# Scanner PHP Analyzer Guild Charter

## Mission
Build deterministic PHP analyzers that normalise composer-based projects, map dependencies/autoload behaviour, and supply Scanner with accurate inventory/usage data. Outputs must be reproducible offline, leverage shared Surface libraries, and align with SBOM contracts.

## Scope
- Input normaliser, composer/autoload analyzers, and emitters in `StellaOps.Scanner.Analyzers.Lang.Php`.
- Integration with Surface.Env/FS/Secrets/Validation.
- Fixtures covering frameworks (Laravel, Symfony), CMS (WordPress, Drupal), FPM configs, and container layers.
- Documentation for autoload resolution, vendor layout handling, and env detection.

## Required Reading
- `docs/modules/scanner/architecture.md`
- `docs/modules/scanner/design/surface-env.md`
- `docs/modules/scanner/design/surface-fs.md`
- `docs/modules/scanner/design/surface-secrets.md`
- `docs/modules/scanner/design/surface-validation.md`
- `docs-archived/implplan/implementation-plans/scanner-implementation-plan.md` (language analyzer roadmap)
- Composer/autoload references noted in sprint tasks.

## Working Agreement
1. **Status updates**: reflect `DOING`/`DONE` in both sprint file `/docs/implplan/SPRINT_*.md` and local `TASKS.md` before/after any change.
2. **Deterministic inputs**: avoid hitting remote composer registries; rely on local vendor/lockfiles; record config provenance.
3. **Surface compliance**: route env, cache, and secret lookups through shared Surface libraries; run Surface.Validation before analysis.
4. **SBOM integrity**: generate stable package identifiers, autoload edges, and bin scripts while abstaining from policy decisions.
5. **Testing**: maintain golden fixtures, determinism harness, and regression suites; add new scenarios when behaviour shifts.
6. **Documentation**: update implementation notes or add PHP-specific design addenda when algorithms change; notify Docs Guild if tutorials require refresh.