Perfect! I have all the information you requested. Here's my findings:

## Organization README Location

Found at: `/Users/andrew/code/git-pkgs/.github/profile/README.md`

The organization README describes git-pkgs as a tool that tracks package dependencies across git history, working with 35+ package managers.

## All Directories in /Users/andrew/code/git-pkgs/

- .claude
- .github (contains the organization profile)
- .DS_Store
- archives
- changelog
- demo
- enrichment
- foo2nix
- forges
- git-pkgs
- gitignore
- gittuf.md
- homebrew-git-pkgs
- managers
- manifests
- orgs
- platforms
- proxy
- purl
- registries
- resolve
- roadmap.md
- spdx
- testing
- vers
- vulns
- website

## Go Module Repositories

All 20 directories have go.mod files with the following module names:

1. `/Users/andrew/code/git-pkgs/vers/go.mod` - `github.com/git-pkgs/vers`
2. `/Users/andrew/code/git-pkgs/platforms/go.mod` - `github.com/git-pkgs/platforms`
3. `/Users/andrew/code/git-pkgs/registries/go.mod` - `github.com/git-pkgs/registries`
4. `/Users/andrew/code/git-pkgs/proxy/go.mod` - `github.com/git-pkgs/proxy`
5. `/Users/andrew/code/git-pkgs/resolve/go.mod` - `github.com/git-pkgs/resolve`
6. `/Users/andrew/code/git-pkgs/changelog/go.mod` - `github.com/git-pkgs/changelog`
7. `/Users/andrew/code/git-pkgs/managers/go.mod` - `github.com/git-pkgs/managers`
8. `/Users/andrew/code/git-pkgs/website/go.mod` - `github.com/git-pkgs/website`
9. `/Users/andrew/code/git-pkgs/archives/go.mod` - `github.com/git-pkgs/archives`
10. `/Users/andrew/code/git-pkgs/vulns/go.mod` - `github.com/git-pkgs/vulns`
11. `/Users/andrew/code/git-pkgs/orgs/go.mod` - `github.com/git-pkgs/orgs`
12. `/Users/andrew/code/git-pkgs/testing/go.mod` - `github.com/git-pkgs/testing`
13. `/Users/andrew/code/git-pkgs/foo2nix/go.mod` - `github.com/git-pkgs/foo2nix`
14. `/Users/andrew/code/git-pkgs/spdx/go.mod` - `github.com/git-pkgs/spdx`
15. `/Users/andrew/code/git-pkgs/enrichment/go.mod` - `github.com/git-pkgs/enrichment`
16. `/Users/andrew/code/git-pkgs/forges/go.mod` - `github.com/git-pkgs/forges`
17. `/Users/andrew/code/git-pkgs/manifests/go.mod` - `github.com/git-pkgs/manifests`
18. `/Users/andrew/code/git-pkgs/gitignore/go.mod` - `github.com/git-pkgs/gitignore`
19. `/Users/andrew/code/git-pkgs/purl/go.mod` - `github.com/git-pkgs/purl`
20. `/Users/andrew/code/git-pkgs/git-pkgs/go.mod` - `github.com/git-pkgs/git-pkgs`
agentId: ae08483 (for resuming to continue this agent's work if needed)
<usage>total_tokens: 17378
tool_uses: 26
duration_ms: 17496</usage>

Excellent. Now let me compile all this information into a comprehensive summary for you.

## REUSE Specification Summary for Building a Go Library

Based on my research, here's everything you need to know about the REUSE specification for implementing it in Go:

### Latest Specification Version

**Current Version: 3.3** (released November 2024)

The specification evolved through versions 3.0, 3.2, and 3.3. Version 3.3 implements IETF RFC 2119 for requirement level keywords (MUST, SHOULD, etc.). Previous format used .reuse/dep5; version 3.2 deprecated it in favor of REUSE.toml, which became standard in 3.3.

### Core Compliance Requirements

To be "REUSE compliant," a project must satisfy three requirements:

1. **Choose and provide licenses** — All licenses used must be present in the `LICENSES/` directory as plain text files named `[SPDX-ID].[extension]` (e.g., `GPL-3.0-or-later.txt`)

2. **Add copyright and licensing information to each file** — Every file needs metadata with `SPDX-FileCopyrightText` and `SPDX-License-Identifier` tags

3. **Confirm with the REUSE tool** — The `reuse lint` command must pass without errors

### File Coverage Rules

**Covered Files** (require licensing info):
- All project files

**Excluded Files** (no info needed):
- Files in `LICENSES/` directory
- Root-level `COPYING`, `LICENSE`, `LICENCE` files (with optional suffixes like `.md`)
- Version control files (`.git/`, `.gitignore`, `.gitattributes`, etc.)
- Submodules and Meson subprojects
- `REUSE.toml` files themselves
- Files in `.reuse/` directory
- Symlinks and zero-byte files
- SPDX documents

### SPDX Header Format

Headers must be placed near the file top in comments and include:

**Required elements:**
- One or more Copyright Notices
- One or more `SPDX-License-Identifier` declarations

**Format:**
```
# SPDX-FileCopyrightText: [year] [copyright holder] <[optional contact]>
# SPDX-License-Identifier: [SPDX expression]
```

For Go source files:
```go
// SPDX-FileCopyrightText: 2024 Your Name <your.email@example.com>
// SPDX-License-Identifier: MIT

package main
```

**Copyright notice variations:**
- `SPDX-FileCopyrightText` (recommended for files)
- `SPDX-SnippetCopyrightText` (for code snippets)
- `Copyright` or `©` symbols (alternative prefixes)

All must include: year, copyright holder name, and optionally contact information.

### .License Sidecar Files

For files that cannot include comments (binary files, images, etc.):

**Purpose:** Creates an adjacent text file with licensing metadata

**Naming:** `[original-filename].[extension].license`
- Example: `cat.jpg.license` for file `cat.jpg`

**Content:** Standard SPDX header format
- One or more `SPDX-FileCopyrightText` lines
- One or more `SPDX-License-Identifier` lines
- UTF-8 encoding recommended

**Note:** .license files can also be used with commentable files, but comment headers are preferred.

### REUSE.toml Format (Modern Standard)

REUSE.toml is the modern replacement for deprecated .reuse/dep5. It's a TOML file placed in any project directory.

**Required structure:**
```toml
version = 1

[[annotations]]
path = "src/**/*.go"
SPDX-FileCopyrightText = "2024 Your Name <email@example.com>"
SPDX-License-Identifier = "MIT"

[[annotations]]
path = "*.md"
SPDX-FileCopyrightText = ["2024 Person A", "2024 Person B"]
SPDX-License-Identifier = "CC-BY-4.0"
precedence = "override"
```

**Key fields:**
- `version = 1` (required, schema version)
- `path` (required in annotations) — file patterns using `*` (single dir) and `**` (recursive) globbing
- `SPDX-FileCopyrightText` (optional) — string or list of strings
- `SPDX-License-Identifier` (optional) — valid SPDX license expression
- `precedence` (optional) — determines priority:
  - `closest` (default) — prefers file-level info; uses nearest REUSE.toml if missing
  - `aggregate` — combines REUSE.toml with file-level information
  - `override` — closest REUSE.toml to project root is authoritative

**Important:** REUSE.toml and .reuse/dep5 are mutually exclusive. You cannot use both simultaneously.

### DEP5 Format (.reuse/dep5) - Deprecated

Located at `.reuse/dep5`, uses Debian copyright file format (version 1.0). Deprecated in favor of REUSE.toml but still supported.

**Structure:**
```
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: My Project
Upstream-Contact: Name <email@example.com>

Files: src/*.go
Copyright: 2024 Your Name <email@example.com>
License: MIT

Files: docs/*
Copyright: 2024 Your Name
License: CC-BY-4.0
```

**Note:** New projects should use REUSE.toml instead. The tool provides `reuse convert-dep5` to migrate legacy configurations.

### Snippet-Specific Licensing

For code portions with different licensing than the file:

**Required markers:**
```go
// SPDX-SnippetBegin
// SPDX-FileCopyrightText: 2024 Snippet Author <email@example.com>
// SPDX-License-Identifier: Apache-2.0
// [code snippet here]
// SPDX-SnippetEnd
```

### Ignoring Irrelevant Content

Wrap sections that shouldn't be parsed:
```go
// REUSE-IgnoreStart
// This code was auto-generated and licensing info shouldn't apply
// REUSE-IgnoreEnd
```

### Licensing Information Precedence

When multiple sources declare licensing for a file, this priority applies:

1. `.license` companion files (highest priority)
2. REUSE.toml with `override` precedence
3. In-file comment headers (default)
4. Nearest REUSE.toml with `closest` or `aggregate` precedence
5. DEP5 (.reuse/dep5)

### Reference Implementation Structure

The Python reference tool (fsfe/reuse-tool) demonstrates:

**Core validation checks:**
- License provision — verifies licenses exist in `LICENSES/`
- File-level attribution — checks for proper SPDX headers
- Specification conformance — overall project compliance

**CLI Commands:**
- `reuse lint` — Full project compliance check
- `reuse lint-file <file>` — Check individual files
- `reuse download <license-id>` — Download license texts
- `reuse annotate <file>` — Add headers automatically
- `reuse spdx` — Generate SPDX documentation (software bill of materials)
- `reuse supported-licenses` — List available licenses
- `reuse convert-dep5` — Migrate .reuse/dep5 to REUSE.toml

**Source organization (GitHub: fsfe/reuse-tool):**
- `src/reuse/` — Core implementation
- `tests/` — Comprehensive test suite
- `docs/` — Documentation
- `LICENSES/` — License files
- Multiple Python versions tested (3.10+)

### Available Test Resources

**Example Repository:** [fsfe/reuse-example](https://github.com/fsfe/reuse-example) demonstrates:
- Compliant branch (main) showing proper implementation
- Non-compliant branch for comparison
- C code with Makefile structure
- Practical reference for all compliance patterns

**Test Infrastructure:**
- Unit tests in fsfe/reuse-tool/tests/
- Linting with pylint and mypy
- Code formatting checks (black, isort)
- Can be used as reference for Go implementation test cases

### Key Differences from DEP5

- REUSE.toml uses glob patterns instead of filename patterns
- TOML format (human-friendly) vs Debian format
- `version` field explicit in TOML
- `precedence` field for multi-file handling
- Can place REUSE.toml anywhere; DEP5 always at `.reuse/dep5`

### SPDX License Expression Support

Both single and complex expressions:
- Single: `MIT` or `GPL-3.0-or-later`
- Multiple: `MIT OR Apache-2.0` (alternative licenses)
- Complex: `(MIT AND Apache-2.0) OR GPL-3.0-only`
- Custom: `LicenseRef-customlicense` (must be in `LICENSES/LicenseRef-customlicense.txt`)

---

## Sources

- [REUSE Specification Version 3.3](https://reuse.software/spec-3.3/)
- [REUSE Specification Version 3.2](https://reuse.software/spec-3.2/)
- [REUSE Tool GitHub Repository](https://github.com/fsfe/reuse-tool)
- [REUSE Example Repository](https://github.com/fsfe/reuse-example)
- [REUSE FAQ](https://reuse.software/faq/)
- [REUSE Developer Help](https://reuse.software/dev/)
- [REUSE Tool Codeberg Repository](https://codeberg.org/fsfe/reuse-tool)
- [FSFE REUSE Initiative](https://reuse.software/)
agentId: a6b21c6 (for resuming to continue this agent's work if needed)
<usage>total_tokens: 26815
tool_uses: 17
duration_ms: 145681</usage>

Perfect. Here's what I found:

## 1. /Users/andrew/code/git-pkgs/reuse/ folder

The reuse folder exists but is completely empty - no files or subdirectories yet. Ready for you to build the new module.

## 2. Existing patterns from changelog module

The changelog module at `/Users/andrew/code/git-pkgs/changelog/` shows the established patterns:

**Go module structure (go.mod):**
- Format: `module github.com/git-pkgs/[modulename]`
- Go version: 1.25.6 (no dependencies in changelog's case)

**Source file patterns (changelog.go):**
- Comprehensive package-level documentation comment at the top, explaining the package purpose
- Includes usage examples in the doc comment
- Exports main functions like `Parse()`, `ParseFile()`, `FindAndParse()`
- Defines exported types (`Entry`, `Format`) as structs/constants
- Private regex patterns and helpers below the public API
- Imports organized in standard library first
- Clear separation between public API and implementation details

**Test file patterns (changelog_test.go):**
- Uses standard `testing` package (not rspec, not some testing framework)
- Helper functions for test setup (like `mustReadFixture()`) at the top
- Test functions follow `TestXxx()` naming convention
- Tests use `t.Run()` for subtests when testing multiple behaviors
- Tests load fixture data from a `testdata/` directory
- Straightforward table-driven tests with clear error messages
- Uses `t.Helper()` for helper functions
- Direct assertions with error reporting rather than assertion libraries

The project also includes a LICENSE file and README.md in each module.
agentId: a9f5fd4 (for resuming to continue this agent's work if needed)
<usage>total_tokens: 14226
tool_uses: 6
duration_ms: 8509</usage>

Based on my research, here's what I found about the REUSE specification test suite and available resources for conformance testing:

## Summary of Findings

**There is no standalone, dedicated "REUSE test suite" repository** that you can add as a git submodule in the traditional sense. However, the FSFE has created several resources for REUSE conformance testing:

### 1. **reuse-tool** (Primary Conformance Testing Tool)
- **Location**: https://codeberg.org/fsfe/reuse-tool (canonical) / https://github.com/fsfe/reuse-tool (GitHub mirror)
- **Purpose**: This is the main tool for testing REUSE compliance with the command `reuse lint`
- **Contains**: A `tests/` directory with unit tests and test fixtures in `tests/resources/`
- **Status**: The tool itself validates projects against the REUSE specification

### 2. **Example Repositories with Test Cases**
The FSFE provides example repositories that serve as conformance test fixtures:

#### **fsfe/reuse-example**
- **Branches**: 
  - `main` (compliant version)
  - `noncompliant` (non-compliant version)
- **Location**: https://github.com/fsfe/reuse-example and https://git.fsfe.org/reuse/example
- **Use**: Demonstrates proper REUSE compliance with both passing and failing examples

#### **fsfe/reuse-tutorial-example**
- **Branches**:
  - `compliant` - REUSE-compliant version
  - `non-compliant` - Version without proper copyright/licensing information
- **Location**: https://codeberg.org/fsfe/reuse-tutorial-example
- **Use**: Step-by-step example following the REUSE tutorial

### 3. **reuse-tool Tests Directory**
Within the reuse-tool repository itself, there are test fixtures including:
- Real-world projects tested during CI/CD (curl, SPDX license list, reuse-example)
- Python test files validating the tool across multiple Python versions
- Test resources in `tests/resources/` directory

### 4. **Submodule Considerations**
The FSFE has documented how to handle submodules in REUSE (Issue #29 and #36 in reuse-tool/reuse-docs). The tool supports an `--include-submodules` flag for checking compliance in repositories with git submodules.

## Recommendation

For your git submodule use case, I'd suggest:

1. **Use reuse-example or reuse-tutorial-example** as a reference/fixture repository - these have compliant and non-compliant branches that demonstrate test cases
2. **The reuse-tool itself** contains the conformance testing logic in its `tests/` directory
3. **Create your own test fixture repository** based on the patterns in reuse-example, with branches or separate projects representing compliant/non-compliant cases

There isn't a single "test suite" repository designed specifically for submodule inclusion, but the combination of reuse-tool's test infrastructure and the example repositories provides the foundation for conformance testing.

Sources:
- [fsfe/reuse-tool on GitHub](https://github.com/fsfe/reuse-tool)
- [fsfe/reuse-tool on Codeberg](https://codeberg.org/fsfe/reuse-tool)
- [fsfe/reuse-example on GitHub](https://github.com/fsfe/reuse-example)
- [fsfe/reuse-tutorial-example on Codeberg](https://codeberg.org/fsfe/reuse-tutorial-example)
- [REUSE Help for developers](https://reuse.software/dev/)
- [REUSE Tutorial](https://reuse.software/tutorial/)
agentId: abf62df (for resuming to continue this agent's work if needed)
<usage>total_tokens: 28422
tool_uses: 26
duration_ms: 72173</usage>

Perfect. I now have the complete REUSE spec 3.3. Here are all the normative requirements extracted and organized for your spec-conformant implementation:

## 1. COVERED FILES vs EXCLUSIONS

**Covered Files:** All project files requiring Licensing Information

**Exact Exclusions (MUST NOT require licensing):**
- Files in `LICENSES/` directory
- `COPYING`, `LICENSE`, `LICENCE` files (with optional dash/dot metadata like `LICENSE-MIT`)
- Version control system files and directories (e.g., `.git/`)
- Files ignored by version control (`.gitignore` entries)
- Submodules and Meson subprojects
- `REUSE.toml` files
- Files in `.reuse/` directory (including `dep5`)
- Symlinks
- Zero-byte files
- SPDX documents per SPDX Specification Clause 4.4 (e.g., `sbom.spdx.json`)

## 2. SPDX TAG FORMATS

**SPDX-FileCopyrightText (in comment headers):**
```
SPDX-FileCopyrightText: 2019 Jane Doe <jane@example.com>
SPDX-FileCopyrightText: 2019 Example Organisation
```

**SPDX-License-Identifier (in comment headers):**
```
SPDX-License-Identifier: GPL-3.0-or-later
SPDX-License-Identifier: MIT OR Apache-2.0
```

**SPDX-SnippetCopyrightText (within snippets):**
```
SPDX-SnippetCopyrightText: 2022 Jane Doe <jane@example.com>
```

**For Uncommentable Files (.license sidecar):**
Same tag format but in adjacent text file with `.license` extension (e.g., `cat.jpg.license`)

## 3. COMMENT HEADER DETECTION

**Comment Style Support:** Not explicitly enumerated in spec - implementation relies on file type association. Language-specific comment detection is handled by REUSE tool implementation.

**Positioning:** "SHOULD be as close to the top of the file as possible"

**Required Content in Headers:**
- One or more Copyright Notices (must have prefix)
- One or more `SPDX-License-Identifier` tag-value pairs

**Encoding:** UTF-8 recommended

**For Uncommentable Files:**
- Adjacent `.license` file required (same name + `.license` extension)
- `.license` file: plain text format, same tag format as headers
- `.license` files may also accompany Commentable Files (override headers if present)

## 4. REUSE.TOML SCHEMA (Version 1)

**File Location:** Any directory (covers files within or deeper)

**Required Fields:**
```toml
version = 1  # REQUIRED: Integer representing schema version (this spec describes v1)

[[annotations]]
path = "po/*.po"              # REQUIRED: string or list of strings
precedence = "closest"        # OPTIONAL: "closest" (default), "aggregate", or "override"
SPDX-FileCopyrightText = "2019 Jane Doe"  # OPTIONAL: string or list
SPDX-License-Identifier = "GPL-3.0-or-later"  # OPTIONAL: string or list
```

**Path Globbing Rules:**
- Forward slashes only (/)
- `*` matches everything except forward slashes (non-recursive)
- `**` matches including forward slashes (recursive)
- Escape asterisks: `\\*` (double-backslash in TOML)
- Escape backslashes: `\\\\`
- Paths resolve relative to `REUSE.toml` directory
- Must point to locations in `REUSE.toml` directory or deeper
- Non-existent or non-Covered File paths are ignored

**SPDX-FileCopyrightText Value:**
- String or list of strings
- Each must be valid Copyright Notice
- Prefix may be omitted (will be added automatically)

**SPDX-License-Identifier Value:**
- String or list of strings
- Each must be valid SPDX License Expression

**Additional Keys:** May include other keys (recommended: use existing SPDX tags) for additional information

**Multiple REUSE.toml Files:** Permitted across directories; VCS-ignored `REUSE.toml` files are NOT searched

**JSON Schema Available:** https://reuse.software/reuse-toml-v1.schema.json

## 5. .LICENSE SIDECAR FILES

**Format:**
- Filename: `[original-filename].license`
- Example: `image.jpg.license`, `script.bin.license`
- Must be plain text format
- Uses same SPDX tag format as comment headers

**Applicability:**
- Required for uncommentable files (non-text files, files without comment syntax)
- May optionally accompany commentable files for override

**Precedence:** `.license` files take precedence over file comment headers

**Content Rules:**
- Must contain one or more Copyright Notices
- Must contain one or more `SPDX-License-Identifier` tag-value pairs

## 6. PRECEDENCE RULES (EXACT ORDER)

1. **Adjacent `.license` Files (HIGHEST):** Takes precedence over commentable file's internal Licensing Information

2. **REUSE.toml with `precedence = "override"`:** Uses table's Licensing Information, ignoring closer information; closest `REUSE.toml` to project root is authoritative

3. **File Comment Headers or `.license` sidecar** (INTERMEDIATE): Licensing Information in file itself

4. **REUSE.toml with `precedence = "closest"` (DEFAULT):** Uses Licensing Information from Covered Files or adjacent `.license` files if available; falls back to closest `REUSE.toml`

5. **REUSE.toml with `precedence = "aggregate"`:** Always associates table's Licensing Information; also applies closest logic

6. **DEP5 in `.reuse/dep5` (DEPRECATED):** Aggregates with file comment headers; both SPDX License Expressions apply if they differ

**Multiple matching `[[annotations]]` tables in same REUSE.toml:** Only the FINAL matching table in file is used

**REUSE.toml and DEP5 Mutual Exclusivity:** MUST NOT use both simultaneously in same project

## 7. REUSE-IgnoreStart/REUSE-IgnoreEnd

**Purpose:** Exclude false positives - Licensing Information that appears in files but doesn't represent actual licensing (documentation, output examples, command strings, etc.)

**Usage:**
```
# REUSE-IgnoreStart
echo "SPDX-FileCopyrightText: $(date +'%Y') John Doe" > file.txt
echo "SPDX-License-Identifier: MIT" > file.txt
# REUSE-IgnoreEnd
```

**Critical Rule:** "This technique MUST NOT be used to ignore valid Licensing Information"

**Behavior:** Tool ignores all content between markers - no licensing information parsed within block

## 8. SPDX-SnippetBegin/SPDX-SnippetEnd

**Purpose:** Designate different licensing for specific portions within a file

**Format:**
```
# SPDX-SnippetBegin
# SPDX-SnippetCopyrightText: 2022 Jane Doe <jane@example.com>
# SPDX-License-Identifier: MIT

print("Hello, world!")

# SPDX-SnippetEnd
```

**Required Content:**
- Copyright notice(s) using `SPDX-SnippetCopyrightText` prefix
- One or more `SPDX-License-Identifier` tag-value pairs
- Each opened snippet MUST be closed with `SPDX-SnippetEnd`
- Tags should be commented (language-dependent)

**Spec Reference:** Use SPDX snippet tags per SPDX Specification Annex H

## 9. LICENSES/ DIRECTORY STRUCTURE

**Location:** Must be at project root

**Naming Convention:** `LICENSES/[SPDX-License-Identifier].[extension]`

**Examples:**
- `LICENSES/GPL-3.0-or-later.txt`
- `LICENSES/MIT.txt`
- `LICENSES/LicenseRef-CustomLicense.txt`

**Content Requirements:**
- Plain text format only
- Contains full license text
- No unlicensed licenses (all licenses must be from SPDX License List or use `LicenseRef-[idstring]` format)

**Directory Contents Rule:** "The `LICENSES/` directory MUST NOT include any other files" - license files only

**Licensing Requirement:** "Project MUST include a License File for every license under which Covered Files are licensed"

**Unused Licenses:** No License Files for unused licenses permitted

**Exceptions:** Same rules apply; however, exceptions must exist in SPDX License List

## 10. REUSE COMPLIANCE - LINT CHECKS

A project is "REUSE compliant" when:

1. **Every Covered File has Licensing Information** via one of:
   - Comment header with Copyright Notice(s) + SPDX-License-Identifier
   - Adjacent `.license` sidecar file with same content
   - REUSE.toml annotation entry
   - DEP5 entry (deprecated)

2. **Copyright Notice Format Validation:**
   - Must start with `SPDX-FileCopyrightText`, `SPDX-SnippetCopyrightText`, `Copyright`, or `©`
   - Must contain copyright holder name
   - Should contain year and contact address

3. **SPDX-License-Identifier Validation:**
   - Must be valid SPDX License Expression
   - Supports simple IDs: `MIT`, `GPL-3.0-or-later`
   - Supports expressions: `MIT OR Apache-2.0`, `(MIT AND GPL-2.0-or-later)`

4. **License Files Coverage:**
   - Every license identifier found in Covered Files has corresponding License File in `LICENSES/`
   - File named correctly: `LICENSES/[SPDX-ID].txt` (or other extension)
   - License Files contain plain text
   - `LicenseRef-*` custom licenses must also have files

5. **LICENSES/ Directory Purity:**
   - Contains only license files
   - No other content

6. **REUSE.toml Validity (if present):**
   - Must be valid TOML
   - Must have `version = 1` key
   - All `[[annotations]]` tables have required `path` key
   - `precedence` values are only: `closest`, `aggregate`, `override`
   - `SPDX-FileCopyrightText` and `SPDX-License-Identifier` are valid
   - Valid glob patterns (forward slashes, `*`, `**`)

7. **DEP5 Validity (if present - deprecated):**
   - Located at `.reuse/dep5`
   - Valid Debian copyright format 1.0
   - All entries have `Files:`, `License:`, and `Copyright:` tags
   - No DEP5 if REUSE.toml exists (mutually exclusive)

8. **Snippet Validity:**
   - Every `SPDX-SnippetBegin` has matching `SPDX-SnippetEnd`
   - Snippets contain Copyright Notice(s) and License Expression
   - Proper nesting (no interleaving)

9. **No Critical Omissions:**
   - No uncommentable files without `.license` sidecars
   - No files with only Copyright Notice (missing License)
   - No files with only License (missing Copyright)

10. **Ignore Blocks Correctness:**
    - `REUSE-IgnoreStart` and `REUSE-IgnoreEnd` are paired and properly nested
    - Not used to ignore valid Licensing Information

This is the complete normative specification for REUSE 3.3 compliance.
agentId: af627f9 (for resuming to continue this agent's work if needed)
<usage>total_tokens: 18917
tool_uses: 2
duration_ms: 74950</usage>

Perfect! Now I have a comprehensive understanding. Let me provide you with a detailed report of the test fixtures and implementation structure:

## REUSE-Tool Repository Analysis

I've successfully cloned the reuse-tool repository and thoroughly explored its test fixtures and implementation structure. Here's what I found:

### TEST STRUCTURE OVERVIEW

**Total Test Files:** 20 Python test files (10,831 lines total)
**Largest Tests:**
- `test_cli_annotate.py` (2,000 lines) - Annotation CLI tests
- `test_global_licensing.py` (1,268 lines) - REUSE.toml and .reuse/dep5 parsing
- `test_copyright.py` (1,178 lines) - Copyright notice parsing
- `test_extract.py` (821 lines) - SPDX info extraction
- `test_project.py` (778 lines) - Project initialization
- `test_conftest.py` (745 lines) - Test fixtures and configuration
- `test_comment.py` (681 lines) - Comment style handling
- `test_header.py` (637 lines) - Header creation/manipulation
- `test_report.py` (634 lines) - Report generation
- `test_lint.py` (385 lines) - Linting output formatting

### TEST FIXTURES (from conftest.py)

**Fake Repository Structure:**
```
/tmp/reuse-tool/tests/resources/fake_repository/
├── LICENSES/
│   ├── GPL-3.0-or-later.txt
│   ├── Apache-2.0.txt
│   ├── Autoconf-exception-3.0.txt
│   ├── CC0-1.0.txt
│   └── LicenseRef-custom.txt
├── src/
│   ├── source_code.py (has SPDX headers)
│   ├── source_code.c
│   ├── source_code.html
│   ├── source_code.jinja2
│   ├── multiple_licenses.rs
│   ├── custom.py
│   └── exception.py
└── doc/
    └── usage.md
```

**Global Licensing Test Files:**
- `/tests/resources/dep5` - Sample .reuse/dep5 file (Debian copyright format)
- `/tests/resources/REUSE.toml` - Sample REUSE.toml configuration

**VCS Repository Fixtures:**
The conftest.py creates multiple VCS repositories from the fake_repository:
- `git_repository` - Full Git repo with `.gitignore`, ignored files
- `hg_repository` - Mercurial repo with `.hgignore`
- `fossil_checkout` - Fossil repo with `.fossil-settings/ignore-glob`
- `jujutsu_repository` - Jujutsu repo
- `pijul_repository` - Pijul repo with `.ignore`
- `submodule_repository` - Git repo with submodule support

Each VCS repo fixture includes:
- Compiled Python files (`.pyc`)
- Build directories
- License files
- Proper ignore patterns for each VCS

### KEY TEST CASES BY CATEGORY

**Lint Tests (test_lint.py):**
- Simple lint success/failure
- VCS integration across all supported systems
- Submodule handling (excluded and included)
- Meson subproject handling
- Deprecated license detection
- Bad/invalid licenses
- Missing copyright/license headers
- Unused license files

**Report Tests (test_report.py):**
- FileReport generation with various scenarios
- License discovery in files
- Copyright notice extraction and sorting
- Missing licenses detection
- Bad licenses detection
- File checksum generation
- Multiprocessing/parallelization tests
- Multiple encoding module support

**Extract Tests (test_extract.py):**
- SPDX expression parsing (complex expressions, operators)
- ASCII art frame extraction
- Copyright notice patterns (multiple formats)
- Ignore block filtering (REUSE-IgnoreStart/End)
- Encoding detection (chardet, python-magic, file-magic, charset_normalizer)
- Newline detection
- ReuseInfo extraction

**Copyright Tests (test_copyright.py):**
- YearRange parsing (single years, ranges with different separators)
- Copyright notice parsing
- CopyrightNotice class validation
- SpdxExpression handling
- Copyright sorting and deduplication
- Various copyright formats (SPDX-FileCopyrightText, Copyright, ©, etc.)

**Global Licensing Tests (test_global_licensing.py):**
- REUSE.toml parsing and validation
- .reuse/dep5 parsing (Debian format)
- Precedence modes (AGGREGATE, CLOSEST, OVERRIDE)
- File path matching patterns
- SPDX expression and copyright overrides
- Nested REUSE.toml files

**Project Tests (test_project.py):**
- Project initialization from directories
- License discovery and validation
- VCS strategy detection
- Global licensing detection
- File coverage checking
- Submodule and subproject handling

**Comment Style Tests (test_comment.py):**
- Multi-language comment styles:
  - C/C++ (single/multi-line)
  - Python/Shell (#)
  - HTML/XML
  - Jinja2
  - Rust
  - JavaScript/TypeScript
  - And 20+ more styles
- Shebang handling
- Comment prefix/suffix patterns

**Header Tests (test_header.py):**
- Header creation from ReuseInfo
- Header parsing and extraction
- Header replacement in existing files
- Template-based header generation
- Jinja2 template handling
- Multiple license and copyright handling

**CLI Tests:**
- `test_cli_lint.py` - Lint command with JSON output, exit codes
- `test_cli_annotate.py` - File annotation with headers
- `test_cli_download.py` - License download functionality
- `test_cli_spdx.py` - SPDX report generation
- `test_cli_convert_dep5.py` - .reuse/dep5 to REUSE.toml conversion

### CORE IMPLEMENTATION MODULES

**Module Structure (by size):**

1. **comment.py** (1,014 lines)
   - CommentStyle base class
   - 20+ language-specific comment styles
   - Comment creation and parsing

2. **report.py** (862 lines)
   - FileReport - single file analysis
   - ProjectReport - project-wide analysis
   - ProjectSubsetReport - subset analysis
   - Multiprocessing support
   - SPDX JSON output

3. **copyright.py** (847 lines)
   - YearRange - year or year range parsing
   - CopyrightNotice - copyright line parsing
   - CopyrightPrefix - copyright formats (SPDX, ©, etc.)
   - ReuseInfo - aggregated SPDX + copyright data
   - SpdxExpression - SPDX license expression handling

4. **global_licensing.py** (645 lines)
   - GlobalLicensing base class
   - ReuseTOML - REUSE.toml parser
   - ReuseDep5 - Debian copyright parser
   - AnnotationsItem - path-based licensing rules
   - PrecedenceType enum (AGGREGATE/CLOSEST/OVERRIDE)

5. **extract.py** (530 lines)
   - extract_reuse_info() - find SPDX/copyright in text
   - detect_encoding() - file encoding detection
   - reuse_info_of_file() - extract from file
   - filter_ignore_block() - handle REUSE-IgnoreStart/End
   - Encoding module detection (magic, chardet, charset_normalizer)

6. **vcs.py** (504 lines)
   - VCSStrategy base class
   - VCSStrategyGit, VCSStrategyHg, VCSStrategyFossil, etc.
   - List tracked files by VCS
   - Check if files are ignored

7. **project.py** (495 lines)
   - Project class - central project representation
   - License discovery (.LICENSES/ directory)
   - Global licensing detection
   - File iteration (covered files)
   - VCS integration

8. **lint.py** (366 lines)
   - format_plain() - human-readable lint output
   - format_json() - JSON output
   - format_lines() - error formatting
   - Checks performed:
     - Bad licenses (non-SPDX)
     - Deprecated licenses
     - Missing licenses
     - Unused licenses
     - Unlicensed files
     - Files without copyright

9. **covered_files.py** (170 lines)
   - iter_files() - iterate through covered files
   - is_path_ignored() - check if file should be ignored
   - Ignore patterns for:
     - .git, .hg, .reuse, LICENSES directories
     - LICENSE, COPYING, .gitignore files
     - Binary files, symlinks
     - VCS-specific ignores

10. **header.py** (374 lines)
    - create_header() - generate SPDX header
    - add_new_header() - add header to file
    - find_and_replace_header() - update existing header
    - Template support (Jinja2)

### KEY TEST PATTERNS & ASSERTIONS

**Common Test Checks:**
- Exit codes (0 for pass, 1 for fail)
- Output contains ":-)" for success or ":-(" for failure
- License discovery and validation
- Copyright extraction accuracy
- File coverage calculation
- Multiprocessing consistency
- VCS ignore file handling
- Encoding detection correctness

**Parametrized Tests:**
- `@vcs_params` - Run test across all VCS types
- `@multiprocessing` - Test with/without ProcessPoolExecutor
- `@encoding_module` - Test with different encoding detectors
- `@comment_style` - Test all comment styles
- Parametrized fixtures for various scenarios

### FIXTURE HIERARCHY

```
empty_directory (base fixture)
  ↓
fake_repository (copies resources/fake_repository)
  ├→ fake_repository_reuse_toml (adds REUSE.toml)
  └→ fake_repository_dep5 (adds .reuse/dep5)

_cached_git_repository (base git repo)
  ↓
git_repository (copy with VCS setup)
  ↓
submodule_repository (git with submodule)
```

Similar patterns for hg, fossil, jujutsu, pijul.

### FILES YOU'LL NEED TO PORT

**High Priority (Core Functionality):**
1. `/tmp/reuse-tool/src/reuse/copyright.py` - Copyright parsing
2. `/tmp/reuse-tool/src/reuse/extract.py` - SPDX info extraction
3. `/tmp/reuse-tool/src/reuse/project.py` - Project initialization
4. `/tmp/reuse-tool/src/reuse/report.py` - Report generation
5. `/tmp/reuse-tool/src/reuse/lint.py` - Linting output
6. `/tmp/reuse-tool/src/reuse/covered_files.py` - File coverage
7. `/tmp/reuse-tool/src/reuse/global_licensing.py` - REUSE.toml/dep5

**Medium Priority (Features):**
8. `/tmp/reuse-tool/src/reuse/comment.py` - Comment styles (large file)
9. `/tmp/reuse-tool/src/reuse/header.py` - Header manipulation
10. `/tmp/reuse-tool/src/reuse/vcs.py` - VCS integration

**Test Resources:**
- Fake repository structure at `/tmp/reuse-tool/tests/resources/fake_repository/`
- Sample configs: `dep5`, `REUSE.toml`, `fsfe.png`

All absolute file paths are ready for inspection at `/tmp/reuse-tool/`.
agentId: a291fa6 (for resuming to continue this agent's work if needed)
<usage>total_tokens: 54776
tool_uses: 33
duration_ms: 59095</usage>

Perfect! Now I have all the information needed. Let me compile the comprehensive report.

## Summary of REUSE Repositories Exploration

Based on my investigation, here's what I found:

### 1. Repository Status

**Note:** The requested `https://github.com/fsfe/reuse-spec.git` does not exist as a separate repository. However, the REUSE specification is available at reuse.software/spec-3.3/.

**Available repositories:**
- `fsfe/reuse-example` - Example repositories demonstrating REUSE compliance
- `fsfe/reuse-tool` - The main REUSE compliance checking tool

### 2. REUSE Example Repository Structure

**Location:** `/tmp/reuse-example`

**Branches:**
- `main` - REUSE compliant version
- `noncompliant` - Non-compliant version (no licensing metadata)

**Compliant branch (`main`) structure:**
```
/tmp/reuse-example/
├── LICENSES/
│   ├── CC-BY-4.0.txt (17K)
│   ├── CC0-1.0.txt (6.9K)
│   └── GPL-3.0-or-later.txt (34K)
├── src/
│   └── main.c (with SPDX headers)
├── img/
│   ├── cat.jpg
│   ├── cat.jpg.license
│   ├── dog.jpg
│   └── dog.jpg.license
├── Makefile
├── README.md
└── .gitignore
```

**File: `/tmp/reuse-example/src/main.c`**
```c
/*
 * SPDX-FileCopyrightText: 2019 Jane Doe <jane@example.com>
 *
 * SPDX-License-Identifier: GPL-3.0-or-later
 */

#include <stdio.h>
int main()
{
   printf("Hello, World!");
   return 0;
}
```

**File: `/tmp/reuse-example/img/cat.jpg.license`**
```
SPDX-FileCopyrightText: 2017 Peter Janzen

SPDX-License-Identifier: CC-BY-4.0
```

**Non-compliant branch (`noncompliant`):**
- Lacks LICENSES/ directory entirely
- No .license files for binary assets
- No SPDX headers in source files

### 3. REUSE Tool Test Suite

**Location:** `/tmp/reuse-tool/tests/`

**Test structure:**
- **20 test modules** organized by functionality
- **Test fixtures directory:** `/tmp/reuse-tool/tests/resources/`
  - `fake_repository/` - A complete test repository with licensing metadata
  - `dep5` - Example `.reuse/dep5` file
  - `REUSE.toml` - Example REUSE.toml configuration
  - `fsfe.png` - Binary asset for testing

**Key test files:**
```
tests/
├── conftest.py (22K) - Global test configuration and fixtures
├── test_lint.py (13K) - Tests for compliance checking
├── test_project.py (26K) - Project and compliance tests
├── test_copyright.py (40K) - Copyright notice parsing
├── test_global_licensing.py (43K) - DEP5 and REUSE.toml handling
├── test_extract.py (27K) - Metadata extraction
├── test_cli_lint.py (9.7K) - CLI lint command tests
├── test_comment.py (15K) - Comment style handling
├── test_cli_annotate.py (56K) - File annotation tests
└── [14 other test modules]
```

**Test fixtures in fake_repository:**
```
tests/resources/fake_repository/
├── LICENSES/
│   ├── GPL-3.0-or-later.txt
│   ├── Apache-2.0.txt
│   ├── CC0-1.0.txt
│   ├── Autoconf-exception-3.0.txt
│   └── LicenseRef-custom.txt
├── src/
│   ├── source_code.c (SPDX headers)
│   ├── source_code.py (SPDX headers)
│   ├── exception.py
│   ├── multiple_licenses.rs
│   ├── custom.py
│   ├── source_code.html
│   └── source_code.jinja2
└── doc/
    └── usage.md
```

**Test framework:**
- **Framework:** pytest with extensive fixtures
- **Dependencies:** pytest, pytest-cov, pytest-lazy-fixtures, freezegun
- **VCS support:** Git, Mercurial, Pijul, Jujutsu, Fossil (skipped if not installed)
- **Configuration:** See `pyproject.toml` (poetry-based)

### 4. REUSE Specification Overview

**Current version:** 3.3

**Key conformance requirements:**

1. **License Files**
   - Location: `LICENSES/` directory in project root
   - Naming: `LICENSES/[SPDX-ID].txt` (e.g., `LICENSES/GPL-3.0-or-later.txt`)
   - Format: Plain text

2. **File Metadata**
   - Source files: SPDX headers in comments
   - Binary files: Separate `.license` files
   - Format: `SPDX-FileCopyrightText: [year] [holder]` + `SPDX-License-Identifier: [license]`
   - Custom licenses: `LicenseRef-[idstring]`

3. **Global Licensing (two options)**
   - `.reuse/dep5` - Debian copyright format
   - `REUSE.toml` - Modern TOML-based format (see `/tmp/reuse-tool/REUSE.toml` for example)

4. **REUSE.toml Format Example**
```toml
version = 1

[[annotations]]
path = "doc/*"
precedence = "override"
SPDX-FileCopyrightText = "2017 Jane Doe"
SPDX-License-Identifier = "CC0-1.0"
```

### 5. Potential Git Submodule Options

For testing REUSE compliance:

1. **Option A:** `fsfe/reuse-example` as a submodule
   - Provides both compliant and non-compliant test cases
   - Two branches for contrast testing
   - Small repository, suitable for submodule

2. **Option B:** `fsfe/reuse-tool` (tests/resources/fake_repository)
   - Already has comprehensive test fixtures
   - Can extract and use `tests/resources/fake_repository` as a separate test fixture
   - Contains more complex scenarios (multiple licenses, exceptions, custom licenses)

3. **Best approach:** Use `fsfe/reuse-example` as primary submodule (demonstrates REUSE spec clearly), and optionally extract test fixtures from `reuse-tool` for more complex test cases.

### Sources

- [REUSE Specification – Version 3.3](https://reuse.software/spec-3.3/)
- [GitHub - fsfe/reuse-example](https://github.com/fsfe/reuse-example)
- [GitHub - fsfe/reuse-tool](https://github.com/fsfe/reuse-tool)
- [REUSE Specification – Version 3.2](https://reuse.software/spec-3.2/)
- [REUSE Frequently Asked Questions](https://reuse.software/faq/)
agentId: aba14ac (for resuming to continue this agent's work if needed)
<usage>total_tokens: 39675
tool_uses: 50
duration_ms: 132167</usage>

agentId: a8cb981 (for resuming to continue this agent's work if needed)
<usage>total_tokens: 63435
tool_uses: 35
duration_ms: 74091</usage>