# Hybrid Diff Patching (Source + Symbols + Binary)

## Purpose

This document captures the product-level blueprint for hybrid diff patching:

- Source semantic edits (AST-level intent).
- Build-time symbol mapping (source ranges to binary symbols and addresses).
- Normalized binary deltas (stable and compact byte patches).
- Signed evidence bundle for policy gating and replay.

The goal is to make release decisions auditable at function granularity while
remaining deterministic and offline-capable.

## Review outcome (2026-02-16)

The advisory is directionally aligned with existing Stella Ops work but not
fully implemented end-to-end.

Already present:

- ELF normalization and delta hashing pipeline in BinaryIndex.
- DeltaSig attestation models and CLI flows for extract/author/sign/verify.
- Symbol manifest model with debug/code identifiers and source path metadata.

Missing or incomplete for the full hybrid stack:

- AST semantic edit-script generation and stable source anchors.
- Build artifact contract that emits canonical `symbol_map.json` from DWARF/PDB
  during build.
- Deterministic source-edit -> symbol patch plan artifact.
- Verifier workflow that reconciles AST anchors with symbol boundaries and
  normalized per-symbol deltas in one attested contract.

## Canonical module dossier

Detailed contracts, phased implementation, and policy hooks are defined in:

- `docs/modules/binary-index/hybrid-diff-stack.md`

## Execution sprint

Implementation planning for this advisory is tracked in:

- `docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md`