claude-crap 0.1.2

package/src/metrics/crap.ts

@@ -0,0 +1,101 @@
+/**
+ * CRAP (Change Risk Anti-Patterns) index — deterministic computation.
+ *
+ * The CRAP index is a single number that summarizes how dangerous it is
+ * to change a given function. It combines two signals:
+ *
+ *   1. Cyclomatic complexity (`comp`) — how many independent paths the
+ *      function has. Tracks how easy it is to reason about the code.
+ *   2. Test coverage percentage (`cov`) — empirical safety net provided
+ *      by the automated test suite.
+ *
+ * The formula (see docs/quality-gate.md) is:
+ *
+ *     CRAP(m) = comp(m)² × (1 − cov(m)/100)³ + comp(m)
+ *
+ * The cubic uncovered-weight term makes CRAP punish uncovered, branchy
+ * code extremely aggressively. A function with complexity 10 and 0%
+ * coverage scores CRAP = 10² × 1³ + 10 = 110, well above the 30 threshold.
+ *
+ * The additive `+ comp(m)` tail is intentional: it means that any function
+ * with `comp ≥ 30` can NEVER reach a passing CRAP score, even with 100%
+ * coverage (because the final term alone equals the threshold). This
+ * encodes the policy "functions above complexity 30 must be decomposed,
+ * period" — you cannot test your way out of structural complexity.
+ *
+ * @module metrics/crap
+ */
+
+/**
+ * Inputs required to compute CRAP for a single function.
+ */
+export interface CrapInput {
+  /** Cyclomatic complexity of the function. Must be an integer ≥ 1. */
+  readonly cyclomaticComplexity: number;
+  /** Test coverage percentage for the function. Must be in `[0, 100]`. */
+  readonly coveragePercent: number;
+}
+
+/**
+ * Result of a CRAP computation, including the inputs used so callers can
+ * echo the context back to the LLM or dump it to a SARIF result's
+ * `properties` bag without re-reading the source data.
+ */
+export interface CrapResult {
+  /** The CRAP score, rounded to 4 decimals for stable serialization. */
+  readonly crap: number;
+  /** Cyclomatic complexity echoed from the input. */
+  readonly cyclomaticComplexity: number;
+  /** Coverage percentage echoed from the input. */
+  readonly coveragePercent: number;
+  /** `true` when `crap > threshold` — caller should block on this. */
+  readonly exceedsThreshold: boolean;
+  /** The threshold used for the `exceedsThreshold` decision. */
+  readonly threshold: number;
+}
+
+/**
+ * Compute the CRAP index for a single function, against a configurable
+ * block threshold. This function is pure, deterministic, and performs no
+ * I/O — it can be called from any context (MCP tool handler, hook, unit
+ * test) without side effects.
+ *
+ * @param input     Cyclomatic complexity and coverage for the function.
+ * @param threshold The CRAP score above which the caller should block.
+ * @returns         A {@link CrapResult} containing the score and decision.
+ * @throws          When any input is out of range or not finite.
+ *
+ * @example
+ * // 12 branches, 60% coverage, threshold = 30
+ * computeCrap({ cyclomaticComplexity: 12, coveragePercent: 60 }, 30)
+ * // → { crap: 21.216, exceedsThreshold: false, ... }
+ */
+export function computeCrap(input: CrapInput, threshold: number): CrapResult {
+  if (!Number.isFinite(input.cyclomaticComplexity) || input.cyclomaticComplexity < 1) {
+    throw new Error(
+      `[crap] cyclomaticComplexity must be ≥ 1, got ${input.cyclomaticComplexity}`,
+    );
+  }
+  if (!Number.isFinite(input.coveragePercent) || input.coveragePercent < 0 || input.coveragePercent > 100) {
+    throw new Error(
+      `[crap] coveragePercent must be in [0, 100], got ${input.coveragePercent}`,
+    );
+  }
+  if (!Number.isFinite(threshold) || threshold <= 0) {
+    throw new Error(`[crap] threshold must be > 0, got ${threshold}`);
+  }
+
+  const comp = input.cyclomaticComplexity;
+  const uncovered = 1 - input.coveragePercent / 100;
+  const crap = comp * comp * Math.pow(uncovered, 3) + comp;
+
+  return {
+    // Round to 4 decimals so JSON serialization is stable across runs
+    // (important for SARIF diffing and dashboard caching).
+    crap: Number(crap.toFixed(4)),
+    cyclomaticComplexity: comp,
+    coveragePercent: input.coveragePercent,
+    exceedsThreshold: crap > threshold,
+    threshold,
+  };
+}

package/src/metrics/index.ts

@@ -0,0 +1,51 @@
+/**
+ * Public SDK entry point for the deterministic metrics engines.
+ *
+ * Everything re-exported from this barrel is part of the stable public
+ * API of `claude-crap/metrics`. Downstream consumers can rely
+ * on the shapes here remaining semver-stable — breaking changes only
+ * land in major versions.
+ *
+ * Usage:
+ *
+ * ```ts
+ * import {
+ *   computeCrap,
+ *   computeTdr,
+ *   computeProjectScore,
+ *   classifyTdr,
+ *   ratingIsWorseThan,
+ * } from "claude-crap/metrics";
+ * ```
+ *
+ * @module metrics
+ */
+
+export { computeCrap } from "./crap.js";
+export type { CrapInput, CrapResult } from "./crap.js";
+
+export {
+  classifyTdr,
+  computeTdr,
+  ratingIsWorseThan,
+  ratingToRank,
+} from "./tdr.js";
+export type { TdrInput, TdrResult } from "./tdr.js";
+
+export {
+  computeProjectScore,
+  renderProjectScoreMarkdown,
+} from "./score.js";
+export type {
+  ComputeProjectScoreInput,
+  DimensionScore,
+  FindingsSummary,
+  MaintainabilityScore,
+  ProjectScore,
+  ScoreLocation,
+  SeverityRating,
+  WorkspaceStats,
+} from "./score.js";
+
+export { estimateWorkspaceLoc, MAX_FILES_WALKED } from "./workspace-walker.js";
+export type { WorkspaceWalkResult } from "./workspace-walker.js";

package/src/metrics/score.ts

@@ -0,0 +1,329 @@
+/**
+ * Aggregate project score engine.
+ *
+ * Given a fully resolved configuration, the live SARIF store, and a
+ * workspace LOC walker, this module produces a single immutable
+ * `ProjectScore` snapshot describing the entire project's quality
+ * posture across three dimensions:
+ *
+ *   - **Maintainability** — derived from the Technical Debt Ratio (TDR)
+ *     using the existing `metrics/tdr.ts` engine.
+ *   - **Reliability**     — derived from the worst non-security finding.
+ *   - **Security**        — derived from the worst security finding.
+ *
+ * Each dimension produces a letter grade A..E and the `overall` field
+ * collapses them by taking the worst grade. The `passes` field tells
+ * the caller whether the overall grade is within the configured
+ * `tdrMaxRating` tolerance — handy for the Stop quality gate and the
+ * `score_project` MCP tool.
+ *
+ * Security vs reliability is determined by a heuristic on the `ruleId`:
+ * any rule whose identifier matches a security keyword (`sec`, `sql`,
+ * `xss`, `csrf`, `injection`, `crypt`, `auth`, `secret`, `password`,
+ * `cve`, `vuln`) is treated as security. Everything else is reliability.
+ * This is intentionally coarse: adapters that stamp a richer SARIF
+ * taxonomy (e.g. `properties.tags = ["security"]`) could replace this
+ * classifier with an exact match, but the regex is sufficient for the
+ * scanners this plugin ships with.
+ *
+ * The score engine is pure: it does no I/O, takes a `WorkspaceStats`
+ * value (which the caller produces from the bounded LOC walker), and
+ * returns a brand new score object on every call. Tests can construct
+ * a `SarifStore` in memory and verify the boundaries directly.
+ *
+ * @module metrics/score
+ */
+
+import type { MaintainabilityRating } from "../config.js";
+import type { SarifStore } from "../sarif/sarif-store.js";
+import { classifyTdr, ratingIsWorseThan } from "./tdr.js";
+
+/**
+ * Letter rating shared by every dimension. The same A..E scale used by
+ * SonarQube's reliability and security ratings, where A is best and E
+ * is unmaintainable / blocker-class.
+ */
+export type SeverityRating = MaintainabilityRating;
+
+/**
+ * Workspace size statistics produced by an external bounded walker.
+ * The score engine does not walk the disk itself — pass these in.
+ */
+export interface WorkspaceStats {
+  /** Total physical lines of code under the workspace root. */
+  readonly physicalLoc: number;
+  /** Number of files visited by the walker. */
+  readonly fileCount: number;
+}
+
+/**
+ * Per-dimension breakdown.
+ */
+export interface DimensionScore {
+  readonly rating: SeverityRating;
+  readonly findings: number;
+  readonly errorFindings: number;
+  readonly warningFindings: number;
+  readonly noteFindings: number;
+}
+
+/**
+ * Per-finding-level summary plus per-tool counts.
+ */
+export interface FindingsSummary {
+  readonly total: number;
+  readonly error: number;
+  readonly warning: number;
+  readonly note: number;
+  readonly byTool: Readonly<Record<string, number>>;
+  readonly byFile: Readonly<Record<string, number>>;
+}
+
+/**
+ * Maintainability dimension expressed as a TDR percentage.
+ */
+export interface MaintainabilityScore {
+  readonly rating: MaintainabilityRating;
+  readonly tdrPercent: number;
+  readonly remediationMinutes: number;
+  readonly developmentCostMinutes: number;
+}
+
+/**
+ * Pointer to where the consolidated report can be found.
+ */
+export interface ScoreLocation {
+  /** Local dashboard URL when the HTTP server is running, otherwise `null`. */
+  readonly dashboardUrl: string | null;
+  /** Absolute path to the consolidated SARIF document on disk. */
+  readonly sarifReportPath: string;
+}
+
+/**
+ * The full project score snapshot. Returned from {@link computeProjectScore}.
+ */
+export interface ProjectScore {
+  readonly generatedAt: string;
+  readonly workspaceRoot: string;
+  readonly loc: { readonly physical: number; readonly files: number };
+  readonly findings: FindingsSummary;
+  readonly maintainability: MaintainabilityScore;
+  readonly reliability: DimensionScore;
+  readonly security: DimensionScore;
+  readonly overall: {
+    readonly rating: SeverityRating;
+    /** True when `overall.rating` is no worse than `policyRating`. */
+    readonly passes: boolean;
+    /** Echoed from the configured policy. */
+    readonly policyRating: MaintainabilityRating;
+  };
+  readonly location: ScoreLocation;
+}
+
+/**
+ * Inputs accepted by {@link computeProjectScore}.
+ */
+export interface ComputeProjectScoreInput {
+  readonly workspaceRoot: string;
+  readonly minutesPerLoc: number;
+  readonly tdrMaxRating: MaintainabilityRating;
+  readonly workspace: WorkspaceStats;
+  readonly sarifStore: SarifStore;
+  readonly dashboardUrl: string | null;
+  readonly sarifReportPath: string;
+}
+
+/**
+ * Pattern that classifies a rule identifier as security-relevant.
+ * Matches case-insensitively against the rule id text. Intentionally
+ * permissive — false positives in classification are recoverable, but
+ * a missed security finding being graded as reliability is not.
+ */
+const SECURITY_RULE_PATTERN =
+  /(sec|sql|xss|csrf|ssrf|injection|crypt|auth|secret|password|token|cve|vuln|jwt|cors|rce|deserial|prototype-pollution)/i;
+
+/**
+ * Compute the full project score. Pure function — no side effects.
+ *
+ * @param input Aggregated inputs.
+ * @returns     A {@link ProjectScore} ready to be serialized.
+ */
+export function computeProjectScore(input: ComputeProjectScoreInput): ProjectScore {
+  const findingsList = input.sarifStore.list();
+
+  // ---- Findings summary ----
+  /** @type {Record<string, number>} */
+  const byTool: Record<string, number> = {};
+  const byFile: Record<string, number> = {};
+  let errorCount = 0;
+  let warningCount = 0;
+  let noteCount = 0;
+  let remediationMinutes = 0;
+
+  /** Findings split by classification. */
+  const securityFindings: Array<{ level: string }> = [];
+  const reliabilityFindings: Array<{ level: string }> = [];
+
+  for (const finding of findingsList) {
+    if (finding.level === "error") errorCount += 1;
+    else if (finding.level === "warning") warningCount += 1;
+    else if (finding.level === "note") noteCount += 1;
+
+    byTool[finding.sourceTool] = (byTool[finding.sourceTool] ?? 0) + 1;
+    byFile[finding.location.uri] = (byFile[finding.location.uri] ?? 0) + 1;
+
+    const effort =
+      typeof finding.properties?.effortMinutes === "number"
+        ? finding.properties.effortMinutes
+        : 0;
+    remediationMinutes += effort;
+
+    if (SECURITY_RULE_PATTERN.test(finding.ruleId)) {
+      securityFindings.push({ level: finding.level });
+    } else {
+      reliabilityFindings.push({ level: finding.level });
+    }
+  }
+
+  const findings: FindingsSummary = {
+    total: findingsList.length,
+    error: errorCount,
+    warning: warningCount,
+    note: noteCount,
+    byTool,
+    byFile,
+  };
+
+  // ---- Maintainability (TDR) ----
+  // Guard against an empty workspace; the TDR formula divides by LOC.
+  const safeLoc = Math.max(input.workspace.physicalLoc, 1);
+  const developmentCostMinutes = input.minutesPerLoc * safeLoc;
+  const tdrPercent = (remediationMinutes / developmentCostMinutes) * 100;
+  const tdrRating = classifyTdr(tdrPercent);
+
+  const maintainability: MaintainabilityScore = {
+    rating: tdrRating,
+    tdrPercent: Number(tdrPercent.toFixed(4)),
+    remediationMinutes,
+    developmentCostMinutes,
+  };
+
+  // ---- Reliability and security dimensions ----
+  const reliability = scoreDimension(reliabilityFindings);
+  const security = scoreDimension(securityFindings);
+
+  // ---- Overall = the worst of the three ----
+  const overallRating = worstOf(maintainability.rating, reliability.rating, security.rating);
+  const passes = !ratingIsWorseThan(overallRating, input.tdrMaxRating);
+
+  return {
+    generatedAt: new Date().toISOString(),
+    workspaceRoot: input.workspaceRoot,
+    loc: { physical: input.workspace.physicalLoc, files: input.workspace.fileCount },
+    findings,
+    maintainability,
+    reliability,
+    security,
+    overall: {
+      rating: overallRating,
+      passes,
+      policyRating: input.tdrMaxRating,
+    },
+    location: {
+      dashboardUrl: input.dashboardUrl,
+      sarifReportPath: input.sarifReportPath,
+    },
+  };
+}
+
+/**
+ * Score a single dimension (reliability or security) from its findings.
+ *
+ * The mapping is intentionally coarse and maps directly from SARIF
+ * levels to letter ratings:
+ *
+ *   - 0 findings                    → A
+ *   - only `note` findings          → B
+ *   - 1+ `warning`, 0 `error`       → C
+ *   - 1–2 `error`                   → D
+ *   - 3+ `error`                    → E
+ *
+ * Projects that stamp explicit blocker / major / minor categories on
+ * their SARIF properties can wrap this function with their own
+ * taxonomy-aware classifier.
+ *
+ * @param findings Findings classified into this dimension.
+ */
+function scoreDimension(findings: ReadonlyArray<{ level: string }>): DimensionScore {
+  let errorCount = 0;
+  let warningCount = 0;
+  let noteCount = 0;
+  for (const f of findings) {
+    if (f.level === "error") errorCount += 1;
+    else if (f.level === "warning") warningCount += 1;
+    else if (f.level === "note") noteCount += 1;
+  }
+  let rating: SeverityRating;
+  if (errorCount >= 3) rating = "E";
+  else if (errorCount >= 1) rating = "D";
+  else if (warningCount >= 1) rating = "C";
+  else if (noteCount >= 1) rating = "B";
+  else rating = "A";
+
+  return {
+    rating,
+    findings: findings.length,
+    errorFindings: errorCount,
+    warningFindings: warningCount,
+    noteFindings: noteCount,
+  };
+}
+
+/**
+ * Return the worst (alphabetically highest) of an arbitrary number of
+ * letter ratings. Used to collapse the three dimension ratings into the
+ * overall project rating.
+ *
+ * @param ratings Two or more letter ratings.
+ * @returns       The worst rating.
+ */
+function worstOf(...ratings: ReadonlyArray<SeverityRating>): SeverityRating {
+  let worst: SeverityRating = "A";
+  for (const r of ratings) {
+    if (ratingIsWorseThan(r, worst)) worst = r;
+  }
+  return worst;
+}
+
+/**
+ * Render a project score as a compact Markdown summary suitable for
+ * display directly in a chat session. Keep it under ~30 lines so it
+ * does not dominate the conversation context.
+ *
+ * @param score The score to render.
+ */
+export function renderProjectScoreMarkdown(score: ProjectScore): string {
+  const verdict = score.overall.passes ? "✅ passes policy" : "❌ FAILS policy";
+  const dashboardLine = score.location.dashboardUrl
+    ? `📊 Dashboard:   ${score.location.dashboardUrl}`
+    : `📊 Dashboard:   <not running — start the MCP server to enable>`;
+
+  return [
+    `## claude-crap :: project score`,
+    ``,
+    `**Overall: ${score.overall.rating}** (${verdict}, policy ceiling = ${score.overall.policyRating})`,
+    ``,
+    `| Dimension       | Rating | Detail                                              |`,
+    `| --------------- | :----: | --------------------------------------------------- |`,
+    `| Maintainability |   ${score.maintainability.rating}    | TDR ${score.maintainability.tdrPercent}% (${score.maintainability.remediationMinutes} min over ${score.loc.physical} LOC) |`,
+    `| Reliability     |   ${score.reliability.rating}    | ${score.reliability.errorFindings} error · ${score.reliability.warningFindings} warning · ${score.reliability.noteFindings} note |`,
+    `| Security        |   ${score.security.rating}    | ${score.security.errorFindings} error · ${score.security.warningFindings} warning · ${score.security.noteFindings} note |`,
+    ``,
+    `Workspace: **${score.loc.physical} LOC** across **${score.loc.files} files**`,
+    `Findings:  **${score.findings.total} total** (${score.findings.error} error · ${score.findings.warning} warning · ${score.findings.note} note)`,
+    `Tools:     ${Object.keys(score.findings.byTool).join(", ") || "<none ingested>"}`,
+    ``,
+    dashboardLine,
+    `📄 Report:      ${score.location.sarifReportPath}`,
+  ].join("\n");
+}

package/src/metrics/tdr.ts

@@ -0,0 +1,155 @@
+/**
+ * Technical Debt Ratio (TDR) — deterministic computation and rating.
+ *
+ * The Technical Debt Ratio expresses how expensive it would be to remediate
+ * all known issues in a scope, relative to how much it would have cost to
+ * write the code in the first place. Formally (see docs/quality-gate.md):
+ *
+ *     TDR = remediationCost / (costPerLine × totalLinesOfCode)
+ *
+ * Where the remediation cost is the sum (in minutes) of every linter /
+ * scanner / mutator finding's individual estimated effort, and the per-line
+ * cost is assumed to be a constant `minutesPerLoc` (industry default: 30
+ * minutes per line of code, including design, writing and review).
+ *
+ * The resulting ratio is converted to a percentage and mapped to a letter
+ * grade A..E. The thresholds are strict and non-negotiable:
+ *
+ *   | Rating | TDR %        | Meaning                                   |
+ *   |--------|--------------|-------------------------------------------|
+ *   | A      | 0..5%        | Excellent — remediation cost is noise     |
+ *   | B      | >5..10%      | Low risk                                  |
+ *   | C      | >10..20%     | Moderate, watch closely                   |
+ *   | D      | >20..50%     | Critical, remediation plan required       |
+ *   | E      | >50%         | Unmaintainable — halt feature work        |
+ *
+ * Rating E always halts the workflow at the Stop quality gate, regardless
+ * of the configured `TDR_MAX_RATING` tolerance.
+ *
+ * @module metrics/tdr
+ */
+
+import type { MaintainabilityRating } from "../config.js";
+
+/**
+ * Inputs required to compute a Technical Debt Ratio over any scope
+ * (project, module, or file).
+ */
+export interface TdrInput {
+  /** Sum of all finding remediation estimates, in minutes. Must be ≥ 0. */
+  readonly remediationMinutes: number;
+  /** Total lines of code in the scope. Must be > 0 (division denominator). */
+  readonly totalLinesOfCode: number;
+  /** Assumed development cost per LOC, in minutes. Must be > 0. */
+  readonly minutesPerLoc: number;
+}
+
+/**
+ * Result of a TDR computation with both the raw ratio and the letter grade.
+ */
+export interface TdrResult {
+  /** Raw ratio (remediation / development), rounded to 6 decimals. */
+  readonly ratio: number;
+  /** Same ratio expressed as a percentage, rounded to 4 decimals. */
+  readonly percent: number;
+  /** Letter grade derived from `percent` via {@link classifyTdr}. */
+  readonly rating: MaintainabilityRating;
+  /** Remediation input, echoed for traceability. */
+  readonly remediationMinutes: number;
+  /** LOC input, echoed for traceability. */
+  readonly totalLinesOfCode: number;
+  /** Computed `minutesPerLoc × totalLinesOfCode`, useful for the dashboard. */
+  readonly developmentCostMinutes: number;
+}
+
+/** Canonical ordering used by {@link ratingToRank}. */
+const RATING_ORDER: ReadonlyArray<MaintainabilityRating> = ["A", "B", "C", "D", "E"];
+
+/**
+ * Convert a letter rating to its numeric rank (A=0, E=4). Useful when
+ * comparing two ratings without relying on lexical order.
+ *
+ * @param rating The rating letter.
+ * @returns      Its rank in `[0, 4]`.
+ */
+export function ratingToRank(rating: MaintainabilityRating): number {
+  return RATING_ORDER.indexOf(rating);
+}
+
+/**
+ * Return `true` when `actual` is strictly worse than `limit`, false otherwise.
+ * Used by the Stop quality gate to decide whether to block task completion.
+ *
+ * @param actual Rating currently achieved by the project.
+ * @param limit  Maximum tolerated rating (worst allowed).
+ * @returns      `true` if `actual` should trigger a block.
+ *
+ * @example
+ * ratingIsWorseThan("D", "C") // → true
+ * ratingIsWorseThan("B", "C") // → false
+ * ratingIsWorseThan("C", "C") // → false (equal, not worse)
+ */
+export function ratingIsWorseThan(
+  actual: MaintainabilityRating,
+  limit: MaintainabilityRating,
+): boolean {
+  return ratingToRank(actual) > ratingToRank(limit);
+}
+
+/**
+ * Map a TDR percentage to its letter rating. The boundaries are inclusive
+ * on the upper end (5% is still an A, 10% is still a B, etc.).
+ *
+ * @param percent TDR expressed as a percentage. Must be ≥ 0.
+ * @returns       Letter rating A..E.
+ * @throws        When `percent` is negative or not finite.
+ */
+export function classifyTdr(percent: number): MaintainabilityRating {
+  if (!Number.isFinite(percent) || percent < 0) {
+    throw new Error(`[tdr] percent is invalid: ${percent}`);
+  }
+  if (percent <= 5) return "A";
+  if (percent <= 10) return "B";
+  if (percent <= 20) return "C";
+  if (percent <= 50) return "D";
+  return "E";
+}
+
+/**
+ * Compute the Technical Debt Ratio for a scope and return the full result.
+ * This function is pure and deterministic.
+ *
+ * @param input Remediation minutes, total LOC and the cost-per-line assumption.
+ * @returns     A {@link TdrResult} ready to be serialized to SARIF properties.
+ * @throws      When any numeric input is out of range.
+ *
+ * @example
+ * // 240 minutes of remediation across 500 LOC at 30 min/LOC
+ * computeTdr({ remediationMinutes: 240, totalLinesOfCode: 500, minutesPerLoc: 30 })
+ * // → { ratio: 0.016, percent: 1.6, rating: "A", ... }
+ */
+export function computeTdr(input: TdrInput): TdrResult {
+  if (input.totalLinesOfCode <= 0) {
+    throw new Error(`[tdr] totalLinesOfCode must be > 0, got ${input.totalLinesOfCode}`);
+  }
+  if (input.minutesPerLoc <= 0) {
+    throw new Error(`[tdr] minutesPerLoc must be > 0, got ${input.minutesPerLoc}`);
+  }
+  if (input.remediationMinutes < 0) {
+    throw new Error(`[tdr] remediationMinutes must be ≥ 0, got ${input.remediationMinutes}`);
+  }
+
+  const developmentCostMinutes = input.minutesPerLoc * input.totalLinesOfCode;
+  const ratio = input.remediationMinutes / developmentCostMinutes;
+  const percent = ratio * 100;
+  const rating = classifyTdr(percent);
+
+  return {
+    ratio: Number(ratio.toFixed(6)),
+    percent: Number(percent.toFixed(4)),
+    rating,
+    remediationMinutes: input.remediationMinutes,
+    totalLinesOfCode: input.totalLinesOfCode,
+    developmentCostMinutes,
+  };
+}