npm - @aiready/contract-enforcement - Versions diffs - 0.2.5 → 0.2.7 - Mend

@aiready/contract-enforcement 0.2.5 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/.turbo/turbo-build.log +19 -18
package/.turbo/turbo-test.log +18 -16
package/dist/index.js +71 -44
package/dist/index.mjs +71 -44
package/package.json +2 -2
package/src/__tests__/detector.test.ts +13 -1
package/src/detector.ts +98 -61
package/src/provider.ts +16 -3

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,18 +1,19 @@
-> @aiready/contract-enforcement@0.2.5 build /Users/pengcao/projects/aiready/packages/contract-enforcement
-> tsup src/index.ts --format cjs,esm --dts
-CLI Building entry: src/index.ts
-CLI Using tsconfig: tsconfig.json
-CLI tsup v8.5.1
-CLI Target: es2020
-CJS Build start
-ESM Build start
-CJS dist/index.js 18.01 KB
-CJS ⚡️ Build success in 241ms
-ESM dist/index.mjs 16.58 KB
-ESM ⚡️ Build success in 241ms
-DTS Build start
-DTS ⚡️ Build success in 4082ms
-DTS dist/index.d.ts  2.45 KB
-DTS dist/index.d.mts 2.45 KB
+> @aiready/contract-enforcement@0.2.7 build /Users/pengcao/projects/aiready/packages/contract-enforcement
+> tsup src/index.ts --format cjs,esm --dts
+[34mCLI[39m Building entry: src/index.ts
+[34mCLI[39m Using tsconfig: tsconfig.json
+[34mCLI[39m tsup v8.5.1
+[34mCLI[39m Target: es2020
+[34mCJS[39m Build start
+[34mESM[39m Build start
+[32mCJS[39m [1mdist/index.js [22m[32m18.88 KB[39m
+[32mCJS[39m ⚡️ Build success in 64ms
+[32mESM[39m [1mdist/index.mjs [22m[32m17.44 KB[39m
+[32mESM[39m ⚡️ Build success in 64ms
+DTS Build start
+DTS ⚡️ Build success in 9740ms
+DTS dist/index.d.ts  2.45 KB
+DTS dist/index.d.mts 2.45 KB

package/.turbo/turbo-test.log CHANGED Viewed

@@ -1,16 +1,18 @@
-> @aiready/contract-enforcement@0.2.4 test /Users/pengcao/projects/aiready/packages/contract-enforcement
-> vitest run
-[1m[46m RUN [49m[22m [36mv4.1.1 [39m[90m/Users/pengcao/projects/aiready/packages/contract-enforcement[39m
- [32m✓[39m src/__tests__/scoring.test.ts [2m([22m[2m7 tests[22m[2m)[22m[32m 3[2mms[22m[39m
- [32m✓[39m src/__tests__/detector.test.ts [2m([22m[2m14 tests[22m[2m)[22m[32m 16[2mms[22m[39m
- [32m✓[39m src/__tests__/provider.test.ts [2m([22m[2m5 tests[22m[2m)[22m[32m 19[2mms[22m[39m
-[2m Test Files [22m [1m[32m3 passed[39m[22m[90m (3)[39m
-[2m      Tests [22m [1m[32m26 passed[39m[22m[90m (26)[39m
-[2m   Start at [22m 21:12:44
-[2m   Duration [22m 2.44s[2m (transform 1.37s, setup 0ms, import 4.00s, tests 38ms, environment 0ms)[22m
+> @aiready/contract-enforcement@0.2.6 test /Users/pengcao/projects/aiready/packages/contract-enforcement
+> vitest run
+[?25l
+[1m[46m RUN [49m[22m [36mv4.1.1 [39m[90m/Users/pengcao/projects/aiready/packages/contract-enforcement[39m
+ [32m✓[39m src/__tests__/scoring.test.ts [2m([22m[2m7 tests[22m[2m)[22m[32m 5[2mms[22m[39m
+ [32m✓[39m src/__tests__/provider.test.ts [2m([22m[2m5 tests[22m[2m)[22m[32m 4[2mms[22m[39m
+ [32m✓[39m src/__tests__/detector.test.ts [2m([22m[2m15 tests[22m[2m)[22m[32m 47[2mms[22m[39m
+[2m Test Files [22m [1m[32m3 passed[39m[22m[90m (3)[39m
+[2m      Tests [22m [1m[32m27 passed[39m[22m[90m (27)[39m
+[2m   Start at [22m 22:04:34
+[2m   Duration [22m 1.50s[2m (transform 687ms, setup 0ms, import 2.52s, tests 56ms, environment 0ms)[22m
+[?25h

package/dist/index.js CHANGED Viewed

@@ -109,7 +109,6 @@ function countOptionalChainDepth(node) {
   return depth;
 }
 function isLiteral(node) {
-  if (!node) return false;
   if (node.type === "Literal") return true;
   if (node.type === "TemplateLiteral" && node.expressions.length === 0)
     return true;
@@ -119,10 +118,9 @@ function isLiteral(node) {
   return false;
 }
 function isProcessEnvAccess(node) {
-  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.name === "process" && node.object.property?.name === "env";
+  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.type === "Identifier" && node.object.object.name === "process" && node.object.property?.type === "Identifier" && node.object.property.name === "env";
 }
 function isSstResourceAccess(node) {
-  if (!node) return false;
   let current = node;
   if (current.type === "ChainExpression") {
     current = current.expression;
@@ -145,9 +143,16 @@ function isSwallowedCatch(body, filePath) {
     const stmt = body[0];
     if (stmt.type === "ExpressionStatement" && stmt.expression?.type === "CallExpression") {
       const callee = stmt.expression.callee;
-      if (callee?.object?.name === "console") return true;
+      if (callee?.type === "MemberExpression" && callee.object?.type === "Identifier" && callee.object.name === "console") {
+        const method = callee.property.type === "Identifier" ? callee.property.name : "";
+        if (method === "error" || method === "warn") return false;
+        return true;
+      }
       if (isUiComponent) {
-        const calleeName = callee?.name || callee?.property?.name || "";
+        let calleeName = "";
+        if (callee?.type === "Identifier") calleeName = callee.name;
+        else if (callee?.type === "MemberExpression" && callee.property.type === "Identifier")
+          calleeName = callee.property.name;
         if (/telemetry|analytics|track|logEvent/i.test(calleeName)) {
           return false;
         }
@@ -193,9 +198,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Major,
             "`as any` type assertion bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -209,9 +214,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Major,
             "`as unknown` double-cast bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -226,9 +231,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Minor,
             `Optional chain depth of ${depth} indicates missing structural guarantees`,
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -242,9 +247,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Minor,
             "Nullish coalescing with literal default suggests missing upstream type guarantee",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -259,9 +264,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Major,
             "Error is swallowed in catch block \u2014 failures will be silent",
             filePath,
-            node.handler.loc?.start.line ?? 0,
-            node.handler.loc?.start.column ?? 0,
-            getLineContent(code, node.handler.loc?.start.line ?? 0)
+            node.handler.loc.start.line,
+            node.handler.loc.start.column,
+            getLineContent(code, node.handler.loc.start.line)
           )
         );
       }
@@ -274,9 +279,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
           import_core.Severity.Minor,
           "Environment variable with fallback \u2014 use a validated env schema instead",
           filePath,
-          node.loc?.start.line ?? 0,
-          node.loc?.start.column ?? 0,
-          getLineContent(code, node.loc?.start.line ?? 0)
+          node.loc.start.line,
+          node.loc.start.column,
+          getLineContent(code, node.loc.start.line)
         )
       );
     }
@@ -296,16 +301,19 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             import_core.Severity.Info,
             "Guard clause could be eliminated with non-nullable type at source",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
     }
     if ((node.type === "FunctionDeclaration" || node.type === "FunctionExpression" || node.type === "ArrowFunctionExpression") && node.params) {
       for (const param of node.params) {
-        const typeAnno = param.typeAnnotation?.typeAnnotation ?? param.typeAnnotation;
+        let typeAnno;
+        if ("typeAnnotation" in param && param.typeAnnotation) {
+          typeAnno = param.typeAnnotation.typeAnnotation;
+        }
         if (typeAnno?.type === "TSAnyKeyword") {
           counts["any-parameter"]++;
           issues.push(
@@ -314,27 +322,33 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
               import_core.Severity.Major,
               "Parameter typed as `any` bypasses type safety",
               filePath,
-              param.loc?.start.line ?? 0,
-              param.loc?.start.column ?? 0,
-              getLineContent(code, param.loc?.start.line ?? 0)
+              param.loc.start.line,
+              param.loc.start.column,
+              getLineContent(code, param.loc.start.line)
             )
           );
         }
       }
-      const returnAnno = node.returnType?.typeAnnotation ?? node.returnType;
+      let returnAnno;
+      if ("returnType" in node && node.returnType) {
+        returnAnno = node.returnType.typeAnnotation;
+      }
       if (returnAnno?.type === "TSAnyKeyword") {
-        counts["any-return"]++;
-        issues.push(
-          makeIssue(
-            "any-return",
-            import_core.Severity.Major,
-            "Return type is `any` \u2014 callers cannot rely on the result shape",
-            filePath,
-            node.returnType?.loc?.start.line ?? 0,
-            node.returnType?.loc?.start.column ?? 0,
-            getLineContent(code, node.returnType?.loc?.start.line ?? 0)
-          )
-        );
+        const fnNode = node;
+        if (fnNode.returnType?.loc) {
+          counts["any-return"]++;
+          issues.push(
+            makeIssue(
+              "any-return",
+              import_core.Severity.Major,
+              "Return type is `any` \u2014 callers cannot rely on the result shape",
+              filePath,
+              fnNode.returnType.loc.start.line,
+              fnNode.returnType.loc.start.column,
+              getLineContent(code, fnNode.returnType.loc.start.line)
+            )
+          );
+        }
       }
     }
     for (const key in node) {
@@ -495,11 +509,24 @@ var ContractEnforcementProvider = (0, import_core3.createProvider)({
   },
   score(output, _options) {
     const rawData = output.metadata?.rawData ?? {};
-    return calculateContractEnforcementScore(
+    const result = calculateContractEnforcementScore(
       rawData,
       rawData.totalLines ?? 1,
       rawData.sourceFiles ?? 1
     );
+    return {
+      toolName: import_core3.ToolName.ContractEnforcement,
+      score: result.score,
+      rating: result.rating,
+      recommendations: result.recommendations.map((action) => ({
+        action,
+        estimatedImpact: 10,
+        priority: "medium"
+      })),
+      dimensions: result.dimensions,
+      rawMetrics: rawData,
+      factors: []
+    };
   }
 });

package/dist/index.mjs CHANGED Viewed

@@ -82,7 +82,6 @@ function countOptionalChainDepth(node) {
   return depth;
 }
 function isLiteral(node) {
-  if (!node) return false;
   if (node.type === "Literal") return true;
   if (node.type === "TemplateLiteral" && node.expressions.length === 0)
     return true;
@@ -92,10 +91,9 @@ function isLiteral(node) {
   return false;
 }
 function isProcessEnvAccess(node) {
-  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.name === "process" && node.object.property?.name === "env";
+  return node?.type === "MemberExpression" && node.object?.type === "MemberExpression" && node.object.object?.type === "Identifier" && node.object.object.name === "process" && node.object.property?.type === "Identifier" && node.object.property.name === "env";
 }
 function isSstResourceAccess(node) {
-  if (!node) return false;
   let current = node;
   if (current.type === "ChainExpression") {
     current = current.expression;
@@ -118,9 +116,16 @@ function isSwallowedCatch(body, filePath) {
     const stmt = body[0];
     if (stmt.type === "ExpressionStatement" && stmt.expression?.type === "CallExpression") {
       const callee = stmt.expression.callee;
-      if (callee?.object?.name === "console") return true;
+      if (callee?.type === "MemberExpression" && callee.object?.type === "Identifier" && callee.object.name === "console") {
+        const method = callee.property.type === "Identifier" ? callee.property.name : "";
+        if (method === "error" || method === "warn") return false;
+        return true;
+      }
       if (isUiComponent) {
-        const calleeName = callee?.name || callee?.property?.name || "";
+        let calleeName = "";
+        if (callee?.type === "Identifier") calleeName = callee.name;
+        else if (callee?.type === "MemberExpression" && callee.property.type === "Identifier")
+          calleeName = callee.property.name;
         if (/telemetry|analytics|track|logEvent/i.test(calleeName)) {
           return false;
         }
@@ -166,9 +171,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Major,
             "`as any` type assertion bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -182,9 +187,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Major,
             "`as unknown` double-cast bypasses type safety",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -199,9 +204,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Minor,
             `Optional chain depth of ${depth} indicates missing structural guarantees`,
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -215,9 +220,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Minor,
             "Nullish coalescing with literal default suggests missing upstream type guarantee",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -232,9 +237,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Major,
             "Error is swallowed in catch block \u2014 failures will be silent",
             filePath,
-            node.handler.loc?.start.line ?? 0,
-            node.handler.loc?.start.column ?? 0,
-            getLineContent(code, node.handler.loc?.start.line ?? 0)
+            node.handler.loc.start.line,
+            node.handler.loc.start.column,
+            getLineContent(code, node.handler.loc.start.line)
           )
         );
       }
@@ -247,9 +252,9 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
           Severity.Minor,
           "Environment variable with fallback \u2014 use a validated env schema instead",
           filePath,
-          node.loc?.start.line ?? 0,
-          node.loc?.start.column ?? 0,
-          getLineContent(code, node.loc?.start.line ?? 0)
+          node.loc.start.line,
+          node.loc.start.column,
+          getLineContent(code, node.loc.start.line)
         )
       );
     }
@@ -269,16 +274,19 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
             Severity.Info,
             "Guard clause could be eliminated with non-nullable type at source",
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
     }
     if ((node.type === "FunctionDeclaration" || node.type === "FunctionExpression" || node.type === "ArrowFunctionExpression") && node.params) {
       for (const param of node.params) {
-        const typeAnno = param.typeAnnotation?.typeAnnotation ?? param.typeAnnotation;
+        let typeAnno;
+        if ("typeAnnotation" in param && param.typeAnnotation) {
+          typeAnno = param.typeAnnotation.typeAnnotation;
+        }
         if (typeAnno?.type === "TSAnyKeyword") {
           counts["any-parameter"]++;
           issues.push(
@@ -287,27 +295,33 @@ function detectDefensivePatterns(filePath, code, minChainDepth = 3) {
               Severity.Major,
               "Parameter typed as `any` bypasses type safety",
               filePath,
-              param.loc?.start.line ?? 0,
-              param.loc?.start.column ?? 0,
-              getLineContent(code, param.loc?.start.line ?? 0)
+              param.loc.start.line,
+              param.loc.start.column,
+              getLineContent(code, param.loc.start.line)
             )
           );
         }
       }
-      const returnAnno = node.returnType?.typeAnnotation ?? node.returnType;
+      let returnAnno;
+      if ("returnType" in node && node.returnType) {
+        returnAnno = node.returnType.typeAnnotation;
+      }
       if (returnAnno?.type === "TSAnyKeyword") {
-        counts["any-return"]++;
-        issues.push(
-          makeIssue(
-            "any-return",
-            Severity.Major,
-            "Return type is `any` \u2014 callers cannot rely on the result shape",
-            filePath,
-            node.returnType?.loc?.start.line ?? 0,
-            node.returnType?.loc?.start.column ?? 0,
-            getLineContent(code, node.returnType?.loc?.start.line ?? 0)
-          )
-        );
+        const fnNode = node;
+        if (fnNode.returnType?.loc) {
+          counts["any-return"]++;
+          issues.push(
+            makeIssue(
+              "any-return",
+              Severity.Major,
+              "Return type is `any` \u2014 callers cannot rely on the result shape",
+              filePath,
+              fnNode.returnType.loc.start.line,
+              fnNode.returnType.loc.start.column,
+              getLineContent(code, fnNode.returnType.loc.start.line)
+            )
+          );
+        }
       }
     }
     for (const key in node) {
@@ -468,11 +482,24 @@ var ContractEnforcementProvider = createProvider({
   },
   score(output, _options) {
     const rawData = output.metadata?.rawData ?? {};
-    return calculateContractEnforcementScore(
+    const result = calculateContractEnforcementScore(
       rawData,
       rawData.totalLines ?? 1,
       rawData.sourceFiles ?? 1
     );
+    return {
+      toolName: ToolName.ContractEnforcement,
+      score: result.score,
+      rating: result.rating,
+      recommendations: result.recommendations.map((action) => ({
+        action,
+        estimatedImpact: 10,
+        priority: "medium"
+      })),
+      dimensions: result.dimensions,
+      rawMetrics: rawData,
+      factors: []
+    };
   }
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aiready/contract-enforcement",
-  "version": "0.2.5",
+  "version": "0.2.7",
   "description": "Measures structural type safety and boundary validation to reduce fallback cascades for AI agents",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -32,7 +32,7 @@
   "homepage": "https://github.com/caopengau/aiready-contract-enforcement",
   "dependencies": {
     "@typescript-eslint/typescript-estree": "^8.53.0",
-    "@aiready/core": "0.24.5"
+    "@aiready/core": "0.24.7"
   },
   "devDependencies": {
     "@types/node": "^24.0.0",

package/src/__tests__/detector.test.ts CHANGED Viewed

@@ -72,13 +72,25 @@ describe('detectDefensivePatterns', () => {
       try {
         doSomething();
       } catch (e) {
-        console.error(e);
+        console.log(e);
       }
     `;
     const result = detectDefensivePatterns(filePath, code);
     expect(result.counts['swallowed-error']).toBe(1);
   });
+  it('does not flag console.error as swallowed', () => {
+    const code = `
+      try {
+        doSomething();
+      } catch (e) {
+        console.error(e);
+      }
+    `;
+    const result = detectDefensivePatterns(filePath, code);
+    expect(result.counts['swallowed-error']).toBe(0);
+  });
   it('does not flag catch blocks with real handling', () => {
     const code = `
       try {

package/src/detector.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { parse } from '@typescript-eslint/typescript-estree';
+import { parse, TSESTree } from '@typescript-eslint/typescript-estree';
 import { Severity, IssueType } from '@aiready/core';
 import type {
   ContractEnforcementIssue,
@@ -56,9 +56,9 @@ function getLineContent(code: string, line: number): string {
   return (lines[line - 1] || '').trim().slice(0, 120);
 }
-function countOptionalChainDepth(node: any): number {
+function countOptionalChainDepth(node: TSESTree.Node): number {
   let depth = 0;
-  let current = node;
+  let current: TSESTree.Node | undefined = node;
   while (current) {
     if (current.type === 'MemberExpression' && current.optional) {
       depth++;
@@ -75,8 +75,7 @@ function countOptionalChainDepth(node: any): number {
   return depth;
 }
-function isLiteral(node: any): boolean {
-  if (!node) return false;
+function isLiteral(node: TSESTree.Node): boolean {
   if (node.type === 'Literal') return true;
   if (node.type === 'TemplateLiteral' && node.expressions.length === 0)
     return true;
@@ -89,18 +88,19 @@ function isLiteral(node: any): boolean {
   return false;
 }
-function isProcessEnvAccess(node: any): boolean {
+function isProcessEnvAccess(node: TSESTree.Node | undefined): boolean {
   return (
     node?.type === 'MemberExpression' &&
     node.object?.type === 'MemberExpression' &&
-    node.object.object?.name === 'process' &&
-    node.object.property?.name === 'env'
+    node.object.object?.type === 'Identifier' &&
+    node.object.object.name === 'process' &&
+    node.object.property?.type === 'Identifier' &&
+    node.object.property.name === 'env'
   );
 }
-function isSstResourceAccess(node: any): boolean {
-  if (!node) return false;
-  let current = node;
+function isSstResourceAccess(node: TSESTree.Node): boolean {
+  let current: TSESTree.Node = node;
   // Handle ChainExpression for optional chaining like Resource.MySecret?.value
   if (current.type === 'ChainExpression') {
     current = current.expression;
@@ -125,7 +125,10 @@ function isSstResourceAccess(node: any): boolean {
   return false;
 }
-function isSwallowedCatch(body: any[], filePath: string): boolean {
+function isSwallowedCatch(
+  body: TSESTree.Statement[],
+  filePath: string
+): boolean {
   if (body.length === 0) return true;
   // UI components often have intentional silent catches for telemetry/analytics
@@ -138,12 +141,28 @@ function isSwallowedCatch(body: any[], filePath: string): boolean {
       stmt.expression?.type === 'CallExpression'
     ) {
       const callee = stmt.expression.callee;
-      // console.log/warn/error is still considered "swallowed" but might be acceptable
-      if (callee?.object?.name === 'console') return true;
+      // console.error and console.warn are considered "handling" or at least "reporting"
+      if (
+        callee?.type === 'MemberExpression' &&
+        callee.object?.type === 'Identifier' &&
+        callee.object.name === 'console'
+      ) {
+        const method =
+          callee.property.type === 'Identifier' ? callee.property.name : '';
+        if (method === 'error' || method === 'warn') return false;
+        return true; // console.log/info/debug etc. are still considered "swallowed"
+      }
       // If it's a UI component and looks like telemetry, it's a false positive
       if (isUiComponent) {
-        const calleeName = callee?.name || callee?.property?.name || '';
+        let calleeName = '';
+        if (callee?.type === 'Identifier') calleeName = callee.name;
+        else if (
+          callee?.type === 'MemberExpression' &&
+          callee.property.type === 'Identifier'
+        )
+          calleeName = callee.property.name;
         if (/telemetry|analytics|track|logEvent/i.test(calleeName)) {
           return false; // Not "swallowed" in a bad way
         }
@@ -164,7 +183,7 @@ export function detectDefensivePatterns(
   const counts: PatternCounts = { ...ZERO_COUNTS };
   const totalLines = code.split('\n').length;
-  let ast: any;
+  let ast: TSESTree.Program;
   try {
     ast = parse(code, {
       filePath,
@@ -176,9 +195,9 @@ export function detectDefensivePatterns(
     return { issues, counts, totalLines };
   }
-  const nodesAtFunctionStart = new WeakSet<any>();
+  const nodesAtFunctionStart = new WeakSet<TSESTree.Node>();
-  function markFunctionParamNodes(node: any) {
+  function markFunctionParamNodes(node: TSESTree.Node) {
     if (
       node.type === 'FunctionDeclaration' ||
       node.type === 'FunctionExpression' ||
@@ -191,7 +210,11 @@ export function detectDefensivePatterns(
     }
   }
-  function visit(node: any, _parent?: any, _keyInParent?: string) {
+  function visit(
+    node: TSESTree.Node | undefined,
+    _parent?: TSESTree.Node,
+    _keyInParent?: string
+  ) {
     if (!node || typeof node !== 'object') return;
     markFunctionParamNodes(node);
@@ -213,9 +236,9 @@ export function detectDefensivePatterns(
             Severity.Major,
             '`as any` type assertion bypasses type safety',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -238,9 +261,9 @@ export function detectDefensivePatterns(
             Severity.Major,
             '`as unknown` double-cast bypasses type safety',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -257,9 +280,9 @@ export function detectDefensivePatterns(
             Severity.Minor,
             `Optional chain depth of ${depth} indicates missing structural guarantees`,
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -280,9 +303,9 @@ export function detectDefensivePatterns(
             Severity.Minor,
             'Nullish coalescing with literal default suggests missing upstream type guarantee',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -299,9 +322,9 @@ export function detectDefensivePatterns(
             Severity.Major,
             'Error is swallowed in catch block — failures will be silent',
             filePath,
-            node.handler.loc?.start.line ?? 0,
-            node.handler.loc?.start.column ?? 0,
-            getLineContent(code, node.handler.loc?.start.line ?? 0)
+            node.handler.loc.start.line,
+            node.handler.loc.start.column,
+            getLineContent(code, node.handler.loc.start.line)
           )
         );
       }
@@ -320,9 +343,9 @@ export function detectDefensivePatterns(
           Severity.Minor,
           'Environment variable with fallback — use a validated env schema instead',
           filePath,
-          node.loc?.start.line ?? 0,
-          node.loc?.start.column ?? 0,
-          getLineContent(code, node.loc?.start.line ?? 0)
+          node.loc.start.line,
+          node.loc.start.column,
+          getLineContent(code, node.loc.start.line)
         )
       );
     }
@@ -352,9 +375,9 @@ export function detectDefensivePatterns(
             Severity.Info,
             'Guard clause could be eliminated with non-nullable type at source',
             filePath,
-            node.loc?.start.line ?? 0,
-            node.loc?.start.column ?? 0,
-            getLineContent(code, node.loc?.start.line ?? 0)
+            node.loc.start.line,
+            node.loc.start.column,
+            getLineContent(code, node.loc.start.line)
           )
         );
       }
@@ -368,8 +391,14 @@ export function detectDefensivePatterns(
       node.params
     ) {
       for (const param of node.params) {
-        const typeAnno =
-          param.typeAnnotation?.typeAnnotation ?? param.typeAnnotation;
+        let typeAnno: TSESTree.TypeNode | undefined;
+        // Handle Identifier, AssignmentPattern, RestElement, etc.
+        if ('typeAnnotation' in param && param.typeAnnotation) {
+          typeAnno = (param.typeAnnotation as TSESTree.TSTypeAnnotation)
+            .typeAnnotation;
+        }
         if (typeAnno?.type === 'TSAnyKeyword') {
           counts['any-parameter']++;
           issues.push(
@@ -378,40 +407,48 @@ export function detectDefensivePatterns(
               Severity.Major,
               'Parameter typed as `any` bypasses type safety',
               filePath,
-              param.loc?.start.line ?? 0,
-              param.loc?.start.column ?? 0,
-              getLineContent(code, param.loc?.start.line ?? 0)
+              param.loc.start.line,
+              param.loc.start.column,
+              getLineContent(code, param.loc.start.line)
             )
           );
         }
       }
       // Pattern: any return type
-      const returnAnno = node.returnType?.typeAnnotation ?? node.returnType;
+      let returnAnno: TSESTree.TypeNode | undefined;
+      if ('returnType' in node && node.returnType) {
+        returnAnno = (node.returnType as TSESTree.TSTypeAnnotation)
+          .typeAnnotation;
+      }
       if (returnAnno?.type === 'TSAnyKeyword') {
-        counts['any-return']++;
-        issues.push(
-          makeIssue(
-            'any-return',
-            Severity.Major,
-            'Return type is `any` — callers cannot rely on the result shape',
-            filePath,
-            node.returnType?.loc?.start.line ?? 0,
-            node.returnType?.loc?.start.column ?? 0,
-            getLineContent(code, node.returnType?.loc?.start.line ?? 0)
-          )
-        );
+        const fnNode = node as TSESTree.FunctionDeclaration;
+        if (fnNode.returnType?.loc) {
+          counts['any-return']++;
+          issues.push(
+            makeIssue(
+              'any-return',
+              Severity.Major,
+              'Return type is `any` — callers cannot rely on the result shape',
+              filePath,
+              fnNode.returnType.loc.start.line,
+              fnNode.returnType.loc.start.column,
+              getLineContent(code, fnNode.returnType.loc.start.line)
+            )
+          );
+        }
       }
     }
     // Recurse
     for (const key in node) {
       if (key === 'loc' || key === 'range' || key === 'parent') continue;
-      const child = node[key];
+      const child = (node as Record<string, any>)[key];
       if (Array.isArray(child)) {
         for (const item of child) {
           if (item && typeof item.type === 'string') {
-            visit(item, node, key);
+            visit(item as TSESTree.Node, node, key);
           }
         }
       } else if (
@@ -419,7 +456,7 @@ export function detectDefensivePatterns(
         typeof child === 'object' &&
         typeof child.type === 'string'
       ) {
-        visit(child, node, key);
+        visit(child as TSESTree.Node, node, key);
       }
     }
   }

package/src/provider.ts CHANGED Viewed

@@ -30,11 +30,24 @@ export const ContractEnforcementProvider = createProvider({
   },
   score(output: SpokeOutput, _options: ScanOptions) {
-    const rawData = (output.metadata as any)?.rawData ?? {};
-    return calculateContractEnforcementScore(
+    const rawData = output.metadata?.rawData ?? {};
+    const result = calculateContractEnforcementScore(
       rawData,
       rawData.totalLines ?? 1,
       rawData.sourceFiles ?? 1
-    ) as any;
+    );
+    return {
+      toolName: ToolName.ContractEnforcement,
+      score: result.score,
+      rating: result.rating,
+      recommendations: result.recommendations.map((action) => ({
+        action,
+        estimatedImpact: 10,
+        priority: 'medium' as const,
+      })),
+      dimensions: result.dimensions,
+      rawMetrics: rawData,
+      factors: [],
+    };
   },
 });