
+            node.handler.loc.start.column,
+            getLineContent(code, node.handler.loc.start.line)
           )
         );
       }
@@ -274,9 +276,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
           import_core.Severity.Minor,
           "Environment variable with fallback \u2014 use a validated env schema instead",
           filePath,
-          node.loc?.start.line ?? 0,
-          node.loc?.start.column ?? 0,
-          getLineContent(code, node.loc?.start.line ?? 0)
+          node.loc.start.line,
+          node.loc.start.column,
+          getLineContent(code, node.loc.start.line)
         )
       );
     }
@@ -296,16 +298,19 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Info,
             "Guard clause could be eliminated with non-nullable type at source",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
     }
     if ((node.type === "FunctionDeclaration" || node.type === "FunctionExpression" || node.type === "ArrowFunctionExpression") && node.params) {
       for (const param of node.params) {
-        const typeAnno = param.typeAnnotation?.typeAnnotation ?? param.typeAnnotation;
+        let typeAnno;
+        if ("typeAnnotation" in param && param.typeAnnotation) {
+          typeAnno = param.typeAnnotation.typeAnnotation;
+        }
         if (typeAnno?.type === "TSAnyKeyword") {
           counts["any-parameter"]++;
           issues.push(
@@ -314,27 +319,33 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
               import_core.Severity.Major,
               "Parameter typed as `any` bypasses type safety",
               filePath,
-              param.loc?.start.line ?? 0,
-              param.loc?.start.column ?? 0,
-              getLineContent(code, param.loc?.start.line ?? 0)
+              param.loc.start.line,
+              param.loc.start.column,
+              getLineContent(code, param.loc.start.line)
             )
           );
         }
       }
-      const returnAnno = node.returnType?.typeAnnotation ?? node.returnType;
+      let returnAnno;
+      if ("returnType" in node && node.returnType) {
+        returnAnno = node.returnType.typeAnnotation;
+      }
       if (returnAnno?.type === "TSAnyKeyword") {
-        counts["any-return"]++;
-        issues.push(
-          makeIssue(
-            "any-return",
-            import_core.Severity.Major,
-            "Return type is `any` \u2014 callers cannot rely on the result shape",
-            filePath,
-            node.returnType?.loc?.start.line ?? 0,
-            node.returnType?.loc?.start.column ?? 0,
-            getLineContent(code, node.returnType?.loc?.start.line ?? 0)
-          )
-        );
+        const fnNode = node;
+        if (fnNode.returnType?.loc) {
+          counts["any-return"]++;
+          issues.push(
+            makeIssue(
+              "any-return",
+              import_core.Severity.Major,
+              "Return type is `any` \u2014 callers cannot rely on the result shape",
+              filePath,
+              fnNode.returnType.loc.start.line,
+              fnNode.returnType.loc.start.column,
+              getLineContent(code, fnNode.returnType.loc.start.line)
+            )
+          );
+        }
       }
     }
     for (const key in node) {
@@ -495,11 +506,24 @@ var ContractEnforcementProvider = (0, import_core3.createProvider)({
   },
   score(output, _options) {
     const rawData = output.metadata?.rawData ?? {};
-    return calculateContractEnforcementScore(
+    const result = calculateContractEnforcementScore(
       rawData,
       rawData.totalLines ?? 1,
       rawData.sourceFiles ?? 1
     );
+    return {
+      toolName: import_core3.ToolName.ContractEnforcement,
+      score: result.score,
+      rating: result.rating,
+      recommendations: result.recommendations.map((action) => ({
+        action,
+        estimatedImpact: 10,
+        priority: "medium"
+      })),
+      dimensions: result.dimensions,
+      rawMetrics: rawData,
+      factors: []
+    };
   }
 });

package/dist/index.mjs CHANGED Viewed

@@ -82,7 +82,6 @@ function countOptionalChainDepth(node) {
   return depth;
 }
 function isLiteral(node) {
-  if (!node) return false;
   if (node.type === "Literal") return true;
   if (node.type === "TemplateLiteral" && node.expressions.length === 0)
     return true;
@@ -92,10 +91,9 @@ function isLiteral(node) {
   return false;
 }
 function isProcessEnvAccess(node) {
-  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.name === "process" && node.object.property?.name === "env";
+  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.type === "Identifier" && node.object.object.name === "process" && node.object.property?.type === "Identifier" && node.object.property.name === "env";
 }
 function isSstResourceAccess(node) {
-  if (!node) return false;
   let current = node;
   if (current.type === "ChainExpression") {
     current = current.expression;
@@ -118,9 +116,13 @@ function isSwallowedCatch(body, filePath) {
     const stmt = body[0];
     if (stmt.type === "ExpressionStatement" && stmt.expression?.type === "CallExpression") {
       const callee = stmt.expression.callee;
-      if (callee?.object?.name === "console") return true;
+      if (callee?.type === "MemberExpression" && callee.object?.type === "Identifier" && callee.object.name === "console")
+        return true;
       if (isUiComponent) {
-        const calleeName = callee?.name || callee?.property?.name || "";
+        let calleeName = "";
+        if (callee?.type === "Identifier") calleeName = callee.name;
+        else if (callee?.type === "MemberExpression" && callee.property.type === "Identifier")
+          calleeName = callee.property.name;
         if (/telemetry|analytics|track|logEvent/i.test(calleeName)) {
           return false;
         }
@@ -166,9 +168,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Major,
             "`as any` type assertion bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -182,9 +184,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Major,
             "`as unknown` double-cast bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -199,9 +201,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Minor,
             `Optional chain depth of ${depth} indicates missing structural guarantees`,
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -215,9 +217,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Minor,
             "Nullish coalescing with literal default suggests missing upstream type guarantee",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -232,9 +234,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Major,
             "Error is swallowed in catch block \u2014 failures will be silent",
             filePath,
-            node.handler.loc?.start.line ?? 0,
-            node.handler.loc?.start.column ?? 0,
-            getLineContent(code, node.handler.loc?.start.line ?? 0)
+            node.handler.loc.start.line,
+            node.handler.loc.start.column,
+            getLineContent(code, node.handler.loc.start.line)
           )
         );
       }
@@ -247,9 +249,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
           Severity.Minor,
           "Environment variable with fallback \u2014 use a validated env schema instead",
           filePath,
-          node.loc?.start.line ?? 0,
-          node.loc?.start.column ?? 0,
-          getLineContent(code, node.loc?.start.line ?? 0)
+          node.loc.start.line,
+          node.loc.start.column,
+          getLineContent(code, node.loc.start.line)
         )
       );
     }
@@ -269,16 +271,19 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Info,
             "Guard clause could be eliminated with non-nullable type at source",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
     }
     if ((node.type === "FunctionDeclaration" || node.type === "FunctionExpression" || node.type === "ArrowFunctionExpression") && node.params) {
       for (const param of node.params) {
-        const typeAnno = param.typeAnnotation?.typeAnnotation ?? param.typeAnnotation;
+        let typeAnno;
+        if ("typeAnnotation" in param && param.typeAnnotation) {
+          typeAnno = param.typeAnnotation.typeAnnotation;
+        }
         if (typeAnno?.type === "TSAnyKeyword") {
           counts["any-parameter"]++;
           issues.push(
@@ -287,27 +292,33 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
               Severity.Major,
               "Parameter typed as `any` bypasses type safety",
               filePath,
-              param.loc?.start.line ?? 0,
-              param.loc?.start.column ?? 0,
-              getLineContent(code, param.loc?.start.line ?? 0)
+              param.loc.start.line,
+              param.loc.start.column,
+              getLineContent(code, param.loc.start.line)
             )
           );
         }
       }
-      const returnAnno = node.returnType?.typeAnnotation ?? node.returnType;
+      let returnAnno;
+      if ("returnType" in node && node.returnType) {
+        returnAnno = node.returnType.typeAnnotation;
+      }
       if (returnAnno?.type === "TSAnyKeyword") {
-        counts["any-return"]++;
-        issues.push(
-          makeIssue(
-            "any-return",
-            Severity.Major,
-            "Return type is `any` \u2014 callers cannot rely on the result shape",
-            filePath,
-            node.returnType?.loc?.start.line ?? 0,
-            node.returnType?.loc?.start.column ?? 0,
-            getLineContent(code, node.returnType?.loc?.start.line ?? 0)
-          )
-        );
+        const fnNode = node;
+        if (fnNode.returnType?.loc) {
+          counts["any-return"]++;
+          issues.push(
+            makeIssue(
+              "any-return",
+              Severity.Major,
+              "Return type is `any` \u2014 callers cannot rely on the result shape",
+              filePath,
+              fnNode.returnType.loc.start.line,
+              fnNode.returnType.loc.start.column,
+              getLineContent(code, fnNode.returnType.loc.start.line)
+            )
+          );
+        }
       }
     }
     for (const key in node) {
@@ -468,11 +479,24 @@ var ContractEnforcementProvider = createProvider({
   },
   score(output, _options) {
     const rawData = output.metadata?.rawData ?? {};
-    return calculateContractEnforcementScore(
+    const result = calculateContractEnforcementScore(
       rawData,
       rawData.totalLines ?? 1,
       rawData.sourceFiles ?? 1
     );
+    return {
+      toolName: ToolName.ContractEnforcement,
+      score: result.score,
+      rating: result.rating,
+      recommendations: result.recommendations.map((action) => ({
+        action,
+        estimatedImpact: 10,
+        priority: "medium"
+      })),
+      dimensions: result.dimensions,
+      rawMetrics: rawData,
+      factors: []
+    };
   }
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aiready/contract-enforcement",
-  "version": "0.2.4",
+  "version": "0.2.6",
   "description": "Measures structural type safety and boundary validation to reduce fallback cascades for AI agents",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -32,7 +32,7 @@
   "homepage": "https://github.com/caopengau/aiready-contract-enforcement",
   "dependencies": {
     "@typescript-eslint/typescript-estree": "^8.53.0",
-    "@aiready/core": "0.24.4"
+    "@aiready/core": "0.24.6"
   },
   "devDependencies": {
     "@types/node": "^24.0.0",

package/src/detector.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { parse } from '@typescript-eslint/typescript-estree';
+import { parse, TSESTree } from '@typescript-eslint/typescript-estree';
 import { Severity, IssueType } from '@aiready/core';
 import type {
   ContractEnforcementIssue,
@@ -56,9 +56,9 @@ function getLineContent(code: string, line: number): string {
   return (lines[line - 1] || '').trim().slice(0, 120);
 }
-function countOptionalChainDepth(node: any): number {
+function countOptionalChainDepth(node: TSESTree.Node): number {
   let depth = 0;
-  let current = node;
+  let current: TSESTree.Node | undefined = node;
   while (current) {
     if (current.type === 'MemberExpression' && current.optional) {
       depth++;
@@ -75,8 +75,7 @@ function countOptionalChainDepth(node: any): number {
   return depth;
 }
-function isLiteral(node: any): boolean {
-  if (!node) return false;
+function isLiteral(node: TSESTree.Node): boolean {
   if (node.type === 'Literal') return true;
   if (node.type === 'TemplateLiteral' && node.expressions.length === 0)
     return true;
@@ -89,18 +88,19 @@ function isLiteral(node: any): boolean {
   return false;
 }
-function isProcessEnvAccess(node: any): boolean {
+function isProcessEnvAccess(node: TSESTree.Node | undefined): boolean {
   return (
     node?.type === 'MemberExpression' &&
     node.object?.type === 'MemberExpression' &&
-    node.object.object?.name === 'process' &&
-    node.object.property?.name === 'env'
+    node.object.object?.type === 'Identifier' &&
+    node.object.object.name === 'process' &&
+    node.object.property?.type === 'Identifier' &&
+    node.object.property.name === 'env'
   );
 }
-function isSstResourceAccess(node: any): boolean {
-  if (!node) return false;
-  let current = node;
+function isSstResourceAccess(node: TSESTree.Node): boolean {
+  let current: TSESTree.Node = node;
   // Handle ChainExpression for optional chaining like Resource.MySecret?.value
   if (current.type === 'ChainExpression') {
     current = current.expression;
@@ -125,7 +125,10 @@ function isSstResourceAccess(node: any): boolean {
   return false;
 }
-function isSwallowedCatch(body: any[], filePath: string): boolean {
+function isSwallowedCatch(
+  body: TSESTree.Statement[],
+  filePath: string
+): boolean {
   if (body.length === 0) return true;
   // UI components often have intentional silent catches for telemetry/analytics
@@ -139,11 +142,23 @@ function isSwallowedCatch(body: any[], filePath: string): boolean {
     ) {
       const callee = stmt.expression.callee;
       // console.log/warn/error is still considered "swallowed" but might be acceptable
-      if (callee?.object?.name === 'console') return true;
+      if (
+        callee?.type === 'MemberExpression' &&
+        callee.object?.type === 'Identifier' &&
+        callee.object.name === 'console'
+      )
+        return true;
       // If it's a UI component and looks like telemetry, it's a false positive
       if (isUiComponent) {
-        const calleeName = callee?.name || callee?.property?.name || '';
+        let calleeName = '';
+        if (callee?.type === 'Identifier') calleeName = callee.name;
+        else if (
+          callee?.type === 'MemberExpression' &&
+          callee.property.type === 'Identifier'
+        )
+          calleeName = callee.property.name;
         if (/telemetry|analytics|track|logEvent/i.test(calleeName)) {
           return false; // Not "swallowed" in a bad way
         }
@@ -164,7 +179,7 @@ export function detectDefensivePatterns(
   const counts: PatternCounts = { ...ZERO_COUNTS };
   const totalLines = code.split('\n').length;
-  let ast: any;
+  let ast: TSESTree.Program;
   try {
     ast = parse(code, {
       filePath,
@@ -176,9 +191,9 @@ export function detectDefensivePatterns(
     return { issues, counts, totalLines };
   }
-  const nodesAtFunctionStart = new WeakSet<any>();
+  const nodesAtFunctionStart = new WeakSet<TSESTree.Node>();
-  function markFunctionParamNodes(node: any) {
+  function markFunctionParamNodes(node: TSESTree.Node) {
     if (
       node.type === 'FunctionDeclaration' ||
       node.type === 'FunctionExpression' ||
@@ -191,7 +206,11 @@ export function detectDefensivePatterns(
     }
   }
-  function visit(node: any, _parent?: any, _keyInParent?: string) {
+  function visit(
+    node: TSESTree.Node | undefined,
+    _parent?: TSESTree.Node,
+    _keyInParent?: string
+  ) {
     if (!node || typeof node !== 'object') return;
     markFunctionParamNodes(node);
@@ -213,9 +232,9 @@ export function detectDefensivePatterns(
             Severity.Major,
             '`as any` type assertion bypasses type safety',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -238,9 +257,9 @@ export function detectDefensivePatterns(
             Severity.Major,
             '`as unknown` double-cast bypasses type safety',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -257,9 +276,9 @@ export function detectDefensivePatterns(
             Severity.Minor,
             `Optional chain depth of ${depth} indicates missing structural guarantees`,
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -280,9 +299,9 @@ export function detectDefensivePatterns(
             Severity.Minor,
             'Nullish coalescing with literal default suggests missing upstream type guarantee',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -299,9 +318,9 @@ export function detectDefensivePatterns(
             Severity.Major,
             'Error is swallowed in catch block — failures will be silent',
             filePath,
-            node.handler.loc?.start.line ?? 0,
-            node.handler.loc?.start.column ?? 0,
-            getLineContent(code, node.handler.loc?.start.line ?? 0)
+            node.handler.loc.start.line,
+            node.handler.loc.start.column,
+            getLineContent(code, node.handler.loc.start.line)
           )
         );
       }
@@ -320,9 +339,9 @@ export function detectDefensivePatterns(
           Severity.Minor,
           'Environment variable with fallback — use a validated env schema instead',
           filePath,
-          node.loc?.start.line ?? 0,
-          node.loc?.start.column ?? 0,
-          getLineContent(code, node.loc?.start.line ?? 0)
+          node.loc.start.line,
+          node.loc.start.column,
+          getLineContent(code, node.loc.start.line)
         )
       );
     }
@@ -352,9 +371,9 @@ export function detectDefensivePatterns(
             Severity.Info,
             'Guard clause could be eliminated with non-nullable type at source',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -368,8 +387,14 @@ export function detectDefensivePatterns(
       node.params
     ) {
       for (const param of node.params) {
-        const typeAnno =
-          param.typeAnnotation?.typeAnnotation ?? param.typeAnnotation;
+        let typeAnno: TSESTree.TypeNode | undefined;
+        // Handle Identifier, AssignmentPattern, RestElement, etc.
+        if ('typeAnnotation' in param && param.typeAnnotation) {
+          typeAnno = (param.typeAnnotation as TSESTree.TSTypeAnnotation)
+            .typeAnnotation;
+        }
         if (typeAnno?.type === 'TSAnyKeyword') {
           counts['any-parameter']++;
           issues.push(
@@ -378,40 +403,48 @@ export function detectDefensivePatterns(
               Severity.Major,
               'Parameter typed as `any` bypasses type safety',
               filePath,
-              param.loc?.start.line ?? 0,
-              param.loc?.start.column ?? 0,
-              getLineContent(code, param.loc?.start.line ?? 0)
+              param.loc.start.line,
+              param.loc.start.column,
+              getLineContent(code, param.loc.start.line)
             )
           );
         }
       }
       // Pattern: any return type
-      const returnAnno = node.returnType?.typeAnnotation ?? node.returnType;
+      let returnAnno: TSESTree.TypeNode | undefined;
+      if ('returnType' in node && node.returnType) {
+        returnAnno = (node.returnType as TSESTree.TSTypeAnnotation)
+          .typeAnnotation;
+      }
       if (returnAnno?.type === 'TSAnyKeyword') {
-        counts['any-return']++;
-        issues.push(
-          makeIssue(
-            'any-return',
-            Severity.Major,
-            'Return type is `any` — callers cannot rely on the result shape',
-            filePath,
-            node.returnType?.loc?.start.line ?? 0,
-            node.returnType?.loc?.start.column ?? 0,
-            getLineContent(code, node.returnType?.loc?.start.line ?? 0)
-          )
-        );
+        const fnNode = node as TSESTree.FunctionDeclaration;
+        if (fnNode.returnType?.loc) {
+          counts['any-return']++;
+          issues.push(
+            makeIssue(
+              'any-return',
+              Severity.Major,
+              'Return type is `any` — callers cannot rely on the result shape',
+              filePath,
+              fnNode.returnType.loc.start.line,
+              fnNode.returnType.loc.start.column,
+              getLineContent(code, fnNode.returnType.loc.start.line)
+            )
+          );
+        }
       }
     }
     // Recurse
     for (const key in node) {
       if (key === 'loc' || key === 'range' || key === 'parent') continue;
-      const child = node[key];
+      const child = (node as Record<string, any>)[key];
       if (Array.isArray(child)) {
         for (const item of child) {
           if (item && typeof item.type === 'string') {
-            visit(item, node, key);
+            visit(item as TSESTree.Node, node, key);
           }
         }
       } else if (
@@ -419,7 +452,7 @@ export function detectDefensivePatterns(
         typeof child === 'object' &&
         typeof child.type === 'string'
       ) {
-        visit(child, node, key);
+        visit(child as TSESTree.Node, node, key);
       }
     }
   }

package/src/provider.ts CHANGED Viewed

@@ -30,11 +30,24 @@ export const ContractEnforcementProvider = createProvider({
   },
   score(output: SpokeOutput, _options: ScanOptions) {
-    const rawData = (output.metadata as any)?.rawData ?? {};
-    return calculateContractEnforcementScore(
+    const rawData = output.metadata?.rawData ?? {};
+    const result = calculateContractEnforcementScore(
       rawData,
       rawData.totalLines ?? 1,
       rawData.sourceFiles ?? 1
-    ) as any;
+    );
+    return {
+      toolName: ToolName.ContractEnforcement,
+      score: result.score,
+      rating: result.rating,
+      recommendations: result.recommendations.map((action) => ({
+        action,
+        estimatedImpact: 10,
+        priority: 'medium' as const,
+      })),
+      dimensions: result.dimensions,
+      rawMetrics: rawData,
+      factors: [],
+    };
   },
 });