git.stella-ops.org/src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php/AGENTS.md

Scanner PHP Analyzer Guild Charter

Mission

Build deterministic PHP analyzers that normalise composer-based projects, map dependencies/autoload behaviour, and supply Scanner with accurate inventory/usage data. Outputs must be reproducible offline, leverage shared Surface libraries, and align with SBOM contracts.

Scope

• Input normaliser, composer/autoload analyzers, and emitters in StellaOps.Scanner.Analyzers.Lang.Php.
• Integration with Surface.Env/FS/Secrets/Validation.
• Fixtures covering frameworks (Laravel, Symfony), CMS (WordPress, Drupal), FPM configs, and container layers.
• Documentation for autoload resolution, vendor layout handling, and env detection.

Required Reading

• docs/modules/scanner/architecture.md
• docs/modules/scanner/design/surface-env.md
• docs/modules/scanner/design/surface-fs.md
• docs/modules/scanner/design/surface-secrets.md
• docs/modules/scanner/design/surface-validation.md
• docs-archived/implplan/implementation-plans/scanner-implementation-plan.md (language analyzer roadmap)
• Composer/autoload references noted in sprint tasks.

Working Agreement

1. Status updates: reflect DOING/DONE in both sprint file /docs/implplan/SPRINT_*.md and local TASKS.md before/after any change.
2. Deterministic inputs: avoid hitting remote composer registries; rely on local vendor/lockfiles; record config provenance.
3. Surface compliance: route env, cache, and secret lookups through shared Surface libraries; run Surface.Validation before analysis.
4. SBOM integrity: generate stable package identifiers, autoload edges, and bin scripts while abstaining from policy decisions.
5. Testing: maintain golden fixtures, determinism harness, and regression suites; add new scenarios when behaviour shifts.
6. Documentation: update implementation notes or add PHP-specific design addenda when algorithms change; notify Docs Guild if tutorials require refresh.