feat: Implement BsonJsonConverter for converting BsonDocument and BsonArray to JSON
fix: Update project file to include MongoDB.Bson package
test: Add GraphOverlayExporterTests to validate NDJSON export functionality
refactor: Refactor Program.cs in Attestation Tool for improved argument parsing and error handling
docs: Update README for stella-forensic-verify with usage instructions and exit codes
feat: Enhance HmacVerifier with clock skew and not-after checks
feat: Add MerkleRootVerifier and ChainOfCustodyVerifier for additional verification methods
fix: Update DenoRuntimeShim to correctly handle file paths
feat: Introduce ComposerAutoloadData and related parsing in ComposerLockReader
test: Add tests for Deno runtime execution and verification
test: Enhance PHP package tests to include autoload data verification
test: Add unit tests for HmacVerifier and verification logic
- Implemented the PhpAnalyzerPlugin to analyze PHP projects.
- Created ComposerLockData class to represent data from composer.lock files.
- Developed ComposerLockReader to load and parse composer.lock files asynchronously.
- Introduced ComposerPackage class to encapsulate package details.
- Added PhpPackage class to represent PHP packages with metadata and evidence.
- Implemented PhpPackageCollector to gather packages from ComposerLockData.
- Created PhpLanguageAnalyzer to perform analysis and emit results.
- Added capability signals for known PHP frameworks and CMS.
- Developed unit tests for the PHP language analyzer and its components.
- Included sample composer.lock and expected output for testing.
- Updated project files for the new PHP analyzer library and tests.
- Implement `SbomIngestServiceCollectionExtensionsTests` to verify the SBOM ingestion pipeline exports snapshots correctly.
- Create `SbomIngestTransformerTests` to ensure the transformation produces expected nodes and edges, including deduplication of license nodes and normalization of timestamps.
- Add `SbomSnapshotExporterTests` to test the export functionality for manifest, adjacency, nodes, and edges.
- Introduce `VexOverlayTransformerTests` to validate the transformation of VEX nodes and edges.
- Set up project file for the test project with necessary dependencies and configurations.
- Include JSON fixture files for testing purposes.
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes.
- Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes.
- Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables.
- Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
