git.stella-ops.org/docs/modules/scanner/design/dart-analyzer-plan.md

# Dart Analyzer Scope · SCANNER-ENG-0012 (2025-12-08)

## Goals
- Define Dart analyzer for pubspec/pub cache parity with other language analyzers.
- Keep offline-first (no `pub get`), deterministic inventories/graphs, and policy-ready signals.

## Inputs
- `pubspec.yaml` + `pubspec.lock` (dependencies, sources, sdk constraints).
- `.dart_tool/package_config.json` (resolved packages, language version, root URIs).
- AOT artifacts: `*.aot`, `*.snapshot`, `build/` outputs (record presence only).
- Optional Flutter plugins: `ios/`/`android/` platform manifests (metadata only).

## Pipeline (deterministic, offline)
1) **Normalize pubspec/pubspec.lock**:
   - Parse lock entries; map sources: `hosted`, `sdk:flutter`, `git`, `path`.
   - Emit PURLs (`pkg:pub/<name>@<version>`) with `source` metadata (`hosted.url`, `git.sha`, `path`).
   - Enforce sorted components by name.
2) **Package config**:
   - Read `.dart_tool/package_config.json`; map package `rootUri`/`packageUri` to build module graph roots.
   - Capture `languageVersion` and `generated` timestamp (drop or normalize to `0001-01-01Z` for determinism).
3) **Graph builder**:
   - Build dependency edges from `pubspec.lock` -> `package_config` packages; include `sdk:flutter` nodes when present.
   - Record `sourceType` (hosted/git/path/sdk) for provenance.
4) **Signals**:
   - `dart.sdk` requirement from `environment.sdk`; `flutter` channel/version when present.
   - AOT snapshot presence flags (`aot=true`, `snapshot=true`); no binary parsing.
5) **Outputs**:
   - Inventory: list of PURLs + source metadata + checksum if provided in lock (hosted `sha256`).
   - Graph: edges `(package -> dependency)` sorted.
   - Signals: `dart.sdkConstraint`, `flutter.sdk`, `flutter.plugins` (names only), `buildArtifacts` flags.

## Tests & fixtures
- Fixtures under `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Dart.Tests/Fixtures/`:
  - Hosted-only lockfile, git dependency, path dependency, Flutter project with plugins.
  - Determinism tests: stable ordering, normalized timestamps, no network.
  - Signal tests: sdk constraint extraction, AOT/snapshot flagging.

## Deliverables
- Design captured here; wire into implementation plan + sprint log.
- Analyzer to live under `StellaOps.Scanner.Analyzers.Lang.Dart` with tests mirroring fixtures.
- Offline posture: never invoke `dart pub`; rely solely on provided lock/config; error clearly when missing lock.