From ed9ea0a9b2741d148b25c78d4b4fea00187e7c9d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 6 Mar 2026 21:42:57 +0000
Subject: [PATCH 1/2] Initial plan


From 25afcabac30ae8ea0947d7b3d394e3f1f34f596b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 6 Mar 2026 21:53:02 +0000
Subject: [PATCH 2/2] Sync with TemplateDotNetLibrary: macOS support,
 Continuous Compliance docs, question issue template, agent selection guide,
 CodeQL build-mode

Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com>
---
 .github/ISSUE_TEMPLATE/question.yml | 82 +++++++++++++++++++++++++++++
 .github/workflows/build.yaml        |  7 +--
 AGENTS.md                           | 15 +++++-
 README.md                           |  3 ++
 docs/guide/guide.md                 | 15 ++++++
 requirements.yaml                   | 10 ++++
 6 files changed, 128 insertions(+), 4 deletions(-)
 create mode 100644 .github/ISSUE_TEMPLATE/question.yml

diff --git a/.github/ISSUE_TEMPLATE/question.yml b/.github/ISSUE_TEMPLATE/question.yml
new file mode 100644
index 0000000..7c301a3
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/question.yml
@@ -0,0 +1,82 @@
+---
+name: ❓ Question / Help
+description: Ask a usage question or get help with the SpdxModel
+title: "[Question]: "
+labels: ["question"]
+assignees: []
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reaching out! Please fill out the sections below so we can help you as quickly as possible.
+        For general discussion, you can also use
+        [GitHub Discussions](https://github.com/demaconsulting/SpdxModel/discussions).
+
+  - type: textarea
+    id: question
+    attributes:
+      label: Question
+      description: A clear and concise description of what you need help with.
+      placeholder: What would you like to know or understand?
+    validations:
+      required: true
+
+  - type: textarea
+    id: what-tried
+    attributes:
+      label: What Have You Tried?
+      description: Describe what you have already attempted, including any code or configuration you have used.
+      placeholder: |
+        ```csharp
+        // Your code here
+        ```
+      render: csharp
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Outcome
+      description: A clear and concise description of what you expected to happen or what you are trying to achieve.
+      placeholder: Describe the outcome you are looking for...
+    validations:
+      required: true
+
+  - type: input
+    id: version
+    attributes:
+      label: Library Version
+      description: What version of DemaConsulting.SpdxModel are you using?
+      placeholder: e.g., 1.0.0
+    validations:
+      required: true
+
+  - type: dropdown
+    id: dotnet-version
+    attributes:
+      label: .NET Version
+      description: What version of .NET are you using?
+      options:
+        - ".NET 8"
+        - ".NET 9"
+        - ".NET 10"
+        - Other (please specify in additional context)
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: Add any other context, screenshots, or links that may help answer your question.
+      placeholder: Any additional information...
+
+  - type: checkboxes
+    id: checklist
+    attributes:
+      label: Checklist
+      description: Please confirm the following
+      options:
+        - label: I have searched existing issues and discussions to ensure this has not been answered before
+          required: true
+        - label: I have provided a clear description of my question
+          required: true
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index c9de0e4..4bc4451 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -101,7 +101,7 @@ jobs:
 
     strategy:
       matrix:
-        os: [windows-latest, ubuntu-latest]
+        os: [windows-latest, ubuntu-latest, macos-latest]
 
     runs-on: ${{ matrix.os }}
 
@@ -137,8 +137,8 @@ jobs:
         run: |
           mkdir -p artifacts
           echo "Capturing tool versions..."
-          # Create short job ID: build-win, build-ubuntu
-          OS_SHORT=$(echo "${{ matrix.os }}" | sed 's/windows-latest/win/;s/ubuntu-latest/ubuntu/')
+          # Create short job ID: build-windows, build-ubuntu, build-macos
+          OS_SHORT=$(echo "${{ matrix.os }}" | sed 's/-latest//')
           JOB_ID="build-${OS_SHORT}"
           dotnet versionmark --capture --job-id "${JOB_ID}" \
             --output "artifacts/versionmark-${JOB_ID}.json" -- \
@@ -252,6 +252,7 @@ jobs:
         uses: github/codeql-action/init@v4
         with:
           languages: csharp
+          build-mode: manual
           queries: security-and-quality
           config-file: ./.github/codeql-config.yml
 
diff --git a/AGENTS.md b/AGENTS.md
index 0d839d1..dfb78ec 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -13,6 +13,18 @@ and deserializing SPDX SBOMs into an in-memory representation.
 - **Repo Consistency Agent** - Ensures SpdxModel remains consistent with the
   [TemplateDotNetLibrary](https://github.com/demaconsulting/TemplateDotNetLibrary) template patterns
 
+## Agent Selection Guide
+
+- Fix a bug → **Software Developer**
+- Add a new feature → **Requirements Agent** → **Software Developer** → **Test Developer**
+- Write a test → **Test Developer**
+- Fix linting or static analysis issues → **Code Quality Agent**
+- Update documentation → **Technical Writer**
+- Add or update requirements → **Requirements Agent**
+- Ensure test coverage linkage in `requirements.yaml` → **Requirements Agent**
+- Run security scanning or address CodeQL alerts → **Code Quality Agent**
+- Propagate template changes → **Repo Consistency Agent**
+
 ## Tech Stack
 
 - C# 12, .NET 8.0/9.0/10.0, dotnet CLI, NuGet
@@ -38,6 +50,7 @@ evidence. This is critical for platform and framework requirements - **do not re
 
 - `windows@TestName` - proves the test passed on a Windows platform
 - `ubuntu@TestName` - proves the test passed on a Linux (Ubuntu) platform
+- `macos@TestName` - proves the test passed on a macOS platform
 - `net8.0@TestName` - proves the test passed under the .NET 8 runtime
 - `net9.0@TestName` - proves the test passed under the .NET 9 runtime
 - `net10.0@TestName` - proves the test passed under the .NET 10 runtime
@@ -91,7 +104,7 @@ dotnet test --configuration Release
 ## CI/CD
 
 - **Quality Checks**: Markdown lint, spell check, YAML lint
-- **Build**: Multi-platform .NET 8/9/10
+- **Build**: Multi-platform (Windows/Linux/macOS) .NET 8/9/10
 - **CodeQL**: Security scanning
 - **SonarCloud**: Code quality analysis
 
diff --git a/README.md b/README.md
index 06234e5..c406b27 100644
--- a/README.md
+++ b/README.md
@@ -20,8 +20,11 @@ comprehensive in-memory model for reading, manipulating, and writing SPDX Softwa
 - 🎯 **Type-Safe** - Strongly-typed C# API with nullable reference types
 - 🔍 **Transform Support** - Built-in utilities for manipulating SPDX relationships
 - ⚡ **Multi-Target** - Supports .NET 8, 9, and 10
+- 🖥️ **Multi-Platform** - Builds and runs on Windows, Linux, and macOS
 - 🧪 **Well-Tested** - Comprehensive test suite with high code coverage
 - 📚 **Well-Documented** - XML documentation for all public APIs
+- 🔒 **Continuous Compliance** - Compliance evidence generated automatically on every CI run, following
+  the [Continuous Compliance](https://github.com/demaconsulting/ContinuousCompliance) methodology
 
 ## Installation
 
diff --git a/docs/guide/guide.md b/docs/guide/guide.md
index 8078044..e248a84 100644
--- a/docs/guide/guide.md
+++ b/docs/guide/guide.md
@@ -36,6 +36,20 @@ The library fully supports the following SPDX specifications:
 - **SPDX 2.2**: Full support for SPDX 2.2 specification
 - **SPDX 2.3**: Full support for SPDX 2.3 specification
 
+# Continuous Compliance
+
+This library follows the [Continuous Compliance][continuous-compliance] methodology, which ensures
+compliance evidence is generated automatically on every CI run.
+
+## Key Practices
+
+- **Requirements Traceability**: Every requirement is linked to passing tests, and a trace matrix is
+  auto-generated on each release
+- **Linting Enforcement**: markdownlint, cspell, and yamllint are enforced before any build proceeds
+- **Automated Audit Documentation**: Each release ships with generated requirements, justifications,
+  trace matrix, and quality reports
+- **CodeQL and SonarCloud**: Security and quality analysis runs on every build
+
 # Installation
 
 ## Prerequisites
@@ -668,3 +682,4 @@ Made with ❤️ by [DEMA Consulting][dema-consulting]
 [github-issues]: https://github.com/demaconsulting/SpdxModel/issues
 [github-discussions]: https://github.com/demaconsulting/SpdxModel/discussions
 [dema-consulting]: https://github.com/demaconsulting
+[continuous-compliance]: https://github.com/demaconsulting/ContinuousCompliance
diff --git a/requirements.yaml b/requirements.yaml
index 8acef05..6fa3242 100644
--- a/requirements.yaml
+++ b/requirements.yaml
@@ -279,6 +279,16 @@ sections:
 
       - title: Platform Requirements
         requirements:
+          - id: SpdxModel-Plt-MacOS
+            title: The library shall build and run on macOS platforms.
+            tags:
+              - platform
+            justification: |
+              DEMA Consulting libraries must support macOS for developers using Apple platforms.
+            tests:
+              # Tests link to "macos" to ensure results come from macOS platform
+              - "macos@Spdx2JsonDeserializer_Deserialize_ValidSpdx22JsonReturnsExpectedDocument"
+
           - id: SpdxModel-Plt-Net8
             title: The library shall support .NET 8 runtime.
             tags: