Week 2 Meetings and Activities

Weekly Project Sync Meeting 2

(June 02, 2026)

Attendees

• Ayushmaan
• Shaheem Azmal M MD
• Kaushlendra Pratap
• Sushant

Discussion

• Discussed extending the shared C SPDX expression parser integration from OJO to Nomos.
• Reviewed the conflict where OJO can report a full expression such as MIT OR Apache-2.0, while Nomos may report the expression members as separate license findings.
• Discussed adding a Nomos pre-scan step for structured SPDX-License-Identifier expressions before the normal Nomos heuristic scanning flow.
• Planned masking of accepted expression ranges in a temporary working copy so existing Nomos checks do not report duplicate member-license findings.
• Discussed how Nomos expression findings should be stored through the current license expression database model.
• Explored a possible future enhancement for detecting high-confidence natural-language license expression statements in Nomos.
• Decided to keep natural-language expression inference as a future extension because incorrect inference may affect legal interpretation.

Activities Done in Week 02

• Integrated the shared native C SPDX expression parser with Nomos.
• Added a Nomos SPDX expression pre-scan step for structured SPDX-License-Identifier style declarations.
• Implemented expression candidate extraction in Nomos and passed extracted candidates to the shared parser.
• Added logic to accept only valid complex SPDX expressions before recording them as expression findings.
• Implemented range masking on a copied working buffer so that normal Nomos license detection does not produce duplicate member-license findings from the same SPDX expression.
• Added Nomos-side expression result handling so expression findings can be stored using the current license expression database model.
• Added compatibility conversion from the shared parser AST to the existing expression AST format.
• Added focused Nomos tests for expression pre-scan behavior, invalid expressions, and parenthesized expressions.
• Verified that OJO and Nomos now produce consistent results for structured SPDX expressions such as MIT OR Apache-2.0, MIT AND BSD-2-Clause, GPL-2.0-only WITH Classpath-exception-2.0, (MIT OR Apache-2.0) AND BSD-2-Clause, and MIT OR (Apache-2.0 AND BSD-2-Clause).
• Investigated FOSSology result reuse behavior when uploading files with identical content and confirmed that stale scanner rows can appear if the same pfile_fk and agent revision are reused.
• Explored heuristic natural-language expression detection patterns for Nomos, but kept this as a future enhancement instead of adding it immediately.

Next Steps

• Continue validating OJO and Nomos expression behavior through UI uploads and database inspection.
• Improve UI/API support for license expressions and identify remaining display/counting issues.
• Review report-generation behavior to ensure SPDX expressions are exported correctly.
• Plan future PHP parser alignment with the shared parser contract.
• Keep natural-language expression inference as a future, conservative enhancement requiring maintainer approval and strong regression tests.