v0.1.0-alpha

• PEB → RTL_USER_PROCESS_PARAMETERS parsing (x64 + WOW64).
• Heuristic engine (0–100) with reasons (LOLBins, CWD/path anomalies, masquerading, obfuscation).
• Code signing (WinVerifyTrust) with publisher/thumbprint.
• Whitelists: --whitelist-pub, --whitelist-path.
• UTF-8 JSON via -o/--output (no redirect issues).
• Threshold filter: --min-score / -t.
• Modular codebase (proc_peb, output, print) + CI build & release.