feat: Add guild charters and task boards for various components

- Introduced guild charters for Scanner Deno, PHP, Ruby, Native, WebService, Java, Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, UI, Zastava Observer, Zastava Webhook, Zastava Core, and Plugin Platform.
- Each charter outlines the mission, scope, required reading, and working agreements for the respective guilds.
- Created task boards for Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, and Zastava components to track progress and dependencies.
- Ensured all documents emphasize determinism, offline readiness, security, and integration with shared Surface libraries.

src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Chromium/AGENTS.md

@@ -1,28 +1,39 @@
-# AGENTS
-## Role
-Chromium/Chrome vendor feed connector parsing Stable Channel Update posts; authoritative vendor context for Chrome/Chromium versions and CVE lists; maps fixed versions as affected ranges.
-## Scope
-- Crawl Chrome Releases blog list; window by publish date; fetch detail posts; identify "Stable Channel Update" and security fix sections.
-- Validate HTML; extract version trains, platform notes (Windows/macOS/Linux/Android), CVEs, acknowledgements; map fixed versions.
-- Persist raw docs and maintain source_state cursor; idempotent mapping.
-## Participants
-- Source.Common (HTTP, HTML helpers, validators).
-- Storage.Mongo (document, dto, advisory, alias, affected, reference, psirt_flags, source_state).
-- Models (canonical; affected ranges by product/version).
-- Core/WebService (jobs: source:chromium:fetch|parse|map).
-- Merge engine (later) to respect vendor PSIRT precedence for Chrome.
-## Interfaces & contracts
-- Aliases: CHROMIUM-POST:<yyyy-mm-dd or slug> plus CVE ids.
-- Affected: Vendor=Google, Product=Chrome/Chromium (platform tags), Type=vendor; Versions indicate introduced? (often unknown) and fixed (for example 127.0.6533.88); tags mark platforms.
-- References: advisory (post URL), release notes, bug links; kind set appropriately.
-- Provenance: method=parser; value=post slug; recordedAt=fetch time.
-## In/Out of scope
-In: vendor advisory mapping, fixed version emission per platform, psirt_flags vendor context.
-Out: OS distro packaging semantics; bug bounty details beyond references.
-## Observability & security expectations
-- Metrics: SourceDiagnostics exports the shared `concelier.source.http.*` counters/histograms tagged `concelier.source=chromium`, enabling dashboards to observe fetch volumes, parse failures, and map affected counts via tag filters.
-- Logs: post slugs, version extracted, platform coverage, timing; allowlist blog host.
-## Tests
-- Author and review coverage in `../StellaOps.Concelier.Connector.Vndr.Chromium.Tests`.
-- Shared fixtures (e.g., `MongoIntegrationFixture`, `ConnectorTestHarness`) live in `../StellaOps.Concelier.Testing`.
-- Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.
+# AGENTS
+## Role
+Chromium/Chrome vendor feed connector parsing Stable Channel Update posts; authoritative vendor context for Chrome/Chromium versions and CVE lists; maps fixed versions as affected ranges.
+## Scope
+- Crawl Chrome Releases blog list; window by publish date; fetch detail posts; identify "Stable Channel Update" and security fix sections.
+- Validate HTML; extract version trains, platform notes (Windows/macOS/Linux/Android), CVEs, acknowledgements; map fixed versions.
+- Persist raw docs and maintain source_state cursor; idempotent mapping.
+## Participants
+- Source.Common (HTTP, HTML helpers, validators).
+- Storage.Mongo (document, dto, advisory, alias, affected, reference, psirt_flags, source_state).
+- Models (canonical; affected ranges by product/version).
+- Core/WebService (jobs: source:chromium:fetch|parse|map).
+- Merge engine (later) to respect vendor PSIRT precedence for Chrome.
+## Interfaces & contracts
+- Aliases: CHROMIUM-POST:<yyyy-mm-dd or slug> plus CVE ids.
+- Affected: Vendor=Google, Product=Chrome/Chromium (platform tags), Type=vendor; Versions indicate introduced? (often unknown) and fixed (for example 127.0.6533.88); tags mark platforms.
+- References: advisory (post URL), release notes, bug links; kind set appropriately.
+- Provenance: method=parser; value=post slug; recordedAt=fetch time.
+## In/Out of scope
+In: vendor advisory mapping, fixed version emission per platform, psirt_flags vendor context.
+Out: OS distro packaging semantics; bug bounty details beyond references.
+## Observability & security expectations
+- Metrics: SourceDiagnostics exports the shared `concelier.source.http.*` counters/histograms tagged `concelier.source=chromium`, enabling dashboards to observe fetch volumes, parse failures, and map affected counts via tag filters.
+- Logs: post slugs, version extracted, platform coverage, timing; allowlist blog host.
+## Tests
+- Author and review coverage in `../StellaOps.Concelier.Connector.Vndr.Chromium.Tests`.
+- Shared fixtures (e.g., `MongoIntegrationFixture`, `ConnectorTestHarness`) live in `../StellaOps.Concelier.Testing`.
+- Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.
+
+## Required Reading
+- `docs/modules/concelier/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+
+## Working Agreement
+- 1. Update task status to `DOING`/`DONE` in both `docs/implplan/SPRINTS.md` and the local `TASKS.md` when you start or finish work.
+- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
+- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
+- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
+- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.