Week 1 Meetings and Activities

Weekly Project Sync Meeting 1

(May 26, 2026)

Discussed the first implementation phase for SPDX license expression support.
Reviewed the shared parser contract idea and how it should define a common grammar, AST format, canonical behavior, and test corpus.
Discussed why the scanner-side parser should be implemented in C, since Nomos is written in C and OJO can consume a C parser from its C++ code.
Planned the initial integration with OJO because OJO already scans SPDX-License-Identifier style declarations.
Discussed how OJO should treat expressions such as MIT OR Apache-2.0 as one scanner finding instead of splitting them into individual license findings.
Reviewed how the parser output should be adapted temporarily to the existing license expression storage format used by the current branch.

Created a shared SPDX expression parser contract for FOSSology.
Defined the shared grammar for SPDX expressions, including AND, OR, WITH, parentheses, LicenseRef, DocumentRef, NONE, and NOASSERTION.
Added a shared AST schema to describe the expected parser output.
Added a shared parser test corpus with valid and invalid SPDX expression examples.
Implemented the native C parser based on the shared contract.
Integrated the C parser with OJO.
Updated OJO so that valid complex SPDX expressions are emitted as expression findings instead of only separate license member findings.
Added a temporary compatibility conversion from the shared parser AST to the existing expression AST format used by the current database/UI code.
Added and updated scanner tests to verify OJO expression parsing behavior.

Extend the same native C parser integration to Nomos.
Ensure OJO and Nomos produce consistent results for the same structured SPDX expression.
Add suppression logic in Nomos so expression member licenses are not reported separately when they come from an already handled SPDX expression range.
Continue validating the scanner behavior through local uploads and UI inspection.