git.stella-ops.org/docs/modules/scanner/AGENTS.md

Scanner agent guide

Mission

Scanner analyses container images layer-by-layer, producing deterministic SBOM fragments, diffs, and signed reports.

Key docs

• Module README
• Architecture
• Implementation plan
• Task board
• macOS analyzer design
• Windows analyzer design
• Field engagement workflow
• Design dossiers
• Benchmarks overview
• Benchmarks overview

How to get started

1. Open sprint file /docs/implplan/SPRINT_*.md and locate the stories referencing this module.
2. Review ./TASKS.md for local follow-ups and confirm status transitions (TODO → DOING → DONE/BLOCKED).
3. Read the architecture and README for domain context before editing code or docs.
4. Coordinate cross-module changes in the main /AGENTS.md description and through the sprint plan.

Guardrails

• Honour the Aggregation-Only Contract where applicable (see ../../ingestion/aggregation-only-contract.md).
• Preserve determinism: sort outputs, normalise timestamps (UTC ISO-8601), and avoid machine-specific artefacts.
• Keep Offline Kit parity in mind—document air-gapped workflows for any new feature.
• Update runbooks/observability assets when operational characteristics change.

Required Reading

• docs/modules/scanner/README.md
• docs/modules/scanner/architecture.md
• docs/modules/scanner/implementation_plan.md
• docs/modules/platform/architecture-overview.md

Working Agreement

• 1. Update task status to DOING/DONE in both correspoding sprint file /docs/implplan/SPRINT_*.md and the local TASKS.md when you start or finish work.
• 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
• 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
• 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
• 5. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.