feat: implement security analysis stubs with post-quantum crypto detection

- Implement 10 standalone security check functions:
  - checkSqlInjection, checkXss, checkCsrf
  - checkCommandInjection, checkPathTraversal
  - checkUnsafeDeserialization, checkWeakCrypto
  - checkHardcodedSecrets, checkDangerousFunctions
- Weak crypto detection flags MD5/SHA1, recommends SHAKE3-256/BLAKE3
- Add DUBLINCORE.rdf, CITATION.cff, void.ttl metadata
- Add PRIORITY.adoc (MUST/SHOULD/COULD list)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: Jonathan D.A. Jewell

CITATION.cff

@@ -0,0 +1,25 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+cff-version: 1.2.0
+title: sanctify-php
+message: "If you use this software, please cite it as below."
+type: software
+authors:
+  - family-names: Jewell
+    given-names: Jonathan D.A.
+repository-code: "https://github.com/hyperpolymath/sanctify-php"
+url: "https://github.com/hyperpolymath/sanctify-php"
+abstract: >-
+  Haskell-based PHP hardening and security analysis tool.
+  Performs taint tracking, type inference, security vulnerability
+  detection (SQLi, XSS, CSRF, command injection), and automatic
+  code transformations for safer PHP.
+keywords:
+  - php
+  - static-analysis
+  - security
+  - haskell
+  - taint-tracking
+  - wordpress
+license: AGPL-3.0-or-later
+version: "0.1.0"
+date-released: "2025-01-03"

DUBLINCORE.rdf

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- SPDX-License-Identifier: AGPL-3.0-or-later -->
+<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+         xmlns:dc="http://purl.org/dc/elements/1.1/"
+         xmlns:dcterms="http://purl.org/dc/terms/">
+  <rdf:Description rdf:about="https://github.com/hyperpolymath/sanctify-php">
+    <dc:title>sanctify-php</dc:title>
+    <dc:creator>Jonathan D.A. Jewell</dc:creator>
+    <dc:subject>Static Analysis</dc:subject>
+    <dc:subject>PHP Security</dc:subject>
+    <dc:subject>Code Transformation</dc:subject>
+    <dc:subject>Taint Tracking</dc:subject>
+    <dc:description>Haskell-based PHP hardening and security analysis tool with taint tracking, type inference, and automatic transformations</dc:description>
+    <dc:publisher>Hyperpolymath</dc:publisher>
+    <dc:type>Software</dc:type>
+    <dc:format>application/x-haskell</dc:format>
+    <dc:identifier>https://github.com/hyperpolymath/sanctify-php</dc:identifier>
+    <dc:language>en</dc:language>
+    <dc:rights>AGPL-3.0-or-later</dc:rights>
+    <dcterms:license rdf:resource="https://www.gnu.org/licenses/agpl-3.0"/>
+    <dcterms:conformsTo rdf:resource="https://github.com/hyperpolymath/rhodium-standard-repositories"/>
+  </rdf:Description>
+</rdf:RDF>

PRIORITY.adoc

@@ -0,0 +1,84 @@
+// SPDX-License-Identifier: AGPL-3.0-or-later
+= sanctify-php Priority List
+:toc:
+
+== MUST (Critical - Core Analysis)
+
+[cols="1,3,1"]
+|===
+|ID |Task |Status
+
+|M1
+|Implement standalone security checks (SQL, XSS, CSRF, etc.)
+|✓ DONE
+
+|M2
+|Weak crypto detection (flag MD5/SHA1, recommend SHAKE3-256/BLAKE3)
+|✓ DONE
+
+|M3
+|Post-quantum crypto advisory (Kyber/Dilithium recommendations)
+|✓ DONE
+
+|M4
+|Complete taint tracking for all PHP superglobals
+|✓ DONE
+
+|M5
+|Config file parsing (YAML/JSON)
+|PENDING
+|===
+
+== SHOULD (Important - WordPress Focus)
+
+[cols="1,3,1"]
+|===
+|ID |Task |Status
+
+|S1
+|WordPress hook security analysis
+|PENDING
+
+|S2
+|WordPress capability escalation detection
+|PENDING
+
+|S3
+|Auto-fix for common issues (strict_types, esc_html, etc.)
+|PENDING
+
+|S4
+|SARIF output format for CI integration
+|PENDING
+
+|S5
+|LSP server for IDE integration
+|PENDING
+
+|S6
+|Add Guix/Nix package definitions
+|PENDING
+|===
+
+== COULD (Nice to Have - Future)
+
+[cols="1,3,1"]
+|===
+|ID |Task |Status
+
+|C1
+|Laravel-specific security rules
+|PENDING
+
+|C2
+|Symfony-specific security rules
+|PENDING
+
+|C3
+|Performance impact analysis
+|PENDING
+
+|C4
+|Automated PR review comments via GitHub Actions
+|PENDING
+|===