# Surface.Env Owner Manifest

**Decision ID:** OWNER-ZASTAVA-ENV-001
**Status:** ASSIGNED
**Effective Date:** 2025-12-06

## Assignment

The **Surface.Env** component (environment variable surface detection) is owned by the **Zastava Guild** for implementation purposes.

## Rationale

1. Surface.Env is defined in Zastava's architecture at `docs/modules/zastava/architecture.md`
2. Zastava Guild owns all runtime surface detection components
3. Environment variable analysis is critical for secret detection
4. Existing Zastava evidence/kit structure supports this component

## Scope

The Zastava Guild is responsible for:
- Environment variable surface enumeration
- Secret pattern detection in env vars
- Integration with Evidence Locker for env attestation
- Threshold enforcement per `thresholds.yaml`
- CLI surface output for `stella zastava env`

## Escalation Path

If blocked on:
- Schema definitions: Evidence Locker Guild
- CLI integration: CLI Guild
- Secret detection patterns: Security Guild

## Authority Granted

This manifest grants implementation authority to proceed with tasks blocked on ownership, specifically:

- Surface.Env Owner blocker (OVERDUE)
- ZASTAVA-ENV-001: Environment surface implementation
- ZASTAVA-ENV-002: Secret pattern integration

## Implementation Notes

Reference existing schemas:
- `docs/modules/zastava/schemas/` for evidence format
- `docs/modules/zastava/kit/` for kit bundle structure
- `thresholds.yaml` for detection thresholds

Key patterns:
- `^[A-Z_]+(KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)` → high severity
- `^AWS_`, `^AZURE_`, `^GCP_` → cloud credential
- Base64-encoded values > 32 chars → potential secret

## Timeline

- **Immediate:** Unblock dependent tasks
- **Sprint 0144:** Core implementation
- **Sprint 0145:** Integration testing