Kernforge Driver Playbook
April 4, 2026 ยท View on GitHub
This playbook explains how to use Kernforge effectively for driver, signing, symbols, packaging, and verifier-readiness work.
1. When To Use This Playbook
.sys,.inf, or.catartifacts are involved.- Signing, symbols, packaging, or verifier readiness matters.
- Integrity, registration, or load-path hardening matters.
- Recent driver-related failed evidence already exists.
2. Recommended Baseline Flow
/analyze-project driver startup, signing, and integrity architecture
/analyze-performance startup
/investigate start driver-visibility guard.sys
/investigate snapshot
/simulate tamper-surface guard.sys
/open driver/guard.cpp
/review-selection integrity risk paths and verifier interactions
/edit-selection harden registration and signing assumptions
/verify
/evidence-dashboard category:driver
/mem-search category:driver signal:signing
3. What Each Stage Does
-
/analyze-project ...Builds a reusable architecture map for startup, signing, integrity, and verification-sensitive paths. -
/investigate start driver-visibility guard.sysCaptures a lightweight snapshot of current driver visibility, verifier state, and related artifacts. -
/simulate tamper-surface guard.sysSurfaces likely integrity, signing, and tamper-risk pressure points. -
/review-selection ...If simulation findings match the selected range, simulation risk context is injected automatically. -
/verifyAdds driver-focused verification steps and recent investigation or simulation follow-up review steps. -
/evidence-dashboard category:driverShows recent failed signing, symbol, package, or verifier-related evidence.
4. Signals Worth Watching Closely
signal:signingsignal:symbolsseverity:criticalrisk:>=80
Useful examples:
/evidence-search category:driver signal:signing
/mem-search category:driver signal:symbols
/evidence-search severity:critical risk:>=80
5. Recommended Pre-PR Check
/verify/evidence-dashboard category:driver/override- Let hook policy evaluate the final push or PR path
6. Good Team Habits
- Capture a live snapshot before risky driver changes.
- Run
tamper-surfacebefore large hardening work. - Check both evidence and memory for signing and symbol issues.
- Treat repeated failures as a workflow problem first, not just an override problem.