Add comprehensive code quality infrastructure and documentation

.cspell.json

@@ -0,0 +1,64 @@
+{
+  "version": "0.2",
+  "language": "en",
+  "words": [
+    "SPDX",
+    "SBOM",
+    "Dema",
+    "DemaConsulting",
+    "dotnet",
+    "dotnettool",
+    "nuget",
+    "csproj",
+    "MSTest",
+    "YamlDotNet",
+    "SpdxModel",
+    "SpdxTool",
+    "trx",
+    "json",
+    "yaml",
+    "mermaid",
+    "purl",
+    "ntia",
+    "Sonar",
+    "SonarCloud",
+    "SonarAnalyzer",
+    "editorconfig",
+    "gitignore",
+    "nupkg",
+    "snupkg",
+    "wildcards",
+    "SPDXID",
+    "NOASSERTION",
+    "declaredat"
+  ],
+  "ignoreWords": [
+    "demaconsulting"
+  ],
+  "ignorePaths": [
+    "node_modules/**",
+    ".git/**",
+    "bin/**",
+    "obj/**",
+    "*.min.js",
+    "*.min.css",
+    "package-lock.json",
+    ".vs/**",
+    ".vscode/**",
+    "coverage/**",
+    "TestResults/**"
+  ],
+  "flagWords": [],
+  "patterns": [
+    {
+      "name": "Markdown links",
+      "pattern": "\\[.*?\\]\\(.*?\\)",
+      "description": "Ignore markdown links"
+    },
+    {
+      "name": "Inline code",
+      "pattern": "`[^`]*`",
+      "description": "Ignore inline code blocks"
+    }
+  ]
+}

.editorconfig

@@ -0,0 +1,203 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# All files
+[*]
+charset = utf-8
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+# Code files
+[*.{cs,csx,vb,vbx}]
+indent_size = 4
+
+# XML project files
+[*.{csproj,vbproj,vcxproj,vcxproj.filters,proj,projitems,shproj}]
+indent_size = 2
+
+# XML config files
+[*.{props,targets,ruleset,config,nuspec,resx,vsixmanifest,vsct}]
+indent_size = 2
+
+# JSON files
+[*.json]
+indent_size = 2
+
+# YAML files
+[*.{yml,yaml}]
+indent_size = 2
+
+# Markdown files
+[*.md]
+trim_trailing_whitespace = false
+
+# Dotnet code style settings:
+[*.{cs,vb}]
+
+# Sort using and Import directives with System.* appearing first
+dotnet_sort_system_directives_first = true
+dotnet_separate_import_directive_groups = false
+
+# Avoid "this." and "Me." if not necessary
+dotnet_style_qualification_for_field = false:suggestion
+dotnet_style_qualification_for_property = false:suggestion
+dotnet_style_qualification_for_method = false:suggestion
+dotnet_style_qualification_for_event = false:suggestion
+
+# Use language keywords instead of framework type names for type references
+dotnet_style_predefined_type_for_locals_parameters_members = true:suggestion
+dotnet_style_predefined_type_for_member_access = true:suggestion
+
+# Suggest more modern language features when available
+dotnet_style_object_initializer = true:suggestion
+dotnet_style_collection_initializer = true:suggestion
+dotnet_style_coalesce_expression = true:suggestion
+dotnet_style_null_propagation = true:suggestion
+dotnet_style_explicit_tuple_names = true:suggestion
+dotnet_style_prefer_inferred_tuple_names = true:suggestion
+dotnet_style_prefer_inferred_anonymous_type_member_names = true:suggestion
+dotnet_style_prefer_auto_properties = true:suggestion
+dotnet_style_prefer_conditional_expression_over_return = false:silent
+dotnet_style_prefer_conditional_expression_over_assignment = false:silent
+dotnet_style_prefer_compound_assignment = true:suggestion
+
+# Naming Conventions
+dotnet_naming_rule.interfaces_should_be_prefixed_with_i.severity = warning
+dotnet_naming_rule.interfaces_should_be_prefixed_with_i.symbols = interface
+dotnet_naming_rule.interfaces_should_be_prefixed_with_i.style = begins_with_i
+
+dotnet_naming_rule.types_should_be_pascal_case.severity = warning
+dotnet_naming_rule.types_should_be_pascal_case.symbols = types
+dotnet_naming_rule.types_should_be_pascal_case.style = pascal_case
+
+dotnet_naming_rule.non_field_members_should_be_pascal_case.severity = warning
+dotnet_naming_rule.non_field_members_should_be_pascal_case.symbols = non_field_members
+dotnet_naming_rule.non_field_members_should_be_pascal_case.style = pascal_case
+
+# Symbol specifications
+dotnet_naming_symbols.interface.applicable_kinds = interface
+dotnet_naming_symbols.interface.applicable_accessibilities = public, internal, private, protected, protected_internal, private_protected
+dotnet_naming_symbols.interface.required_modifiers = 
+
+dotnet_naming_symbols.types.applicable_kinds = class, struct, interface, enum
+dotnet_naming_symbols.types.applicable_accessibilities = public, internal, private, protected, protected_internal, private_protected
+dotnet_naming_symbols.types.required_modifiers = 
+
+dotnet_naming_symbols.non_field_members.applicable_kinds = property, event, method
+dotnet_naming_symbols.non_field_members.applicable_accessibilities = public, internal, private, protected, protected_internal, private_protected
+dotnet_naming_symbols.non_field_members.required_modifiers = 
+
+# Naming styles
+dotnet_naming_style.pascal_case.required_prefix = 
+dotnet_naming_style.pascal_case.required_suffix = 
+dotnet_naming_style.pascal_case.word_separator = 
+dotnet_naming_style.pascal_case.capitalization = pascal_case
+
+dotnet_naming_style.begins_with_i.required_prefix = I
+dotnet_naming_style.begins_with_i.required_suffix = 
+dotnet_naming_style.begins_with_i.word_separator = 
+dotnet_naming_style.begins_with_i.capitalization = pascal_case
+
+# CSharp code style settings:
+[*.cs]
+# Newline settings
+csharp_new_line_before_open_brace = all
+csharp_new_line_before_else = true
+csharp_new_line_before_catch = true
+csharp_new_line_before_finally = true
+csharp_new_line_before_members_in_object_initializers = true
+csharp_new_line_before_members_in_anonymous_types = true
+csharp_new_line_between_query_expression_clauses = true
+
+# Indentation preferences
+csharp_indent_case_contents = true
+csharp_indent_switch_labels = true
+csharp_indent_labels = flush_left
+csharp_indent_block_contents = true
+csharp_indent_braces = false
+csharp_indent_case_contents_when_block = false
+
+# Space preferences
+csharp_space_after_cast = false
+csharp_space_after_keywords_in_control_flow_statements = true
+csharp_space_between_method_call_parameter_list_parentheses = false
+csharp_space_between_method_declaration_parameter_list_parentheses = false
+csharp_space_between_parentheses = false
+csharp_space_before_colon_in_inheritance_clause = true
+csharp_space_after_colon_in_inheritance_clause = true
+csharp_space_around_binary_operators = before_and_after
+csharp_space_between_method_declaration_empty_parameter_list_parentheses = false
+csharp_space_between_method_call_name_and_opening_parenthesis = false
+csharp_space_between_method_call_empty_parameter_list_parentheses = false
+
+# Wrapping preferences
+csharp_preserve_single_line_statements = false
+csharp_preserve_single_line_blocks = true
+
+# Prefer "var" everywhere
+csharp_style_var_for_built_in_types = true:suggestion
+csharp_style_var_when_type_is_apparent = true:suggestion
+csharp_style_var_elsewhere = true:suggestion
+
+# Prefer method-like constructs to have a block body
+csharp_style_expression_bodied_methods = false:none
+csharp_style_expression_bodied_constructors = false:none
+csharp_style_expression_bodied_operators = false:none
+
+# Prefer property-like constructs to have an expression-body
+csharp_style_expression_bodied_properties = true:suggestion
+csharp_style_expression_bodied_indexers = true:suggestion
+csharp_style_expression_bodied_accessors = true:suggestion
+
+# Suggest more modern language features when available
+csharp_style_pattern_matching_over_is_with_cast_check = true:suggestion
+csharp_style_pattern_matching_over_as_with_null_check = true:suggestion
+csharp_style_inlined_variable_declaration = true:suggestion
+csharp_style_throw_expression = true:suggestion
+csharp_style_conditional_delegate_call = true:suggestion
+csharp_prefer_simple_default_expression = true:suggestion
+csharp_style_prefer_local_over_anonymous_function = true:suggestion
+csharp_style_prefer_index_operator = true:suggestion
+csharp_style_prefer_range_operator = true:suggestion
+csharp_style_implicit_object_creation_when_type_is_apparent = true:suggestion
+csharp_style_prefer_tuple_swap = true:suggestion
+csharp_style_deconstructed_variable_declaration = true:suggestion
+csharp_style_unused_value_assignment_preference = discard_variable:suggestion
+csharp_style_unused_value_expression_statement_preference = discard_variable:silent
+
+# Code block preferences
+csharp_prefer_braces = true:suggestion
+csharp_prefer_simple_using_statement = true:suggestion
+
+# Using directive preferences
+csharp_using_directive_placement = outside_namespace:warning
+
+# Code quality rules
+dotnet_code_quality_unused_parameters = all:suggestion
+
+# Suppress specific CA rules
+dotnet_diagnostic.CA1303.severity = none  # Do not pass literals as localized parameters (not localizing)
+dotnet_diagnostic.CA2007.severity = none  # Do not directly await a Task (library code, not UI)
+dotnet_diagnostic.CA1062.severity = none  # Validate arguments of public methods (nullable context handles this)
+dotnet_diagnostic.CA1031.severity = none  # Do not catch general exception types (needed for top-level error handling)
+dotnet_diagnostic.CA1716.severity = none  # Identifiers should not match keywords (existing API)
+dotnet_diagnostic.CA1310.severity = none  # Specify StringComparison for correctness (to be fixed incrementally)
+dotnet_diagnostic.CA1305.severity = none  # Specify IFormatProvider (not localizing)
+dotnet_diagnostic.CA1307.severity = none  # Specify StringComparison for string methods (to be fixed incrementally)
+dotnet_diagnostic.CA1308.severity = none  # Normalize to uppercase (existing behavior, not security critical)
+dotnet_diagnostic.CA1515.severity = none  # Make types internal (public API by design)
+dotnet_diagnostic.CA1054.severity = none  # URI parameters should not be strings (existing API)
+dotnet_diagnostic.CA1872.severity = none  # Use modern API (to be evaluated for .NET compatibility)
+dotnet_diagnostic.CA2000.severity = none  # Dispose objects before losing scope (HttpClient handles disposal)
+dotnet_diagnostic.CA1707.severity = none  # Identifiers should not contain underscores (test naming convention)
+dotnet_diagnostic.CA1819.severity = none  # Properties should not return arrays (existing API, immutable)
+dotnet_diagnostic.CA1032.severity = none  # Exception constructors (simplified exceptions)
+dotnet_diagnostic.CA2234.severity = none  # Pass System.Uri instead of string (existing API)
+dotnet_diagnostic.CA5399.severity = none  # Enable certificate revocation check (to be evaluated separately)
+
+# Suppress warnings for generated code
+[**/obj/**/*.cs]
+generated_code = true

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,52 @@
+---
+name: Bug Report
+about: Create a report to help us improve
+title: '[BUG] '
+labels: bug
+assignees: ''
+---
+
+## Describe the Bug
+
+A clear and concise description of what the bug is.
+
+## To Reproduce
+
+Steps to reproduce the behavior:
+
+1. Run command '...'
+2. With arguments '...'
+3. See error
+
+## Expected Behavior
+
+A clear and concise description of what you expected to happen.
+
+## Actual Behavior
+
+What actually happened, including any error messages.
+
+## Environment
+
+- OS: [e.g. Windows 11, Ubuntu 22.04, macOS 14]
+- .NET Version: [e.g. 8.0, 9.0, 10.0]
+- SpdxTool Version: [e.g. 0.1.0]
+
+## SPDX Document
+
+If applicable, attach or provide a minimal SPDX document that reproduces the issue.
+
+```json
+{
+  "spdxVersion": "SPDX-2.3",
+  ...
+}
+```
+
+## Additional Context
+
+Add any other context about the problem here.
+
+## Possible Solution
+
+If you have suggestions on how to fix the bug, describe them here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,35 @@
+---
+name: Feature Request
+about: Suggest an idea for this project
+title: '[FEATURE] '
+labels: enhancement
+assignees: ''
+---
+
+## Problem Statement
+
+Is your feature request related to a problem? Please describe.
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+## Proposed Solution
+
+A clear and concise description of what you want to happen.
+
+## Use Cases
+
+Describe specific use cases where this feature would be beneficial:
+
+1. Use case 1: ...
+2. Use case 2: ...
+
+## Alternative Solutions
+
+A clear and concise description of any alternative solutions or features you've considered.
+
+## Additional Context
+
+Add any other context, mockups, or screenshots about the feature request here.
+
+## Implementation Ideas
+
+If you have thoughts on how this could be implemented, describe them here.

.github/dependabot.yml

@@ -0,0 +1,34 @@
+# Dependabot configuration for automatic dependency updates
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # Update NuGet packages weekly
+  - package-ecosystem: "nuget"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+      - "nuget"
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+
+  # Update GitHub Actions weekly
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+      include: "scope"