# SLSA v1 Provenance Predicate with Validation and Build Material Tracking

## Module
Attestor

## Status
IMPLEMENTED

## Description
Full SLSA v1 provenance predicates with parsing, schema validation (build definition, run details, level checks), and build material/metadata/invocation models.

## Implementation Details
- **SLSA Provenance Parser**: `src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/Parsers/SlsaProvenancePredicateParser.cs` -- parses SLSA v1 provenance predicates.
  - `.ExtractMetadata` -- extracts builder, build type, and invocation metadata.
  - `.Validation` -- validates provenance structure and required fields.
- **SLSA Schema Validator**: `Validation/SlsaSchemaValidator.cs` -- comprehensive SLSA schema validation:
  - `.BuildDefinition` -- validates build definition (build type, external parameters, internal parameters, resolved dependencies).
  - `.RunDetails` -- validates run details (builder, metadata, byproducts).
  - `.Level` -- validates SLSA level requirements (L1-L4 compliance checks).
  - `.Helpers` -- validation helper utilities.
- **SLSA Validation Result**: `Validation/SlsaValidationResult.cs` -- result model with pass/fail and detailed errors.
- **SPDX3 Build Attestation**: `__Libraries/StellaOps.Attestor.Spdx3/BuildAttestationMapper.cs` (with `.MapFromSpdx3`, `.MapToSpdx3`) -- maps SLSA provenance to/from SPDX3 build profiles.
- **Build Models**: `__Libraries/StellaOps.Attestor.Spdx3/BuildAttestationPayload.cs`, `BuildInvocation.cs`, `BuildMaterial.cs`, `BuildMetadata.cs` -- build attestation models.
- **Tests**: `__Tests/StellaOps.Attestor.StandardPredicates.Tests/SlsaSchemaValidatorTests.cs`

## E2E Test Plan
- [ ] Parse a SLSA v1 provenance JSON via `SlsaProvenancePredicateParser` and verify builder, build type, and materials are extracted
- [ ] Validate provenance via `SlsaSchemaValidator` and verify it passes for a valid SLSA L2 provenance
- [ ] Validate build definition via `.BuildDefinition` and verify build type, external parameters, and resolved dependencies
- [ ] Validate run details via `.RunDetails` and verify builder identity and metadata
- [ ] Check SLSA level via `.Level` and verify L1-L4 compliance (e.g., L3 requires hermetic build)
- [ ] Validate invalid provenance (missing buildDefinition) and verify `SlsaValidationResult` contains specific errors
- [ ] Map SLSA provenance to SPDX3 via `BuildAttestationMapper.MapToSpdx3` and verify build material tracking
- [ ] Verify `BuildMaterial` captures name, URI, and digest for each build input