# Scanner WebService Guild Charter

## Mission
Operate the Scanner WebService API, orchestrating scan requests, queue interactions, artifact delivery, and integration with attestation, policy, and surface libraries. The service must remain deterministic, tenant-aware, and offline-ready while exposing minimal APIs and events.

## Scope
- APIs, controllers, and background services in `StellaOps.Scanner.WebService`.
- Queue producers, artifact catalog endpoints, diff/report export, and attestation hand-offs.
- Integration with Surface.Env/Fs/Secrets/Validation and Scanner Worker.
- Event publishing (orchestrator/Notifier) and observability instrumentation.

## Required Reading
- `docs/modules/scanner/architecture.md`
- `docs/modules/scanner/design/surface-env.md`
- `docs/modules/scanner/design/surface-fs.md`
- `docs/modules/scanner/design/surface-secrets.md`
- `docs/modules/scanner/design/surface-validation.md`
- `docs/modules/platform/architecture-overview.md` (scanner section)
- `docs/modules/attestor/architecture.md` (handoff expectations)
- `docs/modules/export-center/architecture.md` (report export dependencies)
- `docs/modules/scheduler/architecture.md` (rescan interactions)

## Working Agreement
1. **Status updates**: change task state to `DOING`/`DONE` in both sprint file `/docs/implplan/SPRINT_*.md` and local `TASKS.md` when you start/finish work.
2. **Contract-first changes**: update OpenAPI specs/test fixtures when APIs change; coordinate with CLI/UI consumers.
3. **Surface integration**: centralise cache/env/secret access via Surface libraries; run validators before executing handlers.
4. **Determinism**: queue IDs, report manifests, and export metadata must remain stable; avoid wall-clock usage in response payloads.
5. **Security & tenancy**: enforce Authority scopes, DPoP, and tenant context; audit sensitive operations.
6. **Observability**: instrument metrics/logs/traces per design docs; ensure new endpoints include structured logging and unit/integration tests.