Restructure solution layout by module

src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Go/AGENTS.md

@@ -0,0 +1,31 @@
+# StellaOps.Scanner.Analyzers.Lang.Go — Agent Charter
+
+## Role
+Build the Go analyzer plug-in that reads Go build info, module metadata, and DWARF notes to attribute binaries with rich provenance inside Scanner.
+
+## Scope
+- Inspect binaries for build info (`.note.go.buildid`, Go build info blob) and extract module, version, VCS metadata.
+- Parse DWARF-lite sections for commit hash / dirty flag and map to components.
+- Manage shared hash cache to dedupe identical binaries across layers.
+- Provide benchmarks and determinism fixtures; package plug-in manifest.
+
+## Out of Scope
+- Native library link analysis (belongs to native analyzer).
+- VCS remote fetching or symbol download.
+- Policy decisions or vulnerability joins.
+
+## Expectations
+- Latency targets: ≤400 µs (hot) / ≤2 ms (cold) per binary; minimal allocations via buffer pooling.
+- Shared buffer pooling via `ArrayPool<byte>` for build-info/DWARF reads; safe for concurrent scans.
+- Deterministic fallback to `bin:{sha256}` when metadata absent; heuristics clearly identified.
+- Offline-first: rely solely on embedded metadata.
+- Telemetry for binaries processed, metadata coverage, heuristics usage.
+- Heuristic fallback metrics: `scanner_analyzer_golang_heuristic_total{indicator,version_hint}` increments whenever stripped binaries are classified via fallbacks.
+
+## Dependencies
+- Shared language analyzer core; Worker dispatcher; caching infrastructure (layer cache + file CAS).
+
+## Testing & Artifacts
+- Golden fixtures for modules with/without VCS info, stripped binaries, cross-compiled variants.
+- Benchmark comparison with competitor scanners to demonstrate speed/fidelity advantages (captured in `src/Bench/StellaOps.Bench/Scanner.Analyzers/lang/go/`).
+- ADR documenting heuristics and risk mitigation.