# Field Engagement Playbook: Windows and macOS Coverage This playbook helps field teams answer Windows/macOS coverage questions without drifting into speculative promises. ## 1) Current scope (baseline) - Scanner targets deterministic container-image workflows first (Linux-focused). - Windows and macOS analyzers are design-tracked and should be discussed as "in discovery/design" unless a specific sprint/feature flag says otherwise. ## 2) Operator talking points - Determinism and offline parity are non-negotiable: any Windows/macOS expansion must keep fixtures, ordering, hashing, and Offline Kit flows reproducible. - Coverage work is split into: - Scanner analyzers (collection and parsing), - Policy predicates (trust/verification rules), - Offline Kit packaging (feeds, certificates, mirrors, and deterministic indexes). ## 3) Where to point people - Design briefs: - `docs/modules/scanner/design/windows-analyzer.md` - `docs/modules/scanner/design/macos-analyzer.md` - Deep dives and research notes: - `docs/benchmarks/scanner/deep-dives/windows.md` - `docs/benchmarks/scanner/deep-dives/macos.md` - Demand capture: `docs/benchmarks/scanner/windows-macos-demand.md` - Policy readiness notes: - `docs/modules/policy/windows-package-readiness.md` - `docs/modules/policy/secret-leak-detection-readiness.md` ## 4) Signal capture workflow 1. Capture requirements using `docs/benchmarks/scanner/windows-macos-interview-template.md`. 2. Append a structured summary to `docs/benchmarks/scanner/windows-macos-demand.md`. 3. If the signal implies policy/security decisions (signature verification, trust roots, masking/telemetry), update the relevant readiness notes and reference the demand entry. 4. Share the updated demand entry with the Scanner and Policy guilds in the next sync. ## 5) FAQ snippets - When will Windows/macOS be GA? Demand- and evidence-driven; avoid date promises. Use the design briefs and deep dives for the current state. - Can we run scans offline? Offline parity is required; any OS expansion must include an Offline Kit story (feeds, trust roots, deterministic indexes). - Do we cover Authenticode/notarization? Treat as a policy/security decision captured in readiness notes, not an implicit feature promise.