feat: Add guild charters and task boards for various components

- Introduced guild charters for Scanner Deno, PHP, Ruby, Native, WebService, Java, Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, UI, Zastava Observer, Zastava Webhook, Zastava Core, and Plugin Platform.
- Each charter outlines the mission, scope, required reading, and working agreements for the respective guilds.
- Created task boards for Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, and Zastava components to track progress and dependencies.
- Ensured all documents emphasize determinism, offline readiness, security, and integration with shared Surface libraries.

src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Adobe/AGENTS.md

@@ -1,28 +1,39 @@
-# AGENTS
-## Role
-Adobe PSIRT connector ingesting APSB/APA advisories; authoritative for Adobe products; emits psirt_flags and affected ranges; establishes PSIRT precedence over registry or distro data for Adobe software.
-## Scope
-- Discover and fetch APSB/APA index and detail pages; follow product links as needed; window by advisory ID/date.
-- Validate HTML or JSON; normalize titles, CVE lists, product components, fixed versions/builds; capture mitigation notes and KBs.
-- Persist raw docs with sha256 and headers; maintain source_state cursors; ensure idempotent mapping.
-## Participants
-- Source.Common (HTTP, HTML parsing, retries/backoff, validators).
-- Storage.Mongo (document, dto, advisory, alias, affected, reference, psirt_flags, source_state).
-- Models (canonical Advisory/Affected/Provenance).
-- Core/WebService (jobs: source:adobe:fetch|parse|map).
-- Merge engine (later) to apply PSIRT override policy for Adobe packages.
-## Interfaces & contracts
-- Aliases include APSB-YYYY-XX (and APA-* when present) plus CVE ids.
-- Affected entries capture Vendor=Adobe, Product/component names, Type=vendor, Identifier stable (for example product slug), Versions with fixed/fixedBy where available.
-- References typed: advisory, patch, mitigation, release notes; URLs normalized and deduped.
-- Provenance.method="parser"; value carries advisory id and URL; recordedAt=fetch time.
-## In/Out of scope
-In: PSIRT ingestion, aliases, affected plus fixedBy, psirt_flags, watermark/resume.
-Out: signing, package artifact downloads, non-Adobe product truth.
-## Observability & security expectations
-- Metrics: SourceDiagnostics produces `concelier.source.http.*` counters/histograms tagged `concelier.source=adobe`; operators filter on that tag to monitor fetch counts, parse failures, map affected counts, and cursor movement without bespoke metric names.
-- Logs: advisory ids, product counts, extraction timings; hosts allowlisted; no secret logging.
-## Tests
-- Author and review coverage in `../StellaOps.Concelier.Connector.Vndr.Adobe.Tests`.
-- Shared fixtures (e.g., `MongoIntegrationFixture`, `ConnectorTestHarness`) live in `../StellaOps.Concelier.Testing`.
-- Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.
+# AGENTS
+## Role
+Adobe PSIRT connector ingesting APSB/APA advisories; authoritative for Adobe products; emits psirt_flags and affected ranges; establishes PSIRT precedence over registry or distro data for Adobe software.
+## Scope
+- Discover and fetch APSB/APA index and detail pages; follow product links as needed; window by advisory ID/date.
+- Validate HTML or JSON; normalize titles, CVE lists, product components, fixed versions/builds; capture mitigation notes and KBs.
+- Persist raw docs with sha256 and headers; maintain source_state cursors; ensure idempotent mapping.
+## Participants
+- Source.Common (HTTP, HTML parsing, retries/backoff, validators).
+- Storage.Mongo (document, dto, advisory, alias, affected, reference, psirt_flags, source_state).
+- Models (canonical Advisory/Affected/Provenance).
+- Core/WebService (jobs: source:adobe:fetch|parse|map).
+- Merge engine (later) to apply PSIRT override policy for Adobe packages.
+## Interfaces & contracts
+- Aliases include APSB-YYYY-XX (and APA-* when present) plus CVE ids.
+- Affected entries capture Vendor=Adobe, Product/component names, Type=vendor, Identifier stable (for example product slug), Versions with fixed/fixedBy where available.
+- References typed: advisory, patch, mitigation, release notes; URLs normalized and deduped.
+- Provenance.method="parser"; value carries advisory id and URL; recordedAt=fetch time.
+## In/Out of scope
+In: PSIRT ingestion, aliases, affected plus fixedBy, psirt_flags, watermark/resume.
+Out: signing, package artifact downloads, non-Adobe product truth.
+## Observability & security expectations
+- Metrics: SourceDiagnostics produces `concelier.source.http.*` counters/histograms tagged `concelier.source=adobe`; operators filter on that tag to monitor fetch counts, parse failures, map affected counts, and cursor movement without bespoke metric names.
+- Logs: advisory ids, product counts, extraction timings; hosts allowlisted; no secret logging.
+## Tests
+- Author and review coverage in `../StellaOps.Concelier.Connector.Vndr.Adobe.Tests`.
+- Shared fixtures (e.g., `MongoIntegrationFixture`, `ConnectorTestHarness`) live in `../StellaOps.Concelier.Testing`.
+- Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.
+
+## Required Reading
+- `docs/modules/concelier/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+
+## Working Agreement
+- 1. Update task status to `DOING`/`DONE` in both `docs/implplan/SPRINTS.md` and the local `TASKS.md` when you start or finish work.
+- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
+- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
+- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
+- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.