@aiready/contract-enforcement 0.2.5 → 0.2.6

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @aiready/contract-enforcement@0.2.5 build /Users/pengcao/projects/aiready/packages/contract-enforcement
+> @aiready/contract-enforcement@0.2.6 build /Users/pengcao/projects/aiready/packages/contract-enforcement
 > tsup src/index.ts --format cjs,esm --dts
 
 CLI Building entry: src/index.ts
@@ -8,11 +8,11 @@ CLI tsup v8.5.1
 CLI Target: es2020
 CJS Build start
 ESM Build start
-CJS dist/index.js 18.01 KB
-CJS ⚡️ Build success in 241ms
-ESM dist/index.mjs 16.58 KB
-ESM ⚡️ Build success in 241ms
+ESM dist/index.mjs 17.28 KB
+ESM ⚡️ Build success in 37ms
+CJS dist/index.js 18.72 KB
+CJS ⚡️ Build success in 39ms
 DTS Build start
-DTS ⚡️ Build success in 4082ms
+DTS ⚡️ Build success in 4782ms
 DTS dist/index.d.ts  2.45 KB
 DTS dist/index.d.mts 2.45 KB

package/.turbo/turbo-test.log

@@ -1,16 +1,16 @@
 
-> @aiready/contract-enforcement@0.2.4 test /Users/pengcao/projects/aiready/packages/contract-enforcement
+> @aiready/contract-enforcement@0.2.5 test /Users/pengcao/projects/aiready/packages/contract-enforcement
 > vitest run
 
 
  RUN  v4.1.1 /Users/pengcao/projects/aiready/packages/contract-enforcement
 
  ✓ src/__tests__/scoring.test.ts (7 tests) 3ms
- ✓ src/__tests__/detector.test.ts (14 tests) 16ms
- ✓ src/__tests__/provider.test.ts (5 tests) 19ms
+ ✓ src/__tests__/detector.test.ts (14 tests) 105ms
+ ✓ src/__tests__/provider.test.ts (5 tests) 3ms
 
  Test Files  3 passed (3)
       Tests  26 passed (26)
-   Start at  21:12:44
-   Duration  2.44s (transform 1.37s, setup 0ms, import 4.00s, tests 38ms, environment 0ms)
+   Start at  20:27:25
+   Duration  4.35s (transform 1.54s, setup 0ms, import 6.86s, tests 111ms, environment 0ms)
 

package/dist/index.js

@@ -109,7 +109,6 @@ function countOptionalChainDepth(node) {
   return depth;
 }
 function isLiteral(node) {
-  if (!node) return false;
   if (node.type === "Literal") return true;
   if (node.type === "TemplateLiteral" && node.expressions.length === 0)
     return true;
@@ -119,10 +118,9 @@ function isLiteral(node) {
   return false;
 }
 function isProcessEnvAccess(node) {
-  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.name === "process" && node.object.property?.name === "env";
+  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.type === "Identifier" && node.object.object.name === "process" && node.object.property?.type === "Identifier" && node.object.property.name === "env";
 }
 function isSstResourceAccess(node) {
-  if (!node) return false;
   let current = node;
   if (current.type === "ChainExpression") {
     current = current.expression;
@@ -145,9 +143,13 @@ function isSwallowedCatch(body, filePath) {
     const stmt = body[0];
     if (stmt.type === "ExpressionStatement" && stmt.expression?.type === "CallExpression") {
       const callee = stmt.expression.callee;
-      if (callee?.object?.name === "console") return true;
+      if (callee?.type === "MemberExpression" && callee.object?.type === "Identifier" && callee.object.name === "console")
+        return true;
       if (isUiComponent) {
-        const calleeName = callee?.name || callee?.property?.name || "";
+        let calleeName = "";
+        if (callee?.type === "Identifier") calleeName = callee.name;
+        else if (callee?.type === "MemberExpression" && callee.property.type === "Identifier")
+          calleeName = callee.property.name;
         if (/telemetry|analytics|track|logEvent/i.test(calleeName)) {
           return false;
         }
@@ -193,9 +195,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Major,
             "`as any` type assertion bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -209,9 +211,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Major,
             "`as unknown` double-cast bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -226,9 +228,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Minor,
             `Optional chain depth of ${depth} indicates missing structural guarantees`,
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -242,9 +244,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Minor,
             "Nullish coalescing with literal default suggests missing upstream type guarantee",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -259,9 +261,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Major,
             "Error is swallowed in catch block \u2014 failures will be silent",
             filePath,
-            node.handler.loc?.start.line ?? 0,
-            node.handler.loc?.start.column ?? 0,
-            getLineContent(code, node.handler.loc?.start.line ?? 0)
+            node.handler.loc.start.line,
+            node.handler.loc.start.column,
+            getLineContent(code, node.handler.loc.start.line)
           )
         );
       }
@@ -274,9 +276,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
           import_core.Severity.Minor,
           "Environment variable with fallback \u2014 use a validated env schema instead",
           filePath,
-          node.loc?.start.line ?? 0,
-          node.loc?.start.column ?? 0,
-          getLineContent(code, node.loc?.start.line ?? 0)
+          node.loc.start.line,
+          node.loc.start.column,
+          getLineContent(code, node.loc.start.line)
         )
       );
     }
@@ -296,16 +298,19 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Info,
             "Guard clause could be eliminated with non-nullable type at source",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
     }
     if ((node.type === "FunctionDeclaration" || node.type === "FunctionExpression" || node.type === "ArrowFunctionExpression") && node.params) {
       for (const param of node.params) {
-        const typeAnno = param.typeAnnotation?.typeAnnotation ?? param.typeAnnotation;
+        let typeAnno;
+        if ("typeAnnotation" in param && param.typeAnnotation) {
+          typeAnno = param.typeAnnotation.typeAnnotation;
+        }
         if (typeAnno?.type === "TSAnyKeyword") {
           counts["any-parameter"]++;
           issues.push(
@@ -314,27 +319,33 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
               import_core.Severity.Major,
               "Parameter typed as `any` bypasses type safety",
               filePath,
-              param.loc?.start.line ?? 0,
-              param.loc?.start.column ?? 0,
-              getLineContent(code, param.loc?.start.line ?? 0)
+              param.loc.start.line,
+              param.loc.start.column,
+              getLineContent(code, param.loc.start.line)
             )
           );
         }
       }
-      const returnAnno = node.returnType?.typeAnnotation ?? node.returnType;
+      let returnAnno;
+      if ("returnType" in node && node.returnType) {
+        returnAnno = node.returnType.typeAnnotation;
+      }
       if (returnAnno?.type === "TSAnyKeyword") {
-        counts["any-return"]++;
-        issues.push(
-          makeIssue(
-            "any-return",
-            import_core.Severity.Major,
-            "Return type is `any` \u2014 callers cannot rely on the result shape",
-            filePath,
-            node.returnType?.loc?.start.line ?? 0,
-            node.returnType?.loc?.start.column ?? 0,
-            getLineContent(code, node.returnType?.loc?.start.line ?? 0)
-          )
-        );
+        const fnNode = node;
+        if (fnNode.returnType?.loc) {
+          counts["any-return"]++;
+          issues.push(
+            makeIssue(
+              "any-return",
+              import_core.Severity.Major,
+              "Return type is `any` \u2014 callers cannot rely on the result shape",
+              filePath,
+              fnNode.returnType.loc.start.line,
+              fnNode.returnType.loc.start.column,
+              getLineContent(code, fnNode.returnType.loc.start.line)
+            )
+          );
+        }
       }
     }
     for (const key in node) {
@@ -495,11 +506,24 @@ var ContractEnforcementProvider = (0, import_core3.createProvider)({
   },
   score(output, _options) {
     const rawData = output.metadata?.rawData ?? {};
-    return calculateContractEnforcementScore(
+    const result = calculateContractEnforcementScore(
       rawData,
       rawData.totalLines ?? 1,
       rawData.sourceFiles ?? 1
     );
+    return {
+      toolName: import_core3.ToolName.ContractEnforcement,
+      score: result.score,
+      rating: result.rating,
+      recommendations: result.recommendations.map((action) => ({
+        action,
+        estimatedImpact: 10,
+        priority: "medium"
+      })),
+      dimensions: result.dimensions,
+      rawMetrics: rawData,
+      factors: []
+    };
   }
 });
 

package/dist/index.mjs

@@ -82,7 +82,6 @@ function countOptionalChainDepth(node) {
   return depth;
 }
 function isLiteral(node) {
-  if (!node) return false;
   if (node.type === "Literal") return true;
   if (node.type === "TemplateLiteral" && node.expressions.length === 0)
     return true;
@@ -92,10 +91,9 @@ function isLiteral(node) {
   return false;
 }
 function isProcessEnvAccess(node) {
-  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.name === "process" && node.object.property?.name === "env";
+  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.type === "Identifier" && node.object.object.name === "process" && node.object.property?.type === "Identifier" && node.object.property.name === "env";
 }
 function isSstResourceAccess(node) {
-  if (!node) return false;
   let current = node;
   if (current.type === "ChainExpression") {
     current = current.expression;
@@ -118,9 +116,13 @@ function isSwallowedCatch(body, filePath) {
     const stmt = body[0];
     if (stmt.type === "ExpressionStatement" && stmt.expression?.type === "CallExpression") {
       const callee = stmt.expression.callee;
-      if (callee?.object?.name === "console") return true;
+      if (callee?.type === "MemberExpression" && callee.object?.type === "Identifier" && callee.object.name === "console")
+        return true;
       if (isUiComponent) {
-        const calleeName = callee?.name || callee?.property?.name || "";
+        let calleeName = "";
+        if (callee?.type === "Identifier") calleeName = callee.name;
+        else if (callee?.type === "MemberExpression" && callee.property.type === "Identifier")
+          calleeName = callee.property.name;
         if (/telemetry|analytics|track|logEvent/i.test(calleeName)) {
           return false;
         }
@@ -166,9 +168,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Major,
             "`as any` type assertion bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -182,9 +184,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Major,
             "`as unknown` double-cast bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -199,9 +201,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Minor,
             `Optional chain depth of ${depth} indicates missing structural guarantees`,
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -215,9 +217,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Minor,
             "Nullish coalescing with literal default suggests missing upstream type guarantee",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -232,9 +234,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Major,
             "Error is swallowed in catch block \u2014 failures will be silent",
             filePath,
-            node.handler.loc?.start.line ?? 0,
-            node.handler.loc?.start.column ?? 0,
-            getLineContent(code, node.handler.loc?.start.line ?? 0)
+            node.handler.loc.start.line,
+            node.handler.loc.start.column,
+            getLineContent(code, node.handler.loc.start.line)
           )
         );
       }
@@ -247,9 +249,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
           Severity.Minor,
           "Environment variable with fallback \u2014 use a validated env schema instead",
           filePath,
-          node.loc?.start.line ?? 0,
-          node.loc?.start.column ?? 0,
-          getLineContent(code, node.loc?.start.line ?? 0)
+          node.loc.start.line,
+          node.loc.start.column,
+          getLineContent(code, node.loc.start.line)
         )
       );
     }
@@ -269,16 +271,19 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Info,
             "Guard clause could be eliminated with non-nullable type at source",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
     }
     if ((node.type === "FunctionDeclaration" || node.type === "FunctionExpression" || node.type === "ArrowFunctionExpression") && node.params) {
       for (const param of node.params) {
-        const typeAnno = param.typeAnnotation?.typeAnnotation ?? param.typeAnnotation;
+        let typeAnno;
+        if ("typeAnnotation" in param && param.typeAnnotation) {
+          typeAnno = param.typeAnnotation.typeAnnotation;
+        }
         if (typeAnno?.type === "TSAnyKeyword") {
           counts["any-parameter"]++;
           issues.push(
@@ -287,27 +292,33 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
               Severity.Major,
               "Parameter typed as `any` bypasses type safety",
               filePath,
-              param.loc?.start.line ?? 0,
-              param.loc?.start.column ?? 0,
-              getLineContent(code, param.loc?.start.line ?? 0)
+              param.loc.start.line,
+              param.loc.start.column,
+              getLineContent(code, param.loc.start.line)
             )
           );
         }
       }
-      const returnAnno = node.returnType?.typeAnnotation ?? node.returnType;
+      let returnAnno;
+      if ("returnType" in node && node.returnType) {
+        returnAnno = node.returnType.typeAnnotation;
+      }
       if (returnAnno?.type === "TSAnyKeyword") {
-        counts["any-return"]++;
-        issues.push(
-          makeIssue(
-            "any-return",
-            Severity.Major,
-            "Return type is `any` \u2014 callers cannot rely on the result shape",
-            filePath,
-            node.returnType?.loc?.start.line ?? 0,
-            node.returnType?.loc?.start.column ?? 0,
-            getLineContent(code, node.returnType?.loc?.start.line ?? 0)
-          )
-        );
+        const fnNode = node;
+        if (fnNode.returnType?.loc) {
+          counts["any-return"]++;
+          issues.push(
+            makeIssue(
+              "any-return",
+              Severity.Major,
+              "Return type is `any` \u2014 callers cannot rely on the result shape",
+              filePath,
+              fnNode.returnType.loc.start.line,
+              fnNode.returnType.loc.start.column,
+              getLineContent(code, fnNode.returnType.loc.start.line)
+            )
+          );
+        }
       }
     }
     for (const key in node) {
@@ -468,11 +479,24 @@ var ContractEnforcementProvider = createProvider({
   },
   score(output, _options) {
     const rawData = output.metadata?.rawData ?? {};
-    return calculateContractEnforcementScore(
+    const result = calculateContractEnforcementScore(
       rawData,
       rawData.totalLines ?? 1,
       rawData.sourceFiles ?? 1
     );
+    return {
+      toolName: ToolName.ContractEnforcement,
+      score: result.score,
+      rating: result.rating,
+      recommendations: result.recommendations.map((action) => ({
+        action,
+        estimatedImpact: 10,
+        priority: "medium"
+      })),
+      dimensions: result.dimensions,
+      rawMetrics: rawData,
+      factors: []
+    };
   }
 });
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aiready/contract-enforcement",
-  "version": "0.2.5",
+  "version": "0.2.6",
   "description": "Measures structural type safety and boundary validation to reduce fallback cascades for AI agents",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -32,7 +32,7 @@
   "homepage": "https://github.com/caopengau/aiready-contract-enforcement",
   "dependencies": {
     "@typescript-eslint/typescript-estree": "^8.53.0",
-    "@aiready/core": "0.24.5"
+    "@aiready/core": "0.24.6"
   },
   "devDependencies": {
     "@types/node": "^24.0.0",

package/src/detector.ts

@@ -1,4 +1,4 @@
-import { parse } from '@typescript-eslint/typescript-estree';
+import { parse, TSESTree } from '@typescript-eslint/typescript-estree';
 import { Severity, IssueType } from '@aiready/core';
 import type {
   ContractEnforcementIssue,
@@ -56,9 +56,9 @@ function getLineContent(code: string, line: number): string {
   return (lines[line - 1] || '').trim().slice(0, 120);
 }
 
-function countOptionalChainDepth(node: any): number {
+function countOptionalChainDepth(node: TSESTree.Node): number {
   let depth = 0;
-  let current = node;
+  let current: TSESTree.Node | undefined = node;
   while (current) {
     if (current.type === 'MemberExpression' && current.optional) {
       depth++;
@@ -75,8 +75,7 @@ function countOptionalChainDepth(node: any): number {
   return depth;
 }
 
-function isLiteral(node: any): boolean {
-  if (!node) return false;
+function isLiteral(node: TSESTree.Node): boolean {
   if (node.type === 'Literal') return true;
   if (node.type === 'TemplateLiteral' && node.expressions.length === 0)
     return true;
@@ -89,18 +88,19 @@ function isLiteral(node: any): boolean {
   return false;
 }
 
-function isProcessEnvAccess(node: any): boolean {
+function isProcessEnvAccess(node: TSESTree.Node | undefined): boolean {
   return (
     node?.type === 'MemberExpression' &&
     node.object?.type === 'MemberExpression' &&
-    node.object.object?.name === 'process' &&
-    node.object.property?.name === 'env'
+    node.object.object?.type === 'Identifier' &&
+    node.object.object.name === 'process' &&
+    node.object.property?.type === 'Identifier' &&
+    node.object.property.name === 'env'
   );
 }
 
-function isSstResourceAccess(node: any): boolean {
-  if (!node) return false;
-  let current = node;
+function isSstResourceAccess(node: TSESTree.Node): boolean {
+  let current: TSESTree.Node = node;
   // Handle ChainExpression for optional chaining like Resource.MySecret?.value
   if (current.type === 'ChainExpression') {
     current = current.expression;
@@ -125,7 +125,10 @@ function isSstResourceAccess(node: any): boolean {
   return false;
 }
 
-function isSwallowedCatch(body: any[], filePath: string): boolean {
+function isSwallowedCatch(
+  body: TSESTree.Statement[],
+  filePath: string
+): boolean {
   if (body.length === 0) return true;
 
   // UI components often have intentional silent catches for telemetry/analytics
@@ -139,11 +142,23 @@ function isSwallowedCatch(body: any[], filePath: string): boolean {
     ) {
       const callee = stmt.expression.callee;
       // console.log/warn/error is still considered "swallowed" but might be acceptable
-      if (callee?.object?.name === 'console') return true;
+      if (
+        callee?.type === 'MemberExpression' &&
+        callee.object?.type === 'Identifier' &&
+        callee.object.name === 'console'
+      )
+        return true;
 
       // If it's a UI component and looks like telemetry, it's a false positive
       if (isUiComponent) {
-        const calleeName = callee?.name || callee?.property?.name || '';
+        let calleeName = '';
+        if (callee?.type === 'Identifier') calleeName = callee.name;
+        else if (
+          callee?.type === 'MemberExpression' &&
+          callee.property.type === 'Identifier'
+        )
+          calleeName = callee.property.name;
+
         if (/telemetry|analytics|track|logEvent/i.test(calleeName)) {
           return false; // Not "swallowed" in a bad way
         }
@@ -164,7 +179,7 @@ export function detectDefensivePatterns(
   const counts: PatternCounts = { ...ZERO_COUNTS };
   const totalLines = code.split('\n').length;
 
-  let ast: any;
+  let ast: TSESTree.Program;
   try {
     ast = parse(code, {
       filePath,
@@ -176,9 +191,9 @@ export function detectDefensivePatterns(
     return { issues, counts, totalLines };
   }
 
-  const nodesAtFunctionStart = new WeakSet<any>();
+  const nodesAtFunctionStart = new WeakSet<TSESTree.Node>();
 
-  function markFunctionParamNodes(node: any) {
+  function markFunctionParamNodes(node: TSESTree.Node) {
     if (
       node.type === 'FunctionDeclaration' ||
       node.type === 'FunctionExpression' ||
@@ -191,7 +206,11 @@ export function detectDefensivePatterns(
     }
   }
 
-  function visit(node: any, _parent?: any, _keyInParent?: string) {
+  function visit(
+    node: TSESTree.Node | undefined,
+    _parent?: TSESTree.Node,
+    _keyInParent?: string
+  ) {
     if (!node || typeof node !== 'object') return;
 
     markFunctionParamNodes(node);
@@ -213,9 +232,9 @@ export function detectDefensivePatterns(
             Severity.Major,
             '`as any` type assertion bypasses type safety',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -238,9 +257,9 @@ export function detectDefensivePatterns(
             Severity.Major,
             '`as unknown` double-cast bypasses type safety',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -257,9 +276,9 @@ export function detectDefensivePatterns(
             Severity.Minor,
             `Optional chain depth of ${depth} indicates missing structural guarantees`,
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -280,9 +299,9 @@ export function detectDefensivePatterns(
             Severity.Minor,
             'Nullish coalescing with literal default suggests missing upstream type guarantee',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -299,9 +318,9 @@ export function detectDefensivePatterns(
             Severity.Major,
             'Error is swallowed in catch block — failures will be silent',
             filePath,
-            node.handler.loc?.start.line ?? 0,
-            node.handler.loc?.start.column ?? 0,
-            getLineContent(code, node.handler.loc?.start.line ?? 0)
+            node.handler.loc.start.line,
+            node.handler.loc.start.column,
+            getLineContent(code, node.handler.loc.start.line)
           )
         );
       }
@@ -320,9 +339,9 @@ export function detectDefensivePatterns(
           Severity.Minor,
           'Environment variable with fallback — use a validated env schema instead',
           filePath,
-          node.loc?.start.line ?? 0,
-          node.loc?.start.column ?? 0,
-          getLineContent(code, node.loc?.start.line ?? 0)
+          node.loc.start.line,
+          node.loc.start.column,
+          getLineContent(code, node.loc.start.line)
         )
       );
     }
@@ -352,9 +371,9 @@ export function detectDefensivePatterns(
             Severity.Info,
             'Guard clause could be eliminated with non-nullable type at source',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -368,8 +387,14 @@ export function detectDefensivePatterns(
       node.params
     ) {
       for (const param of node.params) {
-        const typeAnno =
-          param.typeAnnotation?.typeAnnotation ?? param.typeAnnotation;
+        let typeAnno: TSESTree.TypeNode | undefined;
+
+        // Handle Identifier, AssignmentPattern, RestElement, etc.
+        if ('typeAnnotation' in param && param.typeAnnotation) {
+          typeAnno = (param.typeAnnotation as TSESTree.TSTypeAnnotation)
+            .typeAnnotation;
+        }
+
         if (typeAnno?.type === 'TSAnyKeyword') {
           counts['any-parameter']++;
           issues.push(
@@ -378,40 +403,48 @@ export function detectDefensivePatterns(
               Severity.Major,
               'Parameter typed as `any` bypasses type safety',
               filePath,
-              param.loc?.start.line ?? 0,
-              param.loc?.start.column ?? 0,
-              getLineContent(code, param.loc?.start.line ?? 0)
+              param.loc.start.line,
+              param.loc.start.column,
+              getLineContent(code, param.loc.start.line)
             )
           );
         }
       }
 
       // Pattern: any return type
-      const returnAnno = node.returnType?.typeAnnotation ?? node.returnType;
+      let returnAnno: TSESTree.TypeNode | undefined;
+      if ('returnType' in node && node.returnType) {
+        returnAnno = (node.returnType as TSESTree.TSTypeAnnotation)
+          .typeAnnotation;
+      }
+
       if (returnAnno?.type === 'TSAnyKeyword') {
-        counts['any-return']++;
-        issues.push(
-          makeIssue(
-            'any-return',
-            Severity.Major,
-            'Return type is `any` — callers cannot rely on the result shape',
-            filePath,
-            node.returnType?.loc?.start.line ?? 0,
-            node.returnType?.loc?.start.column ?? 0,
-            getLineContent(code, node.returnType?.loc?.start.line ?? 0)
-          )
-        );
+        const fnNode = node as TSESTree.FunctionDeclaration;
+        if (fnNode.returnType?.loc) {
+          counts['any-return']++;
+          issues.push(
+            makeIssue(
+              'any-return',
+              Severity.Major,
+              'Return type is `any` — callers cannot rely on the result shape',
+              filePath,
+              fnNode.returnType.loc.start.line,
+              fnNode.returnType.loc.start.column,
+              getLineContent(code, fnNode.returnType.loc.start.line)
+            )
+          );
+        }
       }
     }
 
     // Recurse
     for (const key in node) {
       if (key === 'loc' || key === 'range' || key === 'parent') continue;
-      const child = node[key];
+      const child = (node as Record<string, any>)[key];
       if (Array.isArray(child)) {
         for (const item of child) {
           if (item && typeof item.type === 'string') {
-            visit(item, node, key);
+            visit(item as TSESTree.Node, node, key);
           }
         }
       } else if (
@@ -419,7 +452,7 @@ export function detectDefensivePatterns(
         typeof child === 'object' &&
         typeof child.type === 'string'
       ) {
-        visit(child, node, key);
+        visit(child as TSESTree.Node, node, key);
       }
     }
   }

package/src/provider.ts

@@ -30,11 +30,24 @@ export const ContractEnforcementProvider = createProvider({
   },
 
   score(output: SpokeOutput, _options: ScanOptions) {
-    const rawData = (output.metadata as any)?.rawData ?? {};
-    return calculateContractEnforcementScore(
+    const rawData = output.metadata?.rawData ?? {};
+    const result = calculateContractEnforcementScore(
       rawData,
       rawData.totalLines ?? 1,
       rawData.sourceFiles ?? 1
-    ) as any;
+    );
+    return {
+      toolName: ToolName.ContractEnforcement,
+      score: result.score,
+      rating: result.rating,
+      recommendations: result.recommendations.map((action) => ({
+        action,
+        estimatedImpact: 10,
+        priority: 'medium' as const,
+      })),
+      dimensions: result.dimensions,
+      rawMetrics: rawData,
+      factors: [],
+    };
   },
 });