compose and authority fixes. finish sprints.

docs/modules/evidence-locker/export-format.md

@@ -288,6 +288,24 @@ Write-Host "=== Verification Complete: PASSED ===" -ForegroundColor Green
 - File extension: `.openvex.json`
 - Location: `vex/statements/`
 
+### Runtime Witness Triplets (MWD-004)
+
+Runtime micro-witnesses are exported under `runtime-witnesses/` as deterministic triplets grouped by `witness_id`:
+
+| Artifact | MIME Type | File Pattern |
+|----------|-----------|--------------|
+| Trace payload | `application/vnd.stellaops.witness.v1+json` | `runtime-witnesses/<witness-id>/trace.json` |
+| DSSE envelope | `application/vnd.dsse.envelope+json` | `runtime-witnesses/<witness-id>/trace.dsse.json` |
+| Sigstore bundle | `application/vnd.dev.sigstore.bundle.v0.3+json` | `runtime-witnesses/<witness-id>/trace.sigstore.json` |
+
+Manifest/index entries for these artifacts carry deterministic replay keys:
+- `build_id`
+- `kernel_release`
+- `probe_id`
+- `policy_run_id`
+
+Offline replay validation is bundle-contained: `trace.json`, `trace.dsse.json`, and `trace.sigstore.json` are validated together without external lookups.
+
 ## Export Options
 
 ### CLI Command

docs/modules/evidence-locker/guides/evidence-pack-schema.md

@@ -536,3 +536,15 @@ stella pack replay evidence-pack.tar.gz --verbose --diff
 - [Verdict Attestations](../policy/verdict-attestations.md)
 - [Evidence Locker Architecture](../modules/evidence-locker/architecture.md)
 - [SPRINT_3000_0100_0002](../implplan/SPRINT_3000_0100_0002_evidence_packs.md)
+
+## Hybrid Diff Artifacts
+
+When a verdict payload contains a DeltaSig predicate with `hybridDiff`, include the
+following deterministic artifacts in the evidence pack (for example under
+`binary-diff/`) and keep each artifact digest linked to the attested predicate:
+
+- `semantic_edit_script.json`
+- `symbol_map_before.json`
+- `symbol_map_after.json`
+- `symbol_patch_plan.json`
+- `patch_manifest.json`