fix: A2ML TOML-like format support, manifest lookup, and language detection

- Parser now handles both S-expression and TOML-like [section] A2ML formats
- Manifest lookup tries 0-AI-MANIFEST.a2ml first, falls back to AI.a2ml
- Language detection skips external_corpora/, third_party/, corpus/ directories
- Justfile renamed to capital-J (RSR standard)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: hyperpolymath

.claude/CLAUDE.md

@@ -63,7 +63,7 @@ src/
 │   ├── reachability.rs  # Import scanning for phantom dependency detection
 │   ├── classify.rs      # Three-way classification: Mitigable/Unmitigable/Informational
 │   └── registry.rs      # Mitigation lifecycle registry (JSON persistence)
-├── a2ml/                # AI manifest protocol
+├── a2ml/                # AI manifest protocol (TOML-like format support, 0-AI-MANIFEST.a2ml priority lookup)
 ├── panll/               # PanLL event-chain export
 ├── storage/             # Filesystem + VerisimDB persistence
 ├── i18n/                # Multi-language support (ISO 639-1, 10 languages)
@@ -90,7 +90,7 @@ cp target/release/panic-attack ~/.asdf/installs/rust/nightly/bin/
 
 - **47 language analyzers**: Rust, C/C++, Go, Python, JavaScript, Ruby, Elixir, Erlang, Gleam, ReScript, OCaml, SML, Scheme, Racket, Haskell, PureScript, Idris, Lean, Agda, Prolog, Logtalk, Datalog, Zig, Ada, Odin, Nim, Pony, D, Nickel, Nix, Shell, Julia, Lua, + 12 nextgen DSLs
 - **20 weak point categories**: UnsafeCode, PanicPath, CommandInjection, UnsafeDeserialization, AtomExhaustion, UnsafeFFI, PathTraversal, HardcodedSecret, etc.
-- **Per-file language detection**: Each file analyzed with its own language-specific patterns
+- **Per-file language detection**: Each file analyzed with its own language-specific patterns. Skips `external_corpora/`, `third_party/`, and `corpus/` directories
 - **miniKanren logic engine**: Relational reasoning for taint analysis, cross-language vulnerability chains, and search strategy optimisation
 - **Latin-1 fallback**: Non-UTF-8 files handled gracefully
 - **JSON output**: Machine-readable for pipeline integration

.machine_readable/6a2/STATE.a2ml

@@ -5,10 +5,15 @@
 [metadata]
 project = "panic-attacker"
 version = "0.1.0"
-last-updated = "2026-03-15"
+last-updated = "2026-03-23"
 status = "active"
 
 [project-context]
 name = "panic-attacker"
 completion-percentage = 0
 phase = "In development"
+
+[fixes-2026-03-23]
+a2ml-parser = "Now handles TOML-like format in addition to S-expression format"
+manifest-lookup = "Tries 0-AI-MANIFEST.a2ml first, then falls back to AI.a2ml"
+language-detection = "Skips external_corpora/, third_party/, and corpus/ directories during scanning"

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [2.0.0+] - 2026-03-23
+
+### Fixed
+- **A2ML parser**: Now handles TOML-like format (key = "value") in addition to S-expression format
+- **Manifest lookup**: Tries `0-AI-MANIFEST.a2ml` first before falling back to `AI.a2ml`
+- **Language detection**: Skips `external_corpora/`, `third_party/`, and `corpus/` directories to avoid false positives from vendored or reference text
+
 ## [2.0.0+] - 2026-03-01
 
 ### Added

justfile Justfilejustfile renamed to Justfile

@@ -152,26 +152,120 @@ impl Default for Manifest {
 
 impl Manifest {
     pub fn load_default() -> Result<Self> {
-        let path = PathBuf::from("AI.a2ml");
-        Self::load(&path)
+        // Try RSR standard name first, then legacy name
+        let candidates = [
+            PathBuf::from("0-AI-MANIFEST.a2ml"),
+            PathBuf::from("AI.a2ml"),
+        ];
+        for path in &candidates {
+            if path.exists() {
+                return Self::load(path);
+            }
+        }
+        // Fall through with the primary name for a clear error message
+        Self::load(&candidates[0])
     }
 
     pub fn load(path: &Path) -> Result<Self> {
         let raw = fs::read_to_string(path)
             .with_context(|| format!("reading A2ML manifest {}", path.display()))?;
-        let mut parser = Parser::new(&raw);
-        let tree = parser.parse_all()?;
-        if let Sexpr::List(mut items) = tree {
-            if let Some(Sexpr::Atom(root)) = items.first() {
-                let root_name = root.clone();
-                items.remove(0);
-                return Ok(Self {
-                    root_name,
-                    entries: items,
-                });
+
+        // Detect format: TOML-like ([sections]) vs S-expression ((manifest ...))
+        let trimmed = raw.trim_start();
+        let first_meaningful = trimmed
+            .lines()
+            .find(|line| {
+                let l = line.trim();
+                !l.is_empty() && !l.starts_with('#')
+            })
+            .unwrap_or("");
+
+        if first_meaningful.trim().starts_with('[') {
+            // TOML-like A2ML format — parse sections into S-expression tree
+            Self::parse_toml_like(&raw)
+        } else {
+            // Classic S-expression format
+            let mut parser = Parser::new(&raw);
+            let tree = parser.parse_all()?;
+            if let Sexpr::List(mut items) = tree {
+                if let Some(Sexpr::Atom(root)) = items.first() {
+                    let root_name = root.clone();
+                    items.remove(0);
+                    return Ok(Self {
+                        root_name,
+                        entries: items,
+                    });
+                }
             }
+            Err(anyhow!("unexpected A2ML manifest structure"))
         }
-        Err(anyhow!("unexpected A2ML manifest structure"))
+    }
+
+    /// Parse TOML-like A2ML format into the same internal structure
+    fn parse_toml_like(raw: &str) -> Result<Self> {
+        let mut root_name = "manifest".to_string();
+        let mut sections: Vec<(String, Vec<(String, String)>)> = Vec::new();
+        let mut current_section: Option<(String, Vec<(String, String)>)> = None;
+
+        for line in raw.lines() {
+            let trimmed = line.trim();
+            if trimmed.is_empty() || trimmed.starts_with('#') {
+                continue;
+            }
+
+            if trimmed.starts_with('[') && trimmed.ends_with(']') {
+                // Section header
+                if let Some(section) = current_section.take() {
+                    sections.push(section);
+                }
+                let name = trimmed[1..trimmed.len() - 1].trim().to_string();
+                current_section = Some((name, Vec::new()));
+            } else if let Some(eq_pos) = trimmed.find('=') {
+                // Key = value pair
+                let key = trimmed[..eq_pos].trim().to_string();
+                let mut value = trimmed[eq_pos + 1..].trim().to_string();
+                // Strip surrounding quotes
+                if value.starts_with('"') && value.ends_with('"') && value.len() >= 2 {
+                    value = value[1..value.len() - 1].to_string();
+                }
+                // Strip inline comments
+                if let Some(comment_pos) = value.find(" #") {
+                    value = value[..comment_pos].trim().to_string();
+                }
+                if let Some(ref mut section) = current_section {
+                    section.1.push((key, value));
+                }
+            }
+            // Arrays ([...]) are skipped for now — not needed for manifest lookup
+        }
+        if let Some(section) = current_section {
+            sections.push(section);
+        }
+
+        // Find the root name from the first section (typically [manifest])
+        if let Some((name, _)) = sections.first() {
+            root_name = name.clone();
+        }
+
+        // Convert sections into Sexpr tree
+        let entries: Vec<Sexpr> = sections
+            .into_iter()
+            .map(|(name, pairs)| {
+                let mut list = vec![Sexpr::Atom(name)];
+                for (k, v) in pairs {
+                    list.push(Sexpr::List(vec![
+                        Sexpr::Atom(k),
+                        Sexpr::String(v),
+                    ]));
+                }
+                Sexpr::List(list)
+            })
+            .collect();
+
+        Ok(Self {
+            root_name,
+            entries,
+        })
     }
 
     pub fn report_formats(&self) -> Vec<ReportOutputFormat> {

src/a2ml/mod.rs

@@ -679,6 +679,13 @@ impl Analyzer {
                         "zig-cache",
                         "zig-out",
                         "ebin",
+                        "external_corpora",
+                        "third_party",
+                        "testdata",
+                        "test_fixtures",
+                        "fixtures",
+                        "corpus",
+                        "corpora",
                     ]
                     .contains(&name_str)
                 {

src/assail/analyzer.rs

@@ -1035,7 +1035,7 @@ fn run_main() -> Result<()> {
     let manifest = match Manifest::load_default() {
         Ok(manifest) => manifest,
         Err(err) => {
-            eprintln!("warning: failed to read AI.a2ml: {}", err);
+            eprintln!("warning: failed to read AI manifest: {}", err);
             Manifest::default()
         }
     };
@@ -1660,7 +1660,13 @@ fn run_main() -> Result<()> {
         }
 
         Commands::Manifest { path, output } => {
-            let target = path.unwrap_or_else(|| PathBuf::from("AI.a2ml"));
+            let target = path.unwrap_or_else(|| {
+                if PathBuf::from("0-AI-MANIFEST.a2ml").exists() {
+                    PathBuf::from("0-AI-MANIFEST.a2ml")
+                } else {
+                    PathBuf::from("AI.a2ml")
+                }
+            });
             let manifest = Manifest::load(&target).unwrap_or_default();
             let nickel = manifest.to_nickel();
             if let Some(output_path) = output {