save changes

docs/hybrid-diff-patching.md

@@ -0,0 +1,45 @@
+# Hybrid Diff Patching (Source + Symbols + Binary)
+
+## Purpose
+
+This document captures the product-level blueprint for hybrid diff patching:
+
+- Source semantic edits (AST-level intent).
+- Build-time symbol mapping (source ranges to binary symbols and addresses).
+- Normalized binary deltas (stable and compact byte patches).
+- Signed evidence bundle for policy gating and replay.
+
+The goal is to make release decisions auditable at function granularity while
+remaining deterministic and offline-capable.
+
+## Review outcome (2026-02-16)
+
+The advisory is directionally aligned with existing Stella Ops work but not
+fully implemented end-to-end.
+
+Already present:
+
+- ELF normalization and delta hashing pipeline in BinaryIndex.
+- DeltaSig attestation models and CLI flows for extract/author/sign/verify.
+- Symbol manifest model with debug/code identifiers and source path metadata.
+
+Missing or incomplete for the full hybrid stack:
+
+- AST semantic edit-script generation and stable source anchors.
+- Build artifact contract that emits canonical `symbol_map.json` from DWARF/PDB
+  during build.
+- Deterministic source-edit -> symbol patch plan artifact.
+- Verifier workflow that reconciles AST anchors with symbol boundaries and
+  normalized per-symbol deltas in one attested contract.
+
+## Canonical module dossier
+
+Detailed contracts, phased implementation, and policy hooks are defined in:
+
+- `docs/modules/binary-index/hybrid-diff-stack.md`
+
+## Execution sprint
+
+Implementation planning for this advisory is tracked in:
+
+- `docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md`