license switch agpl -> busl1, sprints work, new product advisories

docs/modules/attestor/implementation_plan.md

@@ -0,0 +1,32 @@
+# Attestor Implementation Plan
+
+## Purpose
+Provide a concise, living plan for Attestor feature delivery, timestamping, and offline verification workflows.
+
+## Active work
+- `docs/implplan/SPRINT_20260119_010_Attestor_tst_integration.md`
+- `docs/implplan/SPRINT_20260119_013_Attestor_cyclonedx_1.7_generation.md`
+- `docs/implplan/SPRINT_20260119_014_Attestor_spdx_3.0.1_generation.md`
+
+## Near-term deliverables
+- RFC-3161 timestamping integration (signing, verification, policy context).
+- CycloneDX 1.7 predicate writer updates and determinism tests.
+- SPDX 3.0.1 predicate writer updates and determinism tests.
+- CLI workflows for attestation timestamp handling.
+
+## Dependencies
+- Authority timestamping services and TSA client integrations.
+- EvidenceLocker timestamp storage and verification utilities.
+- Policy evaluation integration for timestamp assertions.
+
+## Evidence of completion
+- Attestor timestamping library changes under `src/Attestor/__Libraries/`.
+- Updated CLI command handlers and tests under `src/Cli/`.
+- Deterministic unit tests and fixtures in `src/Attestor/__Tests/`.
+- Documentation updates under `docs/modules/attestor/`.
+
+## Reference docs
+- `docs/modules/attestor/README.md`
+- `docs/modules/attestor/architecture.md`
+- `docs/modules/attestor/rekor-verification-design.md`
+- `docs/modules/platform/architecture-overview.md`