Resolve Concelier/Excititor merge conflicts

src/StellaOps.Scanner.Analyzers.Lang/AGENTS.md

@@ -0,0 +1,33 @@
+# StellaOps.Scanner.Analyzers.Lang — Agent Charter
+
+## Role
+Deliver deterministic language ecosystem analyzers that run inside Scanner Workers, emit component evidence for SBOM assembly, and package as restart-time plug-ins.
+
+## Scope
+- Shared analyzer abstractions for installed application ecosystems (Java, Node.js, Python, Go, .NET, Rust).
+- Evidence helpers that map on-disk artefacts to canonical component identities (purl/bin sha) with provenance and usage flags.
+- File-system traversal, metadata parsing, and normalization for language-specific package formats.
+- Plug-in bootstrap, manifest authoring, and DI registration so Workers load analyzers at start-up.
+
+## Out of Scope
+- OS package analyzers, native link graph, or EntryTrace plug-ins (handled by other guilds).
+- SBOM composition, diffing, or signing (owned by Emit/Diff/Signer groups).
+- Policy adjudication or vulnerability joins.
+
+## Expectations
+- Deterministic output: identical inputs → identical component ordering and hashes.
+- Memory discipline: streaming walkers, avoid loading entire trees; reuse buffers.
+- Cancellation-aware and timeboxed per layer.
+- Enrich telemetry (counters + timings) via Scanner.Core primitives.
+- Update `TASKS.md` as work progresses (TODO → DOING → DONE/BLOCKED).
+
+## Dependencies
+- Scanner.Core contracts + observability helpers.
+- Scanner.Worker analyzer dispatcher.
+- Upcoming Scanner.Emit models for SBOM assembly.
+- Plugin host infrastructure under `StellaOps.Plugin`.
+
+## Testing & Artifacts
+- Determinism harness with golden fixtures under `Fixtures/`.
+- Microbench benchmarks recorded per language where feasible.
+- Plugin manifests stored under `plugins/scanner/analyzers/lang/` with cosign workflow documented.