# Scanner Design Dossiers

This directory contains deep technical designs for current and upcoming analyzers and surface components.

## Language analyzers
- `ruby-analyzer.md` — lockfile, runtime graph, capability signals for Ruby.
 - `deno-runtime-signals.md` — runtime trace + policy signal contract for Deno analyzer.
 - `deno-runtime-shim.md` — loader/trace shim plan for runtime NDJSON capture in Deno analyzer.

## Surface & platform contracts
- `surface-fs.md`
- `surface-env.md`
- `surface-validation.md`
- `surface-secrets.md`

## OS ecosystem designs
- `macos-analyzer.md` — Homebrew, pkgutil, `.app` bundle plan.
- `windows-analyzer.md` — MSI, WinSxS, Chocolatey, registry collectors.
- `cdx17-cbom-contract.md` — deterministic CycloneDX 1.7 + CBOM export profile (ordering, hashes, downgrade rules).
- `slsa-source-track.md` — deterministic SLSA Source Track capture (repo/ref/commit, tree hash, invocation hash, provenance DSSE, CAS paths).

## Demand & dashboards
- `../../benchmarks/scanner/windows-macos-demand.md` — demand tracker.
- `../../benchmarks/scanner/windows-macos-interview-template.md` — interview template.
- `../../api/scanner/windows-coverage.md` — coverage summary dashboard.
- `../../api/scanner/windows-macos-summary.md` — metric snapshot.

## Utility & reference
- `../operations/field-engagement.md` — SE workflow guidance.
- `../operations/analyzers.md` — operational runbook.
- `../operations/rustfs-migration.md` — storage migration notes.

## Maintenance tips
- Keep demand tracker (`../../benchmarks/scanner/windows-macos-demand.md`) and API dashboards in sync when updating macOS/Windows designs.
- Cross-reference policy readiness briefs for associated predicates and waiver models.

## Policy readiness
- `../policy/secret-leak-detection-readiness.md` — secret leak pipeline decisions.
- `../policy/windows-package-readiness.md` — Windows analyzer policy decisions.