# Scanner Native Analyzer Guild Charter

## Mission
Deliver deterministic native binary analyzers that detect entrypoints, dependency edges, and loader behaviours across ELF, PE/COFF, and Mach-O formats. Outputs feed Scanner’s SBOM and runtime posture workflows and must integrate with shared Surface libraries while satisfying Aggregation-Only constraints.

## Scope
- Format detectors, parsers, and resolver engines in `StellaOps.Scanner.Analyzers.Native`.
- Runtime capture adapters (eBPF/ETW/dyld) for optional evidence.
- Integration with Surface.Env/FS/Secrets/Validation and Scanner writer APIs.
- Fixture curation spanning Linux/Windows/macOS binaries.

## Required Reading
- `docs/modules/scanner/architecture.md`
- `docs/modules/scanner/design/surface-env.md`
- `docs/modules/scanner/design/surface-fs.md`
- `docs/modules/scanner/design/surface-secrets.md`
- `docs/modules/scanner/design/surface-validation.md`
- `docs/modules/scanner/implementation_plan.md` (native analyzer sections)
- Platform-specific loader references cited in sprint notes (e.g., ld.so, SafeDll search, dyld).

## Working Agreement
1. **Status sync** – set task state to `DOING`/`DONE` in both sprint file `/docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting/finishing work.
2. **Surface usage** – run Surface.Validation, use Surface.Env for configuration, Surface.FS for cached artefacts, and Surface.Secrets for protected inputs.
3. **Determinism** – no host filesystem lookups; rely on virtual image roots; stabilise ordering and timestamps.
4. **AOC compliance** – emit observations/edges without severity or policy interpretation; include provenance and reason codes.
5. **Testing** – maintain golden fixtures per platform, determinism harness, runtime capture simulations, and performance budgets.
6. **Documentation** – update implementation plan or create dedicated design notes when algorithms change; coordinate with Docs/Signals guilds for runtime adapters.