# Hybrid Diff Patching (Source + Symbols + Binary)

## Purpose

This document captures the product-level blueprint for hybrid diff patching:

- Source semantic edits (AST-level intent).
- Build-time symbol mapping (source ranges to binary symbols and addresses).
- Normalized binary deltas (stable and compact byte patches).
- Signed evidence bundle for policy gating and replay.

The goal is to make release decisions auditable at function granularity while
remaining deterministic and offline-capable.

## Review outcome (2026-02-16)

The advisory blueprint is implemented in the BinaryIndex DeltaSig pipeline.

Implemented in this sprint:

- Deterministic semantic edit scripts and source anchors.
- Canonical symbol-map contracts with build-id linkage (manifest-backed and
  deterministic fallback modes).
- Deterministic `symbol_patch_plan` and `patch_manifest` artifacts tied to
  function-level deltas and digest-linked evidence.
- DeltaSig predicate embedding of the full hybrid evidence chain.
- Fail-closed hybrid verifier checks for digest/linkage/boundary mismatches.
- Policy gates for hybrid presence, AST anchors, namespace protection, and
  patch byte budgets.

Known constraints:

- Semantic edits currently use deterministic text/symbol heuristics rather than
  language-specific AST adapters.
- Full byte-level patch replay execution remains a follow-on integration concern
  for Attestor/Doctor runtime workflows.

## Canonical module dossier

Detailed contracts, phased implementation, and policy hooks are defined in:

- `docs/modules/binary-index/hybrid-diff-stack.md`

## Execution sprint

Implementation planning for this advisory is tracked in:

- `docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md`