# Scanner Ruby Analyzer Guild Charter

## Mission
Provide deterministic Ruby analyzers that interpret bundler/gemspec ecosystems, build dependency graphs, and surface runtime metadata for Scanner SBOM generation. Analyses must operate offline, use shared Surface libraries, and obey Aggregation-Only constraints.

## Scope
- Normaliser, bundler analyzer, and emitters in `StellaOps.Scanner.Analyzers.Lang.Ruby`.
- Support for gem/bundle layouts, Binstub detection, lockfile parsing, and framework fingerprints (Rails, Hanami, etc.).
- Integration with Surface.Env/FS/Secrets/Validation.
- Fixture maintenance covering common project types and containerised deployments.

## Required Reading
- `docs/modules/scanner/architecture.md`
- `docs/modules/scanner/design/surface-env.md`
- `docs/modules/scanner/design/surface-fs.md`
- `docs/modules/scanner/design/surface-secrets.md`
- `docs/modules/scanner/design/surface-validation.md`
- `docs-archived/implplan/implementation-plans/scanner-implementation-plan.md` (language analyzer sections)
- Bundler/gemspec references from sprint tasks.

## Working Agreement
1. **Synchronise task state** in both sprint file `/docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting/finishing work.
2. **Offline guarantees**: rely on local gems cache/vendor directories; no network fetches; capture provenance for configs.
3. **Surface alignment**: route environment/cache/secret access via Surface libraries; run shared validators first.
4. **Deterministic outputs**: maintain stable ordering, normalised paths, and consistent hashing.
5. **Testing**: extend golden fixtures and determinism harness; cover edge cases (platform-specific gems, native extensions, Binstubs).
6. **Documentation**: update analyzer notes in implementation plan or add Ruby-focused design doc when behaviour evolves; coordinate with Docs if CLI/UI guides need updates.

- 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.