{
  "context": "Tests whether the agent discovers all .csproj files in inputs/ (not just the one named in the task), maps them to the dotnet language parameter, and invokes the Meterian CLI. Discovery is verified by outcome: System.Net.Http only exists in PaymentApi.Tests.csproj — if it appears in scan-raw.json, both files were scanned.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "dotnet language",
      "description": "Sets language to `dotnet` for NuGet packages — confirmed by `language: dotnet` appearing in scan-raw.json entries",
      "max_score": 20
    },
    {
      "name": "Both csproj files scanned",
      "description": "`System.Net.Http` (only present in `PaymentApi.Tests.csproj`, not in `PaymentApi.csproj`) appears in scan-raw.json or the report — proving both project files were discovered and scanned",
      "max_score": 25
    },
    {
      "name": "PackageReference extraction",
      "description": "Extracts package names and versions from the PackageReference elements across both .csproj files",
      "max_score": 15
    },
    {
      "name": "Raw scan data file",
      "description": "A file named `scan-raw.json` exists containing a JSON object with a `vulnerable` array — the Meterian CLI check output format",
      "max_score": 15
    },
    {
      "name": "Markdown table",
      "description": "Report contains a markdown table with the required audit columns (Package, Version, Severity, ID, Safe Version(s))",
      "max_score": 13
    },
    {
      "name": "Summary line",
      "description": "Report includes a summary line with vulnerability and package counts",
      "max_score": 12
    }
  ]
}