stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

compose and authority fixes. finish sprints.

Browse Source
This commit is contained in:
master
2026-02-17 21:59:47 +02:00
parent fb46a927ad
commit 49cdebe2f1
187 changed files with 23189 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
docs/hybrid-diff-patching.md
View File

@@ -14,23 +14,26 @@ remaining deterministic and offline-capable.
## Review outcome (2026-02-16)
The advisory is directionally aligned with existing Stella Ops work but not
fully implemented end-to-end.
The advisory blueprint is implemented in the BinaryIndex DeltaSig pipeline.
Already present:
Implemented in this sprint:
- ELF normalization and delta hashing pipeline in BinaryIndex.
- DeltaSig attestation models and CLI flows for extract/author/sign/verify.
- Symbol manifest model with debug/code identifiers and source path metadata.
- Deterministic semantic edit scripts and source anchors.
- Canonical symbol-map contracts with build-id linkage (manifest-backed and
deterministic fallback modes).
- Deterministic `symbol_patch_plan` and `patch_manifest` artifacts tied to
function-level deltas and digest-linked evidence.
- DeltaSig predicate embedding of the full hybrid evidence chain.
- Fail-closed hybrid verifier checks for digest/linkage/boundary mismatches.
- Policy gates for hybrid presence, AST anchors, namespace protection, and
patch byte budgets.
Missing or incomplete for the full hybrid stack:
Known constraints:
- AST semantic edit-script generation and stable source anchors.
- Build artifact contract that emits canonical `symbol_map.json` from DWARF/PDB
during build.
- Deterministic source-edit -> symbol patch plan artifact.
- Verifier workflow that reconciles AST anchors with symbol boundaries and
normalized per-symbol deltas in one attested contract.
- Semantic edits currently use deterministic text/symbol heuristics rather than
language-specific AST adapters.
- Full byte-level patch replay execution remains a follow-on integration concern
for Attestor/Doctor runtime workflows.
## Canonical module dossier
@@ -43,3 +46,4 @@ Detailed contracts, phased implementation, and policy hooks are defined in:
Implementation planning for this advisory is tracked in:
- `docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md`