diff --git a/code-reviews/README.md b/code-reviews/README.md
index a9fd182a..568bed85 100644
--- a/code-reviews/README.md
+++ b/code-reviews/README.md
@@ -29,24 +29,33 @@ Each module's `findings.md` is the source of truth; this file is generated from
 | [Core.VirtualTags](Core.VirtualTags/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 16 |
 | [Driver.AbCip](Driver.AbCip/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 1 | 17 |
 | [Driver.AbCip.Cli](Driver.AbCip.Cli/findings.md) | Claude Code | 2026-06-19 | `c95a8c6b` | Reviewed | 0 | 10 |
+| [Driver.AbCip.Contracts](Driver.AbCip.Contracts/findings.md) | Claude Code | 2026-06-19 | `a19b0f86` | Reviewed | 4 | 6 |
 | [Driver.AbLegacy](Driver.AbLegacy/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 15 |
 | [Driver.AbLegacy.Cli](Driver.AbLegacy.Cli/findings.md) | Claude Code | 2026-06-19 | `111d6983` | Reviewed | 0 | 8 |
+| [Driver.AbLegacy.Contracts](Driver.AbLegacy.Contracts/findings.md) | Claude Code | 2026-06-19 | `a19b0f86` | Reviewed | 3 | 4 |
 | [Driver.Cli.Common](Driver.Cli.Common/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 10 |
 | [Driver.FOCAS](Driver.FOCAS/findings.md) | Claude Code | 2026-06-19 | `04e0877b` (re-review; prior `76d35d1`) | Reviewed | 0 | 12 |
 | [Driver.FOCAS.Cli](Driver.FOCAS.Cli/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 7 |
+| [Driver.FOCAS.Contracts](Driver.FOCAS.Contracts/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 1 | 4 |
 | [Driver.Galaxy](Driver.Galaxy/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 1 | 19 |
 | [Driver.Galaxy.Browser](Driver.Galaxy.Browser/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 1 | 4 |
+| [Driver.Galaxy.Contracts](Driver.Galaxy.Contracts/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 1 | 3 |
 | [Driver.Historian.Wonderware](Driver.Historian.Wonderware/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 12 |
 | [Driver.Historian.Wonderware.Client](Driver.Historian.Wonderware.Client/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 13 |
+| [Driver.Historian.Wonderware.Client.Contracts](Driver.Historian.Wonderware.Client.Contracts/findings.md) | Claude Code | 2026-06-19 | `a19b0f86` | Reviewed | 0 | 4 |
 | [Driver.Modbus](Driver.Modbus/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 14 |
 | [Driver.Modbus.Addressing](Driver.Modbus.Addressing/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 11 |
 | [Driver.Modbus.Cli](Driver.Modbus.Cli/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 11 |
+| [Driver.Modbus.Contracts](Driver.Modbus.Contracts/findings.md) | Claude Code | 2026-06-19 | `a19b0f86` | Reviewed | 0 | 4 |
 | [Driver.OpcUaClient](Driver.OpcUaClient/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 16 |
 | [Driver.OpcUaClient.Browser](Driver.OpcUaClient.Browser/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 2 |
+| [Driver.OpcUaClient.Contracts](Driver.OpcUaClient.Contracts/findings.md) | Claude Code | 2026-06-19 | `a19b0f86` | Reviewed | 1 | 3 |
 | [Driver.S7](Driver.S7/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 16 |
 | [Driver.S7.Cli](Driver.S7.Cli/findings.md) | Claude Code | 2026-06-19 | `111d6983` | Reviewed | 0 | 12 |
+| [Driver.S7.Contracts](Driver.S7.Contracts/findings.md) | Claude Code | 2026-06-19 | `a19b0f86` | Reviewed | 0 | 3 |
 | [Driver.TwinCAT](Driver.TwinCAT/findings.md) | Claude Code | 2026-06-19 | `04e0877b` | Reviewed | 0 | 17 |
 | [Driver.TwinCAT.Cli](Driver.TwinCAT.Cli/findings.md) | Claude Code | 2026-06-19 | `111d6983` | Reviewed | 0 | 9 |
+| [Driver.TwinCAT.Contracts](Driver.TwinCAT.Contracts/findings.md) | Claude Code | 2026-06-19 | `a19b0f86` | Reviewed | 1 | 2 |
 | [Host](Host/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 1 | 4 |
 | [OpcUaServer](OpcUaServer/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 4 | 6 |
 | [Runtime](Runtime/findings.md) | Claude Code | 2026-06-19 | `7286d320` | Reviewed | 0 | 6 |
@@ -61,6 +70,7 @@ Findings with status `Open` or `In Progress`, ordered by severity.
 |---|---|---|---|---|
 | AdminUI-001 | Medium | Security | `Components/Pages/ScriptEdit.razor:5`, `Components/Pages/Scripts.razor` | The Script CRUD surface (`/scripts/new`, `/scripts/{id}`, and the `/scripts` list) is gated by only `[Authorize]` (any authenticated user), whereas the *same editor's* Roslyn-analysis backend (`ScriptAnalysisEndpoints`) requires the `Fleet… |
 | Configuration-013 | Medium | Design-document adherence | `src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Validation/DraftValidator.cs:243` (`ValidateClusterTopology`) | `DraftValidator.ValidateClusterTopology` is documented as the managed pre-publish guard that catches cluster-topology drift the SQL `CK_ServerCluster_RedundancyMode_NodeCount` check cannot see — specifically an operator disabling a `Cluste… |
+| Driver.AbCip.Contracts-001 | Medium | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Contracts/AbCipEquipmentTagParser.cs:42` | `AbCipEquipmentTagParser.TryParse` hard-codes `Writable: true` on every equipment-tag definition it produces, regardless of any `writable` field in the TagConfig JSON. The consequence is that an operator who intends a read-only equipment t… |
 | OpcUaServer-001 | Medium | Correctness & logic bugs | `AddressSpacePlan.cs:56` (`AddressSpacePlan.IsEmpty`), `AddressSpacePlan.cs:80` (`AddressSpacePlanner.Compute`) | `AddressSpaceComposition` carries the UNS topology (`UnsAreas` + `UnsLines`), and `AddressSpaceApplier.MaterialiseHierarchy` uses each area's/line's `DisplayName` for the OPC UA folder display name. But `AddressSpacePlanner.Compute` only d… |
 | OpcUaServer-002 | Medium | Correctness & logic bugs | `OtOpcUaNodeManager.cs:1748` (`HistoryReadEvents`), `OtOpcUaNodeManager.cs:1814` (`ClampToInt`) | For HistoryRead-Events, `HistoryReadEvents` passes `ClampToInt(details.NumValuesPerNode)` to `IHistorianDataSource.ReadEventsAsync(maxEvents)` and always returns the result with `ContinuationPoint = null` ("the full window in one shot"). T… |
 | AdminUI-004 | Low | Security | `Hubs/FleetStatusHub.cs`, `Hubs/AlertHub.cs`, `Hubs/ScriptLogHub.cs` (vs `Hubs/DriverStatusHub.cs:12`) | Of the four SignalR hubs mapped by `MapOtOpcUaHubs`, only `DriverStatusHub` carries an explicit `[Authorize]` attribute. `FleetStatusHub`, `AlertHub`, and `ScriptLogHub` (which broadcast fleet status, alarm transitions with equipment paths… |
@@ -69,8 +79,18 @@ Findings with status `Open` or `In Progress`, ordered by severity.
 | Core.Scripting.Abstractions-004 | Low | Correctness & logic bugs | `src/Core/ZB.MOM.WW.OtOpcUa.Core.Scripting.Abstractions/ScriptContext.cs:84` | `ScriptContext.Deadband` has no guard or documentation for invalid `tolerance` values. A negative `tolerance` makes `Math.Abs(current - previous) > tolerance` trivially `true` for all finite inputs (any absolute value exceeds a negative nu… |
 | Core.Scripting.Abstractions-007 | Low | Design-document adherence | `docs/ScriptedAlarms.md:298` | `docs/ScriptedAlarms.md` line 298 lists the file path as `src/Core/ZB.MOM.WW.OtOpcUa.Core.ScriptedAlarms/AlarmPredicateContext.cs`. The file was moved to `src/Core/ZB.MOM.WW.OtOpcUa.Core.Scripting.Abstractions/AlarmPredicateContext.cs` as… |
 | Driver.AbCip-017 | Low | Documentation & comments | `AbCipAlarmProjection.cs:173-185` (`Tick`) | `AbCipAlarmProjection.Tick` gates each node on the `InFaulted` snapshot's `StatusCode` (`if (inFaultedDv.StatusCode != Good) continue;`) but reads the `Severity` snapshot's *value* without checking *its* `StatusCode`. When a severity read… |
+| Driver.AbCip.Contracts-002 | Low | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Contracts/AbCipDataType.cs:28` | The inline comment on `AbCipDataType.Dt` reads: ``` Dt, // Date/Time — Logix DT == DINT representing seconds-since-epoch per Rockwell conventions ``` This description is inaccurate in two ways. First, `CipSymbolObjectDecoder` (in the drive… |
+| Driver.AbCip.Contracts-003 | Low | Code organization & conventions | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Contracts/AbCipDriverOptions.cs:84-85` | `AbCipDriverOptions.ProbeTimeoutSeconds` carries `[Display]` and `[Range(1, 60)]` attributes from `System.ComponentModel.DataAnnotations`. No other driver contracts project (Modbus, S7, AbLegacy, Galaxy, TwinCAT, FOCAS, OpcUaClient) annota… |
+| Driver.AbCip.Contracts-004 | Low | Testing coverage | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Contracts/AbCipEquipmentTagParser.cs` (entire file) | The contracts module has no dedicated test project, and `AbCipEquipmentTagParser.TryParse` is the module's only non-trivial logic. Its `ReadArrayShape` helper has four distinct outcome branches; the method also has multiple early-return pa… |
+| Driver.AbLegacy.Contracts-002 | Low | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy.Contracts/AbLegacyEquipmentTagParser.cs:15` | `AbLegacyEquipmentTagParser.TryParse` has an undocumented edge case: when `isArray` is the JSON literal `true` but `arrayLength` is absent, zero, or negative, `ReadInt` returns `0`, the `rawLength >= 1` guard fails, and `arrayLength` stays… |
+| Driver.AbLegacy.Contracts-003 | Low | OtOpcUa conventions | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy.Contracts/AbLegacyPlcFamilyProfile.cs:10` | `AbLegacyPlcFamilyProfile.MaxTagBytes` is a record constructor parameter populated with distinct values per family (240/232/240/240), but a global search finds zero call sites that read this property anywhere in the codebase -- not in `AbL… |
+| Driver.AbLegacy.Contracts-004 | Low | Code organization & conventions | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy.Contracts/AbLegacyPlcFamilyProfile.cs:22` | `AbLegacyPlcFamilyProfile.ForFamily` has a catch-all arm `_ => Slc500` that silently returns the SLC 500 profile for any unrecognised `AbLegacyPlcFamily` value (e.g. an integer cast). The XML doc on `ForFamily` does not mention the fallbac… |
+| Driver.FOCAS.Contracts-002 | Low | Design-document adherence | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.FOCAS.Contracts/FocasDriverOptions.cs:139-145` | `FocasTagDefinition` carries a `WriteIdempotent` field (default `false`) that the FOCAS driver never reads anywhere — neither in `DiscoverAsync`, `ReadAsync`, nor `WriteAsync`. `DiscoverAsync` always passes `WriteIdempotent: false` to `Dri… |
 | Driver.Galaxy-019 | Low | Error handling & resilience | `Runtime/GatewayGalaxySubscriber.cs:89-100` | `GatewayGalaxySubscriber.EnsureSessionIntervalAsync` applies the session-level `SetBufferedUpdateInterval` command and then caches the requested interval in `_lastAppliedIntervalMs` so later `SubscribeBulk` calls skip a redundant set. The… |
 | Driver.Galaxy.Browser-003 | Low | Code organization & conventions | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Browser/GalaxyDriverBrowser.cs:149` | `GalaxyDriverBrowser.ResolveApiKey` is a verbatim copy of `GalaxyDriver.ResolveApiKey`. The comment acknowledges this and explains why the Browser project intentionally does not reference Driver.Galaxy. However, Finding Driver.Galaxy.Brows… |
+| Driver.Galaxy.Contracts-003 | Low | Code organization & conventions | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Browser/GalaxyDriverBrowser.cs:149` (duplicate) and `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy/GalaxyDriver.cs:472` (original) | `GalaxyDriver.ResolveApiKey` (the four-form `env:`/`file:`/`dev:`/literal resolver, ~45 LOC) is duplicated verbatim as `GalaxyDriverBrowser.ResolveApiKey`. The Browser copy acknowledges this in its XML doc ("Slim mirror of `GalaxyDriver.Re… |
+| Driver.OpcUaClient.Contracts-002 | Low | OtOpcUa conventions / Design-document adherence | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.Contracts/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.Contracts.csproj:9` | The Contracts project carries a direct `PackageReference` to `OPCFoundation.NetStandard.Opc.Ua.Client` solely to support `NamespaceMap`. This makes the Contracts project not a lightweight DTO/enum assembly: every consumer (AdminUI serializ… |
+| Driver.TwinCAT.Contracts-002 | Low | Documentation & comments | `TwinCATDataType.cs:33` (`Structure` member) | The `Structure` enum member's XML summary says "UDT / FB instance. Resolved per member at discovery time." This is accurate for the discovery path, but the comment omits that `Structure` is **rejected at pre-declaration time** by `TwinCATD… |
 | Host-003 | Low | Design-document adherence | `docs/ServiceHosting.md` (section "Per-role configuration overlays") | `docs/ServiceHosting.md` states the configuration loading order as "base `appsettings.json` → role overlay (`appsettings.{role}.json`) → environment overlay (`appsettings.{Environment}.json`) — later layers win." This is incorrect. The act… |
 | OpcUaServer-003 | Low | Correctness & logic bugs | `OtOpcUaNodeManager.cs:1978` (`ServeRawPaged`), `HistoryPaging.cs` (whole), `HistoryPaging.cs:213` (`SliceTieCluster` `next <= endUtc`) | The Raw paging chain treats `endUtc` as an **inclusive** upper bound throughout — the `HistoryContinuationState`/`HistoryPaging` XML docs all say "the original (inclusive) end of the window", and `SliceTieCluster` advances with `next <= en… |
 | OpcUaServer-004 | Low | Error handling & resilience | `OtOpcUaNodeManager.cs:1597` (`ResolveParentFolder`), and every public sink mutator that calls it (`EnsureFolder` 1278, `EnsureVariable` 1335, `MaterialiseAlarmCondition` 597, plus `WriteValue`/`WriteAlarmCondition` `CreateVariable`) | `ResolveParentFolder` dereferences `_root!` with the null-forgiving operator, and `CreateVariable` uses `_root` (`AddChild`). `_root` is only assigned in `CreateAddressSpace`, which the SDK invokes during `StandardServer` start. Every publ… |
@@ -120,6 +140,7 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.Galaxy.Browser-001 | High | Resolved | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Browser/GalaxyBrowseSession.cs:152` |
 | Driver.Historian.Wonderware-001 | High | Resolved | Correctness and logic bugs | `Backend/SdkAlarmHistorianWriteBackend.cs:68`, `Backend/AahClientManagedAlarmEventWriter.cs:82-103` |
 | Driver.Historian.Wonderware.Client-001 | High | Resolved | Correctness & logic bugs | `WonderwareHistorianClient.cs:98-113` |
+| Driver.Historian.Wonderware.Client.Contracts-001 | High | Resolved | Security | `WonderwareHistorianClientOptions.cs:24-30` |
 | Driver.Modbus-001 | High | Resolved | Concurrency & thread safety | `ModbusDriver.cs:92,99-122` |
 | Driver.Modbus.Addressing-001 | High | Resolved | Correctness & logic bugs | `ModbusAddressParser.cs:230-235`, `DirectLogicAddress.cs:66-73` |
 | Driver.OpcUaClient-001 | High | Resolved | Correctness & logic bugs | `OpcUaClientDriver.cs:444`, `:466`, `:517`, `:540`, `:599`, `:610` |
@@ -232,6 +253,7 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.Galaxy-014 | Medium | Resolved | Testing coverage | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy` (module-wide) |
 | Driver.Galaxy-016 | Medium | Resolved | Performance & resource management | `ZB.MOM.WW.OtOpcUa.Driver.Galaxy.csproj:43-47`, `libs/README.md:32-37` |
 | Driver.Galaxy.Browser-002 | Medium | Resolved | Concurrency & thread safety | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Browser/GalaxyBrowseSession.cs:167` |
+| Driver.Galaxy.Contracts-002 | Medium | Resolved | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Contracts/GalaxyDriverOptions.cs:91` |
 | Driver.Historian.Wonderware-002 | Medium | Resolved | Correctness and logic bugs | `Ipc/HistorianFrameHandler.cs:162`, `:181` |
 | Driver.Historian.Wonderware-003 | Medium | Resolved | Correctness and logic bugs | `Backend/HistorianDataSource.cs:320-323`, `:457-460` |
 | Driver.Historian.Wonderware-006 | Medium | Resolved | Error handling and resilience | `Ipc/PipeServer.cs:120-128` |
@@ -240,6 +262,8 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.Historian.Wonderware.Client-005 | Medium | Resolved | Error handling & resilience | `Ipc/FrameReader.cs:31-32` |
 | Driver.Historian.Wonderware.Client-007 | Medium | Resolved | Security | `WonderwareHistorianClient.cs:276` |
 | Driver.Historian.Wonderware.Client-009 | Medium | Resolved | Testing coverage | `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client.Tests/WonderwareHistorianClientTests.cs` |
+| Driver.Historian.Wonderware.Client.Contracts-002 | Medium | Deferred | Security | `WonderwareHistorianClientOptions.cs:50-54` |
+| Driver.Historian.Wonderware.Client.Contracts-003 | Medium | Resolved | Correctness & logic bugs | `WonderwareHistorianClientOptions.cs:26` |
 | Driver.Modbus-002 | Medium | Resolved | Correctness & logic bugs | `ModbusDriver.cs:127-186` |
 | Driver.Modbus-004 | Medium | Resolved | Performance & resource management | `ModbusDriver.cs:1468-1473` |
 | Driver.Modbus-005 | Medium | Resolved | Correctness & logic bugs | `ModbusDriver.cs:777-798,323-330` |
@@ -251,6 +275,8 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.Modbus.Addressing-008 | Medium | Resolved | Testing coverage | `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Addressing.Tests/` |
 | Driver.Modbus.Cli-001 | Medium | Resolved | Correctness & logic bugs | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/SubscribeCommand.cs:43-51` |
 | Driver.Modbus.Cli-002 | Medium | Resolved | Correctness & logic bugs | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/WriteCommand.cs:54-89` |
+| Driver.Modbus.Contracts-001 | Medium | Resolved | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Contracts/ModbusEquipmentTagParser.cs:35` |
+| Driver.Modbus.Contracts-002 | Medium | Resolved | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Contracts/ModbusEquipmentTagParser.cs:36` |
 | Driver.OpcUaClient-006 | Medium | Resolved | Concurrency & thread safety | `OpcUaClientDriver.cs:1330-1359` |
 | Driver.OpcUaClient-007 | Medium | Resolved | Concurrency & thread safety | `OpcUaClientDriver.cs:1374`, `:1376-1383`, `:508` |
 | Driver.OpcUaClient-008 | Medium | Resolved | Error handling & resilience | `OpcUaClientDriver.cs:1092-1099` |
@@ -259,6 +285,7 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.OpcUaClient-012 | Medium | Resolved | Security | `OpcUaClientDriver.cs:210-217` |
 | Driver.OpcUaClient-013 | Medium | Resolved | Performance & resource management | `OpcUaClientDriver.cs:436-437` |
 | Driver.OpcUaClient-015 | Medium | Resolved | Testing coverage | `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.Tests/*`, `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.IntegrationTests/OpcUaClientSmokeTests.cs` |
+| Driver.OpcUaClient.Contracts-001 | Medium | Resolved | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.Contracts/NamespaceMap.cs:118-134` |
 | Driver.S7-002 | Medium | Resolved | Correctness & logic bugs | `S7Driver.cs:350` |
 | Driver.S7-004 | Medium | Resolved | OtOpcUa conventions | `S7Driver.cs` (whole file) |
 | Driver.S7-008 | Medium | Resolved | Error handling & resilience | `S7Driver.cs:286` |
@@ -402,6 +429,8 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.AbCip.Cli-008 | Low | Resolved | Documentation & comments | `docs/Driver.AbCip.Cli.md:8-9` |
 | Driver.AbCip.Cli-009 | Low | Resolved | Documentation & comments | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Cli/Program.cs:9` |
 | Driver.AbCip.Cli-010 | Low | Resolved | Documentation & comments | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Cli/Commands/ReadCommand.cs:26` |
+| Driver.AbCip.Contracts-005 | Low | Resolved | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Contracts/AbCipDriverOptions.cs:141-145` |
+| Driver.AbCip.Contracts-006 | Low | Resolved | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbCip.Contracts/AbCipEquipmentTagParser.cs:11-14` |
 | Driver.AbLegacy-005 | Low | Resolved | OtOpcUa conventions | `AbLegacyDriver.cs` (whole file) |
 | Driver.AbLegacy-011 | Low | Resolved | Performance & resource management | `AbLegacyDriver.cs:440` |
 | Driver.AbLegacy-013 | Low | Resolved | Code organization & conventions | `AbLegacyDriver.cs:340-345`, `AbLegacyDriver.cs:238-264` |
@@ -413,6 +442,7 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.AbLegacy.Cli-006 | Low | Resolved | Code organization & conventions | `Commands/ProbeCommand.cs:20-22` |
 | Driver.AbLegacy.Cli-007 | Low | Resolved | Testing coverage | `tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy.Cli.Tests/WriteCommandParseValueTests.cs` |
 | Driver.AbLegacy.Cli-008 | Low | Resolved | Error handling & resilience / Performance & resource management | `Commands/ProbeCommand.cs:58-61`, `Commands/ReadCommand.cs:52-55`, `Commands/WriteCommand.cs:62-65`, `Commands/SubscribeCommand.cs:88-96` |
+| Driver.AbLegacy.Contracts-001 | Low | Resolved | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy.Contracts/AbLegacyDriverOptions.cs:48` |
 | Driver.Cli.Common-004 | Low | Resolved | Error handling & resilience | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/SnapshotFormatter.cs:68-70` |
 | Driver.Cli.Common-006 | Low | Resolved | Documentation & comments | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/SnapshotFormatter.cs:71`, `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common/DriverCommandBase.cs:9` |
 | Driver.Cli.Common-008 | Low | Resolved | Testing coverage | `tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Cli.Common.Tests/SnapshotFormatterTests.cs:50-64` |
@@ -430,6 +460,9 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.FOCAS.Cli-005 | Low | Resolved | Design-document adherence | `Commands/WriteCommand.cs:50`, `Commands/ProbeCommand.cs:50` (via `SnapshotFormatter.FormatStatus`) |
 | Driver.FOCAS.Cli-006 | Low | Resolved | Code organization & conventions | `Commands/ProbeCommand.cs`, `Commands/ReadCommand.cs`, `Commands/WriteCommand.cs`, `Commands/SubscribeCommand.cs` |
 | Driver.FOCAS.Cli-007 | Low | Resolved | Documentation & comments | `Commands/SubscribeCommand.cs:113-120` |
+| Driver.FOCAS.Contracts-001 | Low | Won't Fix | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.FOCAS.Contracts/FocasDriverOptions.cs:144` |
+| Driver.FOCAS.Contracts-003 | Low | Resolved | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.FOCAS.Contracts/FocasDriverOptions.cs:147-155` |
+| Driver.FOCAS.Contracts-004 | Low | Resolved | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.FOCAS.Contracts/FocasDriverOptions.cs:107-131` |
 | Driver.Galaxy-005 | Low | Resolved | OtOpcUa conventions | `Runtime/EventPump.cs:81-88` |
 | Driver.Galaxy-010 | Low | Resolved | Security | `GalaxyDriver.cs:311-341` |
 | Driver.Galaxy-012 | Low | Resolved | Performance & resource management | `Runtime/SubscriptionRegistry.cs:65-67`, `GalaxyDriver.cs:538`, `GalaxyDriver.cs:675` |
@@ -437,6 +470,7 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.Galaxy-017 | Low | Deferred | Design-document adherence | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy/` (no source change), gateway proto contract |
 | Driver.Galaxy-018 | Low | Resolved | Documentation & comments | `libs/README.md:32-37`, `ZB.MOM.WW.OtOpcUa.Driver.Galaxy.csproj:40-47` |
 | Driver.Galaxy.Browser-004 | Low | Resolved | Testing coverage | `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Browser.Tests/GalaxyBrowseSessionTests.cs` |
+| Driver.Galaxy.Contracts-001 | Low | Resolved | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Contracts/GalaxyDriverOptions.cs:43` |
 | Driver.Historian.Wonderware-004 | Low | Resolved | Correctness and logic bugs | `Backend/SdkAlarmHistorianWriteBackend.cs:198-201` |
 | Driver.Historian.Wonderware-005 | Low | Resolved | Concurrency and thread safety | `Backend/HistorianDataSource.cs:124`, `:126-127` |
 | Driver.Historian.Wonderware-007 | Low | Resolved | Error handling and resilience | `Ipc/PipeServer.cs:70-75` |
@@ -452,6 +486,7 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.Historian.Wonderware.Client-011 | Low | Resolved | Concurrency & thread safety | `Ipc/FrameWriter.cs:47` |
 | Driver.Historian.Wonderware.Client-012 | Low | Resolved | Performance & resource management | `Internal/FrameChannel.cs:38` |
 | Driver.Historian.Wonderware.Client-013 | Low | Resolved | Testing coverage | `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client.Tests/ContractsWireParityTests.cs` |
+| Driver.Historian.Wonderware.Client.Contracts-004 | Low | Resolved | Documentation & comments | `WonderwareHistorianClientOptions.cs:50-54` |
 | Driver.Modbus-003 | Low | Resolved | Concurrency & thread safety | `ModbusDriver.cs:59,188,241,259,266,726,745,759` |
 | Driver.Modbus-007 | Low | Resolved | Design-document adherence | `ModbusDriver.cs:1392`, `ModbusDriverOptions.cs:74-80` |
 | Driver.Modbus-008 | Low | Resolved | Documentation & comments | `ModbusDriver.cs:411-417,700-703,737-744` |
@@ -475,11 +510,14 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.Modbus.Cli-009 | Low | Resolved | Performance & resource management | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/ProbeCommand.cs:68`; `ReadCommand.cs:86`; `WriteCommand.cs:112`; `SubscribeCommand.cs:129` |
 | Driver.Modbus.Cli-010 | Low | Resolved | Error handling & resilience | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/SubscribeCommand.cs:36` |
 | Driver.Modbus.Cli-011 | Low | Resolved | Correctness & logic bugs | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/SubscribeCommand.cs:119-122` |
+| Driver.Modbus.Contracts-003 | Low | Resolved | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Contracts/ModbusDriverOptions.cs:40` |
+| Driver.Modbus.Contracts-004 | Low | Resolved | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Contracts/ModbusDriverOptions.cs:53-60` |
 | Driver.OpcUaClient-011 | Low | Resolved | Documentation & comments | `OpcUaClientDriver.cs:1007-1015` |
 | Driver.OpcUaClient-014 | Low | Resolved | Performance & resource management | `OpcUaClientDriver.cs:1138`, `:1314` |
 | Driver.OpcUaClient-016 | Low | Resolved | Performance & resource management / Error handling & resilience | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient/OpcUaClientDriver.cs:934-948` |
 | Driver.OpcUaClient.Browser-001 | Low | Resolved | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.Browser/OpcUaClientBrowseSession.cs:66` |
 | Driver.OpcUaClient.Browser-002 | Low | Deferred | Performance & resource management | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.Browser/OpcUaClientBrowseSession.cs:112-125` |
+| Driver.OpcUaClient.Contracts-003 | Low | Resolved | Code organization & conventions | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.Contracts/OpcUaClientDriverOptions.cs:131-138`, `:174-176` |
 | Driver.S7-003 | Low | Resolved | Correctness & logic bugs | `S7Driver.cs:172`, `S7Driver.cs:255` |
 | Driver.S7-005 | Low | Resolved | OtOpcUa conventions | `S7Driver.cs:33`, `S7Driver.cs:433` |
 | Driver.S7-009 | Low | Resolved | Error handling & resilience | `S7Driver.cs:392` |
@@ -494,6 +532,9 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.S7.Cli-010 | Low | Resolved | Code organization & conventions | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli/Commands/SubscribeCommand.cs` |
 | Driver.S7.Cli-011 | Low | Resolved | Concurrency & thread safety | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli/Commands/SubscribeCommand.cs:61-67` |
 | Driver.S7.Cli-012 | Low | Deferred | Design-document adherence | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.S7.Cli/Commands/ProbeCommand.cs` |
+| Driver.S7.Contracts-001 | Low | Resolved | Documentation & comments | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.S7.Contracts/S7DriverOptions.cs:107` |
+| Driver.S7.Contracts-002 | Low | Resolved | Correctness & logic bugs | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.S7.Contracts/S7EquipmentTagParser.cs:38` |
+| Driver.S7.Contracts-003 | Low | Deferred | Design-document adherence | `docs/v2/driver-specs.md:369` |
 | Driver.TwinCAT-004 | Low | Resolved | Correctness & logic bugs | `TwinCATDataType.cs:24-27` |
 | Driver.TwinCAT-006 | Low | Resolved | OtOpcUa conventions | `TwinCATDriver.cs:406-411` |
 | Driver.TwinCAT-014 | Low | Resolved | Design-document adherence | `TwinCATDriverOptions.cs:41-43`, `TwinCATDriverOptions.cs:57-62`, `AdsTwinCATClient.cs:145` |
@@ -508,6 +549,7 @@ Findings with status `Resolved`, `Won't Fix`, or `Deferred`.
 | Driver.TwinCAT.Cli-007 | Low | Resolved | Documentation & comments | `TwinCATCommandBase.cs:31-36` |
 | Driver.TwinCAT.Cli-008 | Low | Resolved | Error handling & resilience | `Commands/WriteCommand.cs:73-93` |
 | Driver.TwinCAT.Cli-009 | Low | Resolved | Error handling & resilience | `Commands/BrowseCommand.cs:62-65`, `Commands/ProbeCommand.cs:59-62`, `Commands/ReadCommand.cs:50-53`, `Commands/WriteCommand.cs:63-67`, `Commands/SubscribeCommand.cs:103-111` |
+| Driver.TwinCAT.Contracts-001 | Low | Resolved | Correctness & logic bugs | `TwinCATEquipmentTagParser.cs:56-66` (`ReadArrayLength`) |
 | Host-004 | Low | Resolved | Documentation & comments | `src/Server/ZB.MOM.WW.OtOpcUa.Host/Observability/ObservabilityExtensions.cs:41–42` |
 | OpcUaServer-005 | Low | Won't Fix | Testing coverage | `OtOpcUaNodeManager.cs:2049` (`ServeRawPaged` tie-cluster stall path), `OtOpcUaNodeManager.cs:2068` (absurd-burst backstop) |
 | OpcUaServer-006 | Low | Resolved | Documentation & comments | `OtOpcUaNodeManager.cs:11-30` (class XML doc), `OpcUaApplicationHost.cs:88-93` / `OpcUaApplicationHost.cs:421-423` (F13/F13c follow-up notes) |