1.6 KiB
1.6 KiB
Hybrid Diff Patching (Source + Symbols + Binary)
Purpose
This document captures the product-level blueprint for hybrid diff patching:
- Source semantic edits (AST-level intent).
- Build-time symbol mapping (source ranges to binary symbols and addresses).
- Normalized binary deltas (stable and compact byte patches).
- Signed evidence bundle for policy gating and replay.
The goal is to make release decisions auditable at function granularity while remaining deterministic and offline-capable.
Review outcome (2026-02-16)
The advisory is directionally aligned with existing Stella Ops work but not fully implemented end-to-end.
Already present:
- ELF normalization and delta hashing pipeline in BinaryIndex.
- DeltaSig attestation models and CLI flows for extract/author/sign/verify.
- Symbol manifest model with debug/code identifiers and source path metadata.
Missing or incomplete for the full hybrid stack:
- AST semantic edit-script generation and stable source anchors.
- Build artifact contract that emits canonical
symbol_map.jsonfrom DWARF/PDB during build. - Deterministic source-edit -> symbol patch plan artifact.
- Verifier workflow that reconciles AST anchors with symbol boundaries and normalized per-symbol deltas in one attested contract.
Canonical module dossier
Detailed contracts, phased implementation, and policy hooks are defined in:
docs/modules/binary-index/hybrid-diff-stack.md
Execution sprint
Implementation planning for this advisory is tracked in:
docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md