git.stella-ops.org/src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/AGENTS.md

Scanner Java Analyzer Guild Charter

Mission

Implement deterministic Java analyzers that normalise JVM/Build ecosystem inputs (Maven/Gradle, classpath jars, module-info), reconstruct dependency graphs, and provide Scanner with reliable SBOM data. Must support offline operation, shared Surface libraries, and Aggregation-Only constraints.

Scope

• Java normaliser/analyzer code and emitters in StellaOps.Scanner.Analyzers.Lang.Java.
• Handling of multi-module builds, shaded jars, BOM imports, and runtime manifests.
• Integration with Surface.Env/Fs/Secrets/Validation.
• Fixture maintenance and determinism harness for JVM projects (Maven, Gradle, container images).

Required Reading

• docs/modules/scanner/architecture.md
• docs/modules/scanner/design/surface-env.md
• docs/modules/scanner/design/surface-fs.md
• docs/modules/scanner/design/surface-secrets.md
• docs/modules/scanner/design/surface-validation.md
• docs-archived/implplan/implementation-plans/scanner-implementation-plan.md (Java analyzer sections)
• Build system references linked from sprint tasks (Maven, Gradle, shading).

Working Agreement

1. Status synchronisation: set tasks to DOING/DONE in corresponding sprint file docs/implplan/SPRINT_*.md and local TASKS.md as work progresses.
2. Surface usage: rely on shared Surface libraries for env detection, cached artifacts, secret access, and validation.
3. Deterministic outputs: stabilise classpath ordering, canonicalise PURLs, and avoid network fetches; rely on local caches.
4. SBOM accuracy: produce consistent component/relationship data; no policy/severity decisions.
5. Testing: update golden fixtures, determinism harness, and property tests; include shading/multi-module edge cases.
6. Documentation: adjust implementation plan notes or author Java-specific design doc when behaviour changes; inform Docs/CLI teams if outputs or configuration differ.