50 lines
1.7 KiB
Markdown
50 lines
1.7 KiB
Markdown
# Hybrid Diff Patching (Source + Symbols + Binary)
|
|
|
|
## Purpose
|
|
|
|
This document captures the product-level blueprint for hybrid diff patching:
|
|
|
|
- Source semantic edits (AST-level intent).
|
|
- Build-time symbol mapping (source ranges to binary symbols and addresses).
|
|
- Normalized binary deltas (stable and compact byte patches).
|
|
- Signed evidence bundle for policy gating and replay.
|
|
|
|
The goal is to make release decisions auditable at function granularity while
|
|
remaining deterministic and offline-capable.
|
|
|
|
## Review outcome (2026-02-16)
|
|
|
|
The advisory blueprint is implemented in the BinaryIndex DeltaSig pipeline.
|
|
|
|
Implemented in this sprint:
|
|
|
|
- Deterministic semantic edit scripts and source anchors.
|
|
- Canonical symbol-map contracts with build-id linkage (manifest-backed and
|
|
deterministic fallback modes).
|
|
- Deterministic `symbol_patch_plan` and `patch_manifest` artifacts tied to
|
|
function-level deltas and digest-linked evidence.
|
|
- DeltaSig predicate embedding of the full hybrid evidence chain.
|
|
- Fail-closed hybrid verifier checks for digest/linkage/boundary mismatches.
|
|
- Policy gates for hybrid presence, AST anchors, namespace protection, and
|
|
patch byte budgets.
|
|
|
|
Known constraints:
|
|
|
|
- Semantic edits currently use deterministic text/symbol heuristics rather than
|
|
language-specific AST adapters.
|
|
- Full byte-level patch replay execution remains a follow-on integration concern
|
|
for Attestor/Doctor runtime workflows.
|
|
|
|
## Canonical module dossier
|
|
|
|
Detailed contracts, phased implementation, and policy hooks are defined in:
|
|
|
|
- `docs/modules/binary-index/hybrid-diff-stack.md`
|
|
|
|
## Execution sprint
|
|
|
|
Implementation planning for this advisory is tracked in:
|
|
|
|
- `docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md`
|
|
|